Solved

SPN Disappear after creation

Posted on 2012-03-23
4
1,088 Views
Last Modified: 2014-07-23
I have a network with 2 x Windows 2008 R2 SP1 Servers with AD replication between them.  I removed 2 x Windows 2000 DC's from the network (one of which was a print server) and moved the printers to one of the 2008 servers.  I created a CNAME Alias for the old server and modified the registry to DisableStrict Name Checking and Enable DnsOnWire.  

I created two spn records on the new printserver:
setspn -A HOST/alias newserver
setspn -A HOST/alias.domin newserver

Everything works as expected.  After some random time, both spn records disappear from the server and I can no longer access the printserver using the old computer name.  If I recreate the above SPN's, then I can access the server using the old computer name and all of the printers that pointed to the old server work.

Any Ideas as to why the spn's are disappearing?

Thanks...
0
Comment
Question by:visualappz
  • 2
4 Comments
 
LVL 19

Expert Comment

by:compdigit44
ID: 37761610
I know when you add an SPN manually it's usually in the following format..

setspn -A HOST/serverA.domin.com newserver serverA

I know you are using a CNAME record and your new servers are set to repond to request to the old server name.. Have you tried to register the SPN as follows..

setspn -A HOST/alias.domin alias    ???
0
 

Accepted Solution

by:
visualappz earned 0 total points
ID: 37762066
Yes, they still get deleted after about 10 minutes.  I may have found another solution to the problem without using spn records.  I am waiting on customer feedback to see if what I have done fixes the issue.

If it does, I will post the url of the page that I used to solve the problem so that someone else may find it usefull.
0
 

Author Closing Comment

by:visualappz
ID: 38834548
I found some KB articles that gave some registry keys that could be added to allow access without necessarily having to create the SPN's.

Registry Keys were:
HKLM\System\Current Control Set\Control\LSA\DisableLoopbackCheck
or
HKLM\System\Current Control Set\Control\LSA\MSV1_0\BackConnectionHostNames
Microsoft KB Article:  926642
0
 

Expert Comment

by:newgentechnologies
ID: 40214006
I had this issue as well. I found that a

setspn -a HOST/Alias servername

manual entry would disappear after a few minutes

Oddly

setspn -a cifs/alias servername

entry did not disappear...
The SPN for HOST will not stay registered if it conflicts with an existing entry...
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now