Replacing a file server using a CNAME record - an SPN issue?

-

we have old file server (2008 r2) used data exchange between several devices. devices connect usual file share. need use file server exchanging data and retire old server permanently.

however, changing paths inside devices major problem. prefer leave them intact. in addition, devices critical, , have roll should goes wrong. idea we've developed shutting down old server, delete record primary dns zone , replace cname record pointing new server. did before while retiring old file server, , went smoothly. however, time method doesn't work. if create cname record , try access shared folder using it, error "windows cannot access path". in same time, if create cname record name didn't exist before, can access new server using it.

i suspect has an existing spn in ad points old server (host/old-server-name). possibly can create new 1 using setspn command. however, happen old spn if it? deleted or overwritten? if remove new cname record, spn recreated when server booting up? or should recreate spn manually? can old file server accessed without valid spn record or if there wrong spn record pointing new server?

p.s. found articles suggest adding some lanman parameters in registry on new server remove strict checking of names. however, new server works other cnames without that. suppose it's not necessary.

evgeniy lotosh
mcse: server infractructire, mcse: messaging

shaon,

of course, rebooted tested systems. :) it's not issue here.

the article looks interesting, method using netdom computername. however, requires old server permanently retired. if want keep purpose of reverting entire system previous state, can cause additional problems. not kind of solution seek.

actually, discovered problem arises if want access \\cname path windows xp machines (and that's need). if access newer oses (windows 7 , newer, didn't test vista), works fine.

i found article https://support.microsoft.com/en-us/kb/281308 . explains how fine-tune lanmanserver service on target file server allow accepting connections based on cname aliases. in theory, it's applied windows server 2000/2003. server 2008 , newer must work correctly without it. however, seems settings mandatory on every file server accesses using cname records windows xp. adding value registry solves problem.

the article suggests creating host spns alias, seems it's not necessary.

evgeniy lotosh
mcse: server infractructire, mcse: messaging



Windows Server  >  File Services and Storage



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more