You are currently offline, waiting for your internet to reconnect

Domain controller cloning does not re-create all service principal names

Symptoms
You use the Virtualized Domain Controller (VDC) cloning feature that Windows Server 2012 introduced. After you clone a new domain controller, you find that not all service principal names (SPNs) are re-created on the new domain controller.

When you examine this issue, you notice that, if a set of three-part SPNs includes both a NetBIOS name that has a port and an otherwise identical NetBIOS name that does not have a port, the non-port entry is not re-created by using the new computer name.

For example, you notice the following examples that have identical NetBIOS names:
  • customspn/DC1:200/app1 - This three-part SPN has a port (:200) that is specified. In this scenario, the SPN is re-created by using the new fully qualified computer name. The SPN is not recreated by using the new computer NetBIOS name.
  • customspn/DC1/app1- This three-part SPN does not have a port that is specified. In this scenario, the SPN is not re-created by using the new computer name

However, SPNs that do not have three parts are all re-created, and fully qualified names are re-created, regardless of whether ports are specified. For example, you notice that in all the following scenarios, SPNs are re-created:
  • customspn/DC1:202
  • customspn/DC1
  • customspn/DC1.corp.contoso.com:202
  • customspn/DC1.corp.contoso.com
Cause
This is a limitation of the domain controller rename process in Windows and is not specific to cloning.
Resolution
Manually create the missing entries by using SETSPN.EXE or the Set-AdComputer Windows PowerShell cmdlet.
More information
Three-part SPNs are not fully handled by the domain controller renaming logic in any scenario. Windows services that are included are unaffected by this issue. This is because the services re-create any missing SPNs as needed. Other applications may require you to enter the SPN manually to resolve the issue. For more information, review the product documentation.

For more information about how to configure and troubleshoot VDC together with details and step-by-step guidance, go to the following Microsoft websites:
Properties

Article ID: 2742874 - Last Review: 09/21/2012 23:03:00 - Revision: 6.0

  • KB2742874
Feedback