Solved

SPN Disappear after creation

Posted on 2012-03-23
4
1,156 Views
Last Modified: 2014-07-23
I have a network with 2 x Windows 2008 R2 SP1 Servers with AD replication between them.  I removed 2 x Windows 2000 DC's from the network (one of which was a print server) and moved the printers to one of the 2008 servers.  I created a CNAME Alias for the old server and modified the registry to DisableStrict Name Checking and Enable DnsOnWire.  

I created two spn records on the new printserver:
setspn -A HOST/alias newserver
setspn -A HOST/alias.domin newserver

Everything works as expected.  After some random time, both spn records disappear from the server and I can no longer access the printserver using the old computer name.  If I recreate the above SPN's, then I can access the server using the old computer name and all of the printers that pointed to the old server work.

Any Ideas as to why the spn's are disappearing?

Thanks...
0
Comment
Question by:visualappz
  • 2
4 Comments
 
LVL 20

Expert Comment

by:compdigit44
ID: 37761610
I know when you add an SPN manually it's usually in the following format..

setspn -A HOST/serverA.domin.com newserver serverA

I know you are using a CNAME record and your new servers are set to repond to request to the old server name.. Have you tried to register the SPN as follows..

setspn -A HOST/alias.domin alias    ???
0
 

Accepted Solution

by:
visualappz earned 0 total points
ID: 37762066
Yes, they still get deleted after about 10 minutes.  I may have found another solution to the problem without using spn records.  I am waiting on customer feedback to see if what I have done fixes the issue.

If it does, I will post the url of the page that I used to solve the problem so that someone else may find it usefull.
0
 

Author Closing Comment

by:visualappz
ID: 38834548
I found some KB articles that gave some registry keys that could be added to allow access without necessarily having to create the SPN's.

Registry Keys were:
HKLM\System\Current Control Set\Control\LSA\DisableLoopbackCheck
or
HKLM\System\Current Control Set\Control\LSA\MSV1_0\BackConnectionHostNames
Microsoft KB Article:  926642
0
 

Expert Comment

by:newgentechnologies
ID: 40214006
I had this issue as well. I found that a

setspn -a HOST/Alias servername

manual entry would disappear after a few minutes

Oddly

setspn -a cifs/alias servername

entry did not disappear...
The SPN for HOST will not stay registered if it conflicts with an existing entry...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question