Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-8908: When pre-creating a computer, it fails with "constraint violation"

Authentication Service ,  

8 April,20 at 03:48 AM

Applies to:
All versions of DirectControl when pre-creating computers

Problem:
When attempting to pre-create a server, a popup message opens that says a 'constraint violation has occurred' 

Cause:
A servicePrincipalName conflict has occurred.

Resolution:
Run the following command for each server name to find the servicePrincipalNames that are conflicting so one can be changed as they must be unique for each machine: 
dsquery * forestroot -filter "(|(servicePrincipalName=afpserver/servername*)(servicePrincipalName=cifs/servername*)(servicePrincipalName=ftp/servername*)(servicePrincipalName=host/servername*)(servicePrincipalName=http/servername*)(servicePrincipalName=ipp/servername*)(servicePrincipalName=nfs/servername*))" -attr distinguishedName servicePrincipalName

If a record is returned from the above query and the SPN is expected to exist for another program/application, such as Hadoop, use the following steps to pre-create the computer:

When preparing a UNIX computer with Access Manager, manually remove the four HTTP, NFS SPN’s (shortname and FQDN each) from the list to be generated during the wizard.

Access Manager SPN add/remove window

Using Powershell, use the -spn switch to only add the SPNs listed:

Eg. New-cdmManagedComputer -zone “[zone dn]” -name [ComputerName] -spn "cifs/[ComputerName],cifs/[ComputerName].domain.com,ftp/[ComputerName],ftp/[ComputerName].domain.com"

Related Articles

 articleKB-2346: adjoin self-serve fails for precreated computer with hostname > 15 chars, in disjointed DNS with error:Constraint violation : 0000200B:.., Att 9026b (dNSHostName) articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-2589: How to look for Service Connection Point (SCP) object in Active Directory using ldapsearch after doing a precreate articleKB-2948: adjoin --selfserve fails in RODC environment articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-7547: Add Audit Store database wizard fails with following error, "A constraint violation occurred"