Cannot join host to an AD realm with error: "Failed to join domain: Failed to set machine spn: Constraint violation" when the "--computer-name=" parameter is specified.

Solution Verified - Updated -

Issue

Attempting to add a system to an AD domain fails when specifying the "--computer-name=" with the realm or net commands.

For example the following command:

# realm join  --user=<AD Username> --computer-ou="OU=Compute, OU=Hosts" --client-software=winbind  --computer-name=<shortname> --verbose <hostname>

Fails with the following error:

Failed to join domain: Failed to set machine spn: Constraint violation
Do you have sufficient permissions to create machine accounts?
 ! Joining the domain <Domain Name> failed
realm: Couldn't join realm: Joining the domain <Domain Name> failed

Verbose logs may also include errors similar to the following:

createcomputer=Compute/Hosts
Enter <AD Username>'s password:ads_print_error: AD LDAP ERROR: 19 (Constraint violation): 0000200B: AtrErr: DSID-033E0EAC, #1:
        0: 0000200B: DSID-033E0EAC, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9026b (dNSHostName)

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Winbind
  • Realmd

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content