When you reset a SPN (Service Principal Name) for a computer account in the Active Directory directory service, using Setspn.exe -R <ServerName> in Windows Server 2003, the console displays:
Registering ServicePrincipalNames for CN=<ServerName>,CN=Computers,DC=YourDomain,DC=com
HOST/<ServerName>$.YourDomain
HOST/<ServerName>$
Updated object
instead of displaying
Registering ServicePrincipalNames for CN=<ServerName>,CN=Computers,DC=YourDomain,DC=com
HOST/<ServerName>.YourDomain
HOST/<ServerName>
Updated objecthaving improperly added the dollar sign (
$) to the host name.
NOTE: SetSPN.exe is installed from the Support Tools on the Windows Server 2003 CD-ROM (\Support\Tools\Suptools.msi).
To workaround this behavior, modify the servicePrincipalName attribute:
01. Start / Run / adsiedit.msc / OK.
02. If not already connected in ADSI Edit, connect to a domain controller.
03. Expand Domain \[domainControllerName.YourDomain.com\], expand DC=YourDomain,DC=com, and then expand CN=Computers, or the appropriate path.
04. Right-click CN=serverName and press Properties.
05. Select the Attribute Editor tab.
06. Check the Show mandatory attributes and Show optional attributes boxes.
07. Select servicePrincipalName in the Attributes list and press Edit.
08. Using the Multi-valued String Editor dialog, select HOST/serverName$ and press Remove.
09. Remove the dollar sign ($) in the Value to add box and press Add, unless this entry already exists in the Values list.
10. Select HOST/serverName$.YourDomain and press Remove.
11. Remove the dollar sign ($) in the Value to add box and press Add, unless this entry already exists in the Values list.
12. Press OK and OK.
13. Exit ADSI Edit.
