Solved

SPN Disappear after creation

Posted on 2012-03-23
4
1,170 Views
Last Modified: 2014-07-23
I have a network with 2 x Windows 2008 R2 SP1 Servers with AD replication between them.  I removed 2 x Windows 2000 DC's from the network (one of which was a print server) and moved the printers to one of the 2008 servers.  I created a CNAME Alias for the old server and modified the registry to DisableStrict Name Checking and Enable DnsOnWire.  

I created two spn records on the new printserver:
setspn -A HOST/alias newserver
setspn -A HOST/alias.domin newserver

Everything works as expected.  After some random time, both spn records disappear from the server and I can no longer access the printserver using the old computer name.  If I recreate the above SPN's, then I can access the server using the old computer name and all of the printers that pointed to the old server work.

Any Ideas as to why the spn's are disappearing?

Thanks...
0
Comment
Question by:visualappz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 20

Expert Comment

by:compdigit44
ID: 37761610
I know when you add an SPN manually it's usually in the following format..

setspn -A HOST/serverA.domin.com newserver serverA

I know you are using a CNAME record and your new servers are set to repond to request to the old server name.. Have you tried to register the SPN as follows..

setspn -A HOST/alias.domin alias    ???
0
 

Accepted Solution

by:
visualappz earned 0 total points
ID: 37762066
Yes, they still get deleted after about 10 minutes.  I may have found another solution to the problem without using spn records.  I am waiting on customer feedback to see if what I have done fixes the issue.

If it does, I will post the url of the page that I used to solve the problem so that someone else may find it usefull.
0
 

Author Closing Comment

by:visualappz
ID: 38834548
I found some KB articles that gave some registry keys that could be added to allow access without necessarily having to create the SPN's.

Registry Keys were:
HKLM\System\Current Control Set\Control\LSA\DisableLoopbackCheck
or
HKLM\System\Current Control Set\Control\LSA\MSV1_0\BackConnectionHostNames
Microsoft KB Article:  926642
0
 

Expert Comment

by:newgentechnologies
ID: 40214006
I had this issue as well. I found that a

setspn -a HOST/Alias servername

manual entry would disappear after a few minutes

Oddly

setspn -a cifs/alias servername

entry did not disappear...
The SPN for HOST will not stay registered if it conflicts with an existing entry...
0

Featured Post

Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question