|
Actions:
|
2021-06-11 10:35 AEST by Arthur Barrett - If someone installs a server, then renames it. what is the effect?
The clients will need to re-checkout (because the new server name), but this could be fixes with a CNAME
record added in DNS.
But importantly - during installation (or first use) the CVSNT server creates an SPN in the active directory.
This would need to be fixed?
You can check the current setting:
C:\Windows\system32>setspn -Q cvs/*
Checking domain DC=cvsnt-test,DC=cvsnt,DC=com
No such SPN found.
I don't think we ever set the SPN in the forest, but you can check it with:
C:\Windows\system32>setspn -F -Q cvs/*
Ldap Error(0x51 -- Server Down): ldap_connect
Failed to retrieve DN for forest "" : 0x00000051
Warning: No valid targets specified, reverting to current forest.
No such SPN found. |
|
|
2021-06-11 12:17 AEST by Arthur Barrett - Just did an upgrade on W10 connected to a domain, and the SPN is NOT SET, even after reboot.
Yes - definitely installed as domain admin!
USERDNSDOMAIN=CVSNT-TEST.CVSNT.COM
USERDOMAIN=CVSNT-TEST
USERDOMAIN_ROAMINGPROFILE=CVSNT-TEST
USERNAME=Administrator
C:\Users\Administrator>setspn -L cvsnt-server
Registered ServicePrincipalNames for CN=CVSNT-SERVER,CN=Computers,DC=cvsnt-
test,DC=cvsnt,DC=com:
TERMSRV/CVSNT-SERVER.cvsnt-test.cvsnt.com
TERMSRV/CVSNT-SERVER
RestrictedKrbHost/CVSNT-SERVER
HOST/CVSNT-SERVER
RestrictedKrbHost/CVSNT-SERVER.cvsnt-test.cvsnt.com
HOST/CVSNT-SERVER.cvsnt-test.cvsnt.com
C:\Users\Administrator>setspn -Q cvs/
Checking domain DC=cvsnt-test,DC=cvsnt,DC=com
No such SPN found.
I think this is the point of bug 6846 "installer or wizard should register SPN (and set UPN suffix in registry)" -
it's just not set at all - we rely on CVSNT being able to set it, but it can't . |