Home / server / Questions / 896646
Accepted
Mark Allison
Asked: 2018-02-11 09:20:51 +0800 CST

Get SPN error when trying to join a machine to a domain

  • 772

I am trying to join a Windows Server 2016 VM called BORON to a domain which has a Windows 2012 R2 domain controller. The DC name is SNOWDROP.DUCK.LOC When I try to join I get this error:

The operation failed because SPN value provided for addition/modification is not unique forest-wide.

!?

I tried to find out why with this command on the domain controller:

Get-ADComputer -Filter {serviceprincipalname -like "*boron*"} | select *

DistinguishedName  : CN=SNOWDROP,OU=Domain Controllers,DC=duck,DC=loc
DNSHostName        : snowdrop.duck.loc
Enabled            : True
Name               : SNOWDROP
ObjectClass        : computer
ObjectGUID         : 2b5d6206-707a-4f09-835b-2d8222474e4d
SamAccountName     : SNOWDROP$
SID                : S-1-5-21-1075642099-280362434-2919291742-1001
UserPrincipalName  : 
PropertyNames      : {DistinguishedName, DNSHostName, Enabled, Name...}
AddedProperties    : {}
RemovedProperties  : {}
ModifiedProperties : {}
PropertyCount      : 9

I'm not sure what else to try, any ideas?

windows

3 Answers

  1. Best Answer

    If you view the Attributes tab for SNOWDROP in AD Users and Computers, remove BORON if it is present in one of the ServicePrincipalNames.

    • 5

  2. In my case it was because there was already a server in the "computers" list with this name. Removed that computer from the "computers" list and was able to join the server to the domain.

    • 1

  3. I had to remove the specific host from the "Computers" section on the left from the domain which is under AD users and computer.

    Also, i had to replicate the ADC and RODC from sites and services to update all of them.

    • 0