setspn -l Failed to bind to DC of domain novell, Access is denied

Document ID:7008790
Creation Date:13-Jun-2011
Modified Date:27-Apr-2012
- Micro Focus Products:
  eDirectory
  Open Enterprise Server

Environment

Novell Open Enterprise Server 2 SP2 (OES2SP2)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSfW
windows 2008 r2 member server
Sharepoint

Situation

Sharepoint is is trying to list the spn for a user and it fails using setspn -l DOMAINMAME\USER
It only fils on the netbios name and works with the dns name

example netbios:
setspn -l novell\admin
Failed to bind to DC of domain NOVELL, error 0x5/5 -> Access is denied.

example dns:
setspn -l novell.com\admin
Registered ServicePrincipalNames for cn=admin,dc=novell,dc=com:

Resolution

Looking at a LDAP trace the difference between the two commands is the netbios name has a . to the end of the domain name in the search filter.

Netbios
Search request:
    base: ""
    scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
    filter:
"(&(DnsDomain=novell.com.)(Host=WIN-OUTJLEI4AT8)(User=admin$)(AAC='0581)(DomainGuid='FFFD'6881'B87Ax'6D82'59E8NtVer=))"
    attribute: "Netlogon"

DNS
Search request:
base: ""
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(DnsDomain=novell.com)(Host=WIN-OUTJLEI4AT8)(User=admin$)(AAC='0581)(DomainGuid='FFFD'6881'B87Ax'6D82'59E8NtVer=))"
attribute: "Netlogon"

The November 2011 Maintenance patch resolves this issue.