Select the product you need help with
Domain controller cloning does not re-create all service principal namesArticle ID: 2742874 SymptomsYou use the Virtualized Domain Controller (VDC) cloning feature that Windows Server 2012 introduced. After you clone a new domain controller, you find that not all service principal names (SPNs) are re-created on the new domain controller. When you examine this issue, you notice that, if a set of three-part SPNs includes both a NetBIOS name that has a port and an otherwise identical NetBIOS name that does not have a port, the non-port entry is not re-created by using the new computer name. For example, you notice the following examples that have identical NetBIOS names:
However, SPNs that do not have three parts are all re-created, and fully qualified names are re-created, regardless of whether ports are specified. For example, you notice that in all the following scenarios, SPNs are re-created:
CauseThis is a limitation of the domain controller rename process in Windows and is not specific to cloning. ResolutionManually create the missing entries by using SETSPN.EXE or the Set-AdComputer Windows PowerShell cmdlet. More informationThree-part SPNs are not fully handled by the domain controller renaming logic in any scenario. Windows services that are included are unaffected by this issue. This is because the services re-create any missing SPNs as needed. Other applications may require you to enter the SPN manually to resolve the issue. For more information, review the product documentation. For more information about how to configure and troubleshoot VDC together with details and step-by-step guidance, go to the following Microsoft websites: http://technet.microsoft.com/en-us/library/hh831734.aspx
(http://technet.microsoft.com/en-us/library/hh831734.aspx)
http://go.microsoft.com/fwlink/p/?LinkId=236370
(http://go.microsoft.com/fwlink/p/?LinkId=236370)
PropertiesArticle ID: 2742874 - Last Review: September 21, 2012 - Revision: 6.0
|
Back to the top
