Assume that you install Microsoft Exchange Server 2007 Hub Transport servers in multiple domain trees. You try to run the Exchange Mail Flow Analyzer (ExMFA) in the Exchange Management Console (EMC). In this situation, you receive the following error message:
Computer account for "SMTPSVC/<FQDN of Hub/Transport-Server>" not found in Active Directory. No computer account in Active Directory has "ServicePrincipalName" set to "SMTPSVC/<FQDN of Hub/Transport-Server>". This will result in Kerberos authentication failures when server <Servername> attempts to create an SMTP connection to another Hub Transport server.
However, when you run the ldifde -t <PortNumber>-d
"" -r (servicePrincipalName=SMTPSVC/<FQDN>) -p <scope>-f <filename>
command, the result indicates that all the Service Principal Names (SPNs) for SMTPSVC are set correctly in the Active Directory directory service.