adding another SPN to a domain controller does not stay added

From: Brandon McCombs <none@xxxxxxxx>
Date: Sun, 20 May 2007 14:28:17 -0400

When I add a new SPN to a domain controller of the form 'ldap/oldhostname' due to a Java application requiring that old SPN to use Kerberos authentication, ADS will eventually remove that SPN which causes me to have to add it again before the Java application works. I'm not sure why the Java app is trying to use that SPN because on other user PCs it works fine. Only on my PC is it trying to use that SPN. The old hostname in the SPN is the name of the old domain controller we had in our domain over a year ago. I'm using the setspn command to add the SPN.

thanks
.

Follow-Ups:
- Re: adding another SPN to a domain controller does not stay added
  - From: Joe Richards [MVP]
- Re: adding another SPN to a domain controller does not stay added
  - From: Ace Fekay [MVP]

Prev by Date: Re: Logon denied while DC is shutting down...
Next by Date: Re: Question on GPO- Urgent
Previous by thread: Logon denied while DC is shutting down...
Next by thread: Re: adding another SPN to a domain controller does not stay added
Index(es):
- Date
- Thread

Relevant Pages

Re: adding another SPN to a domain controller does not stay added
... 'ldap/oldhostname' due to a Java application requiring that old SPN to ... causes me to have to add it again before the Java application works. ... Instead of the website you're using, try using OEx (Outlook Express ...
(microsoft.public.win2000.active_directory)
Re: adding another SPN to a domain controller does not stay added
... 'ldap/oldhostname' due to a Java application requiring that old SPN to ... causes me to have to add it again before the Java application works. ... Apparently the Java app was setup when the old host name was still in existance. ...
(microsoft.public.win2000.active_directory)
setting a new service principal name
... The custom app is written in Java. ... For some reason my machine was still referencing an SPN by the name of ldap/old-domain. ... I initially attempted to add the new SPN using a totally unrelated application that I created myself that is also written in Java. ... After 10 min of waiting it was still in there and the original application having the problem could still login through Kerberos. ...
(microsoft.public.win2000.active_directory)
Re: setting a new service principal name
... The custom app is written in Java. ... For some reason my machine was still referencing an SPN by the name of ldap/old-domain. ... I initially attempted to add the new SPN using a totally unrelated application that I created myself that is also written in Java. ... After 10 min of waiting it was still in there and the original application having the problem could still login through Kerberos. ...
(microsoft.public.win2000.active_directory)
Re: adding another SPN to a domain controller does not stay added
... The DC knows that that isn't its name and it shouldn't have that SPN so it removes it when it checks its registrations. ... Joe Richards Microsoft MVP Windows Server Directory Services ... 'ldap/oldhostname' due to a Java application requiring that old SPN to use Kerberos authentication, ADS will eventually remove that SPN which causes me to have to add it again before the Java application works. ... The old hostname in the SPN is the name of the old domain controller we had in our domain over a year ago. ...
(microsoft.public.win2000.active_directory)