Solved

SPN Disappear after creation

Posted on 2012-03-23
4
1,142 Views
Last Modified: 2014-07-23
I have a network with 2 x Windows 2008 R2 SP1 Servers with AD replication between them.  I removed 2 x Windows 2000 DC's from the network (one of which was a print server) and moved the printers to one of the 2008 servers.  I created a CNAME Alias for the old server and modified the registry to DisableStrict Name Checking and Enable DnsOnWire.  

I created two spn records on the new printserver:
setspn -A HOST/alias newserver
setspn -A HOST/alias.domin newserver

Everything works as expected.  After some random time, both spn records disappear from the server and I can no longer access the printserver using the old computer name.  If I recreate the above SPN's, then I can access the server using the old computer name and all of the printers that pointed to the old server work.

Any Ideas as to why the spn's are disappearing?

Thanks...
0
Comment
Question by:visualappz
  • 2
4 Comments
 
LVL 19

Expert Comment

by:compdigit44
ID: 37761610
I know when you add an SPN manually it's usually in the following format..

setspn -A HOST/serverA.domin.com newserver serverA

I know you are using a CNAME record and your new servers are set to repond to request to the old server name.. Have you tried to register the SPN as follows..

setspn -A HOST/alias.domin alias    ???
0
 

Accepted Solution

by:
visualappz earned 0 total points
ID: 37762066
Yes, they still get deleted after about 10 minutes.  I may have found another solution to the problem without using spn records.  I am waiting on customer feedback to see if what I have done fixes the issue.

If it does, I will post the url of the page that I used to solve the problem so that someone else may find it usefull.
0
 

Author Closing Comment

by:visualappz
ID: 38834548
I found some KB articles that gave some registry keys that could be added to allow access without necessarily having to create the SPN's.

Registry Keys were:
HKLM\System\Current Control Set\Control\LSA\DisableLoopbackCheck
or
HKLM\System\Current Control Set\Control\LSA\MSV1_0\BackConnectionHostNames
Microsoft KB Article:  926642
0
 

Expert Comment

by:newgentechnologies
ID: 40214006
I had this issue as well. I found that a

setspn -a HOST/Alias servername

manual entry would disappear after a few minutes

Oddly

setspn -a cifs/alias servername

entry did not disappear...
The SPN for HOST will not stay registered if it conflicts with an existing entry...
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Normally after a failure of Domain Controller, when promoting new DC the DC is renamed, we will discuss the options in Dcpromo to re-create the DC with the same name. Scenario: You are a small IT shop with two Domain Controllers (Domain Contr…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question