Your machine wouldn't happen to be a domain controller, would it? See the last 4 comments to a very interesting article.
http://blogs.technet.com/b/askds/archive/2008/05/29/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx On Mon, Jul 26, 2010 at 3:31 PM, Phillip Partipilo <p...@psnet.com> wrote: > I'm decommissioning some servers, and to ease the transition, since we have > some old code that is hardcoded with old server names, I'm going through the > motions of setting up CNAME DNS records to point any queries to the old > server to the new server, set up the key in > HKLM\System\CurrentControlSet\Services\lanmanserver for > DisableStrictNameChecking to 0x1, set up the key in > HKLM\System\CurrentControlSet\Control\Lsa for DisableLoopBackCheck to 0x1, > and then finally used the setspn tool to add SPNs to the new replacement > server so it will happily accept and authenticate clients that are asking > for resources and generating Kerberos tickets for the old server name. > > Problem is that the setspn additions aren't holding as persistent... Every > so often they just disappear... During this transition I don't want to make > this really ugly by having a scheduled task to run a batch file every minute > to add these SPNs, so is there a way to force these entries as persistent? > > I know this is a severe hack but I'm trying to make my job easy with this > transition, I'm stretched pretty thin these days :-( > > > > Phillip Partipilo > Parametric Solutions Inc. > Jupiter, Florida > (561) 747-6107 > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
