Trying to delete old Principals throws the following ERROR:
2015-09-29 09:55:41,330 - Failed to remove identity for HTTP/somenode.mycompany.com@MYCOMPANY.COM from the KDC - Can not remove principal HTTP/somenode.mycompany.com@MYCOMPANY.COM: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
]
..(bunch of these)
Status:
2015-09-29 09:55:40,851 - Processing identities...
2015-09-29 09:55:41,268 - Destroying identity, HTTP/somenode.mycompany.com@MYCOMPANY.COM
Checking the AD, the principals that I tried to delete were still there, so obviously failed to be removed.
However, in AD, it looks like for the bad principals, there is an additional CNF field and a control hidden character:
distinguishedNameDN1CN=nm/somenode.mycompany.com\0ACNF:0158d56b-6e58-48f8-adf3-3429f820e6c5,OU=Hadoop,OU=DataCenter,OU=ServersV2,DC=mycompany,DC=com
This CNF field is the objectGUID.
Is it normal to have an embedded CNF field (with a hidden character) in the CN?
Thank you,
