I take it that it would be too difficult to have your developers go back and do away with the hardcoded names?
>>> Phillip Partipilo <p...@psnet.com> 7/26/2010 12:31 PM >>> I'm decommissioning some servers, and to ease the transition, since we have some old code that is hardcoded with old server names, I'm going through the motions of setting up CNAME DNS records to point any queries to the old server to the new server, set up the key in HKLM\System\CurrentControlSet\Services\lanmanserver for DisableStrictNameChecking to 0x1, set up the key in HKLM\System\CurrentControlSet\Control\Lsa for DisableLoopBackCheck to 0x1, and then finally used the setspn tool to add SPNs to the new replacement server so it will happily accept and authenticate clients that are asking for resources and generating Kerberos tickets for the old server name. Problem is that the setspn additions aren't holding as persistent... Every so often they just disappear... During this transition I don't want to make this really ugly by having a scheduled task to run a batch file every minute to add these SPNs, so is there a way to force these entries as persistent? I know this is a severe hack but I'm trying to make my job easy with this transition, I'm stretched pretty thin these days :-( Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
