Failed to assign SPN on account 'CN=.…', error 0x21c7/847 → The operation failed /modification is not unique forest-wide
This message appears when you run the setspn -S command.
Cause
This error appears for one of the following reasons:
- The SPN already exists and is associated with a different user.
- The account that is running the SPN command does not have permission to create an SPN.
Resolution
Perform the following actions:
- Type the following command to determine if the SPN exists: setspn -Q HTTP/%computername%.
- If an SPN is found, the output displays the details about the SPN.
- If an SPN is not found, the output displays the message No Such SPN found.
- If an SPN is found, type the following command to delete the existing SPN: setspn -d HTTP/%computername% associated_user, and the create the SPN.
- If an SPN is not found, contact your Active Directory team to create the required SPNs.
Comments
0 commentsPlease sign in to leave a comment.