Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-8908: When pre-creating a computer, it fails with "constraint violation"

Authentication Service ,  

8 April,20 at 03:48 AM

Applies to:
All versions of DirectControl when pre-creating computers

When attempting to pre-create a server, a popup message opens that says a 'constraint violation has occurred' 

A servicePrincipalName conflict has occurred.

Run the following command for each server name to find the servicePrincipalNames that are conflicting so one can be changed as they must be unique for each machine:
dsquery * forestroot -filter "(|(servicePrincipalName=afpserver/servername*)(servicePrincipalName=cifs/servername*)(servicePrincipalName=ftp/servername*)(servicePrincipalName=host/servername*)(servicePrincipalName=http/servername*)(servicePrincipalName=ipp/servername*)(servicePrincipalName=nfs/servername*))" -attr distinguishedName servicePrincipalName

If a record is returned from the above query and the SPN is expected to exist for another program/application, such as Hadoop, use the following steps to pre-create the computer:

When preparing a UNIX computer with Access Manager, manually remove the four HTTP, NFS SPN’s (shortname and FQDN each) from the list to be generated during the wizard.

Access Manager SPN add/remove window

Using Powershell, use the -spn switch to only add the SPNs listed:

Eg. New-cdmManagedComputer -zone “[zone dn]” -name [ComputerName] -spn "cifs/[ComputerName],cifs/[ComputerName],ftp/[ComputerName],ftp/[ComputerName]"