Technical details Fixing issues related to Kerberos Recreate a Keytab for an existing SPN
February 19, 2023 at 5:39 AMSymptoms
When (re-)creating a new Service Principal Name (SPN), you receive the following output:
$ ktpass -princ HTTP/${host}@REALM -mapuser ${user}@REALM -pass xxx -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL -out my.keytab
Failed to set property 'servicePrincipalName' to 'HTTP/${host}' on Dn '${LDAP_DN}': 0x32
Warning: Unable to set SPN mapping data
If user already has an SPN mapping installed for HTTP/${host}, this is no cause for concern
Password set failed! 0x00000032
Aborted
The error probably occurs, because you have already registered the SPN HTTP/${host} for user ${user}.
Delete the existing Service Principal Name
Delete the existing SPN by executing the following comamnd:
$ setspn -D HTTP/${host} ${user}
Unregistering ServicePrincipalName for ${LDAP_DN}
HTTP/${host}