Failed to assign SPN on account 'CN=.…', error 0x21c7/847 → The operation failed /modification is not unique forest-wide

This message appears when you run the setspn -S command.


This error appears for one of the following reasons:

  • The SPN already exists and is associated with a different user.
  • The account that is running the SPN command does not have permission to create an SPN.


Perform the following actions:

  1. Type the following command to determine if the SPN exists: setspn -Q HTTP/%computername%.
    • If an SPN is found, the output displays the details about the SPN.
    • If an SPN is not found, the output displays the message No Such SPN found.
  2. If an SPN is found, type the following command to delete the existing SPN: setspn -d HTTP/%computername% associated_user, and the create the SPN.
  3. If an SPN is not found, contact your Active Directory team to create the required SPNs.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.