My Favorites


Please to see your favorites.

setspn -l Failed to bind to DC of domain novell, Access is denied

This document (7008790) is provided subject to the disclaimer at the end of this document.


Novell Open Enterprise Server 2 SP2 (OES2SP2)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
windows 2008 r2 member server


Sharepoint is is trying to list the spn for a user and it fails using setspn -l DOMAINMAME\USER
It only fils on the netbios name and works with the dns name
example netbios:
setspn -l novell\admin
Failed to bind to DC of domain NOVELL, error 0x5/5 -> Access is denied.
example dns:
setspn -l novell.com\admin
Registered ServicePrincipalNames for cn=admin,dc=novell,dc=com:


Looking at a LDAP trace the difference between the two commands is the netbios name has a . to the end of the domain name in the search filter.

Search request:
    base: ""
    scope:0  dereference:0  sizelimit:0  timelimit:0  attrsonly:0
    attribute: "Netlogon"
Search request:
 base: ""
 scope:0  dereference:0  sizelimit:0  timelimit:0  attrsonly:0
 filter: "(&(DnsDomain=novell.com)(Host=WIN-OUTJLEI4AT8)(User=admin$)(AAC='0581)(DomainGuid='FFFD'6881'B87Ax'6D82'59E8NtVer=))"
 attribute: "Netlogon"

The November 2011 Maintenance patch resolves this issue.


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7008790
  • Creation Date:13-JUN-11
  • Modified Date:27-APR-12
    • NovellOpen Enterprise Server
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback