This article (KB977158) contains an update for the Setspn.exe support tool in Windows Server 2003. This update enables the Setspn.exe support tool to identify duplicate service principal names (SPNs) in Active Directory, and adds support for some new switches. For detailed information, see the “More information” and “Update information” sections of this article.
The Setspn.exe support tool is included in Microsoft Windows Server 2003 Support Tools.
Before you upgrade the Setspn.exe support tool, it cannot identify duplicate service principal names (SPNs) in Active Directory.
Only limited support is available for the Setspn.exe support tool.
Only the English versions of the hotfix binaries are available in this update.
After you apply this update, the Setspn.exe support tool will support the following new switches:
add arbitrary SPN after verifying no duplicates exist
setspn -S SPN accountname
perform queries of SPNs
setspn -Q SPN
search for duplicate SPNs
perform queries at the forest level, instead of at the domain level
The accountname placeholder represents the name of the user account or the domain\name of the destination computer and the user account.
When you use the setspn command together with the -X switch, the Setspn.exe support tool takes a long time and uses a large amount of memory to search for duplicate SPNs and for forest-wide duplicate SPNs.
For example, you can use the following command to register "http/daserver" as the SPN for computer "daserver1" if no such SPN exists in the forest:
setspn -F -S http/daserver daserver1
How to obtain this update
The following files are available for download from the MicrosoftDownload Center:
All supported x86-based versions of Windows Server 2003
During the update installation process, the system detects whether the earlier version of Windows Server 2003 Support Tools is installed on the computer.
If Windows Server 2003 Support Tools is already installed, the installation path of the update is the installation path of the Windows Server 2003 Support Tools. Also, the Setspn.exe binary in this path is updated.
If Windows Server 2003 Support Tools is not installed, the default installation path of the update is as follows: % ProgramFiles%\Support Tools\.
The Setspn.exe support tool is included in Windows Server 2003 Support Tools. To install Windows Server 2003 Support Tools, double-click Suptools.msi in the Support\Tools folder on the Windows Server 2003 CD.
You can also click the following links to download Windows Server 2003 Support Tools that includes the Setspn.exe support tool:
To apply this upgrade, you must have Windows Server 2003 Server Pack 2 (SP2) installed on the computer. For more information about how to obtain the latest service pack for Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
889100 How to obtain the latest service pack for Windows Server 2003
You do not have to restart the computer after you apply this update.
To use the update in this package, you do not have to make any changes to the registry.
The English (United States) version of this update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
Windows Server 2003 file information notes
In addition to the files that are listed in these tables, this update also installs an associated security catalog file (KBnumber.cat) that is signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Server 2003
For all supported x64-based versions of Windows Server 2003
For all supported IA-64-based versions of Windows Server 2003
Windows Server 2003 Setspn.exe update support tool duplicate SPNs kerberos kdc kdcsvc