setspn -l Failed to bind to DC of domain novell, Access is denied

  • 7008790
  • 13-Jun-2011
  • 27-Apr-2012

Environment

Novell Open Enterprise Server 2 SP2 (OES2SP2)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSfW
windows 2008 r2 member server
Sharepoint

Situation

Sharepoint is is trying to list the spn for a user and it fails using setspn -l DOMAINMAME\USER
It only fils on the netbios name and works with the dns name
 
example netbios:
setspn -l novell\admin
Failed to bind to DC of domain NOVELL, error 0x5/5 -> Access is denied.
 
example dns:
setspn -l novell.com\admin
Registered ServicePrincipalNames for cn=admin,dc=novell,dc=com:

Resolution

Looking at a LDAP trace the difference between the two commands is the netbios name has a . to the end of the domain name in the search filter.

Netbios
Search request:
    base: ""
    scope:0  dereference:0  sizelimit:0  timelimit:0  attrsonly:0
    filter:
"(&(DnsDomain=novell.com.)(Host=WIN-OUTJLEI4AT8)(User=admin$)(AAC='0581)(DomainGuid='FFFD'6881'B87Ax'6D82'59E8NtVer=))"
    attribute: "Netlogon"
 
DNS
Search request:
 base: ""
 scope:0  dereference:0  sizelimit:0  timelimit:0  attrsonly:0
 filter: "(&(DnsDomain=novell.com)(Host=WIN-OUTJLEI4AT8)(User=admin$)(AAC='0581)(DomainGuid='FFFD'6881'B87Ax'6D82'59E8NtVer=))"
 attribute: "Netlogon"

The November 2011 Maintenance patch resolves this issue.