Solved

SPN Disappear after creation

Posted on 2012-03-23
4
1,129 Views
Last Modified: 2014-07-23
I have a network with 2 x Windows 2008 R2 SP1 Servers with AD replication between them.  I removed 2 x Windows 2000 DC's from the network (one of which was a print server) and moved the printers to one of the 2008 servers.  I created a CNAME Alias for the old server and modified the registry to DisableStrict Name Checking and Enable DnsOnWire.  

I created two spn records on the new printserver:
setspn -A HOST/alias newserver
setspn -A HOST/alias.domin newserver

Everything works as expected.  After some random time, both spn records disappear from the server and I can no longer access the printserver using the old computer name.  If I recreate the above SPN's, then I can access the server using the old computer name and all of the printers that pointed to the old server work.

Any Ideas as to why the spn's are disappearing?

Thanks...
0
Comment
Question by:visualappz
  • 2
4 Comments
 
LVL 19

Expert Comment

by:compdigit44
ID: 37761610
I know when you add an SPN manually it's usually in the following format..

setspn -A HOST/serverA.domin.com newserver serverA

I know you are using a CNAME record and your new servers are set to repond to request to the old server name.. Have you tried to register the SPN as follows..

setspn -A HOST/alias.domin alias    ???
0
 

Accepted Solution

by:
visualappz earned 0 total points
ID: 37762066
Yes, they still get deleted after about 10 minutes.  I may have found another solution to the problem without using spn records.  I am waiting on customer feedback to see if what I have done fixes the issue.

If it does, I will post the url of the page that I used to solve the problem so that someone else may find it usefull.
0
 

Author Closing Comment

by:visualappz
ID: 38834548
I found some KB articles that gave some registry keys that could be added to allow access without necessarily having to create the SPN's.

Registry Keys were:
HKLM\System\Current Control Set\Control\LSA\DisableLoopbackCheck
or
HKLM\System\Current Control Set\Control\LSA\MSV1_0\BackConnectionHostNames
Microsoft KB Article:  926642
0
 

Expert Comment

by:newgentechnologies
ID: 40214006
I had this issue as well. I found that a

setspn -a HOST/Alias servername

manual entry would disappear after a few minutes

Oddly

setspn -a cifs/alias servername

entry did not disappear...
The SPN for HOST will not stay registered if it conflicts with an existing entry...
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question