The Setspn.exe tool incorrectly adds the dollar sign to the host name when you reset a service principal name in Active Directory in Windows Server 2003

When you run the Setspn.exe -R servername command to reset a service principal name (SPN) for a computer account in the Active Directory directory service, the following results appear at the command prompt:In these results, the Setspn.exe tool incorrectly adds the dollar sign ($) to the host name. The results should appear as follows: Therefore, the SPN is configured incorrectly.

Note The Setspn.exe tool is included with the Microsoft Windows Server 2003 Support Tools. To install the Windows Support Tools, double-click Suptools.msi in the Support\Tools folder on the Windows Server 2003 CD.

This problem occurs because a function that the Setspn.exe tool uses returns the name of the computer together with a dollar sign character (also known as a string). The Setspn.exe tool incorrectly adds this string to the computer name.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To work around this problem, modify the servicePrincipalName attribute in Active Directory. To do this, follow these steps:

1. Start the ADSI Edit tool. To do this, click Start, click Run, type adsiedit.msc, and then click OK.
   
   Note The ADSI Edit tool is included with the Windows Server 2003 Support Tools.
2. Connect to a domain controller if ADSI Edit is not already connected to a domain controller.
3. Expand Domain [domainControllerName.example.com], expand DC=example,DC=com, and then expand CN=Computers.
   
   Note If the computer for which you want to modify the SPN is located in a different container, modify this path as appropriate.
4. Right-click CN=serverName, and then click Properties.
5. On the Attribute Editor tab, click to select both the following check boxes:
   • Show mandatory attributes
   • Show optional attributes
6. In the Attributes list, click servicePrincipalName, and then click Edit.
7. In the Multi-valued String Editor dialog box, click HOST/serverName$, and then click Remove. This value appears in the Value to add box.
8. Modify the entry in the Value to add box to remove the dollar sign ($), and then click Add.
   
   Note If this entry already appears in the Values list, do not add it.
9. Click HOST/serverName$.EXAMPLE.COM, and then click Remove. This value appears in the Value to add box.
10. Modify the entry in the Value to add box to remove the dollar sign ($), and then click Add.
    
    Note If this entry already appears in the Values list, do not add it.
11. Click OK two times, and then exit the ADSI Edit tool.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about how to use the Setspn command, visit the following Microsoft Web site: