Your basic ITPro blog... What's going on at work, what I'm interested in.

Wednesday, March 6, 2013

Name Migration Between IIS Servers

We are migrating our current Arena server’s name to our new Arena server. Our initial thought was to simply remove the old server from the network and modify the DNS record for OLDARENA to point to the IP address of NEWARENA. When we did this, we found our new server would challenge us for AD credentials.

The problem turned out to be with SPNs. Even with the changes listed above, the SPNs for OLDARENA were still associated with the actual OLDARENA server. Deleting these SPNs resolved the auth/credentials/kerberos issues. For completeness, we added the SPNs to the associate with the NEWARENA server.

We used the “setspn” command line tool to accomplish this. See for information:
http://technet.microsoft.com/en-us/library/cc731241%28v=ws.10%29.aspx

This blog post put me on the right track: http://blogs.iis.net/brian-murphy-booth/archive/2007/03/09/the-biggest-mistake-serviceprincipalname-s.aspx

 

Other item of note:
DNS record replication between DNS servers. When making static changes, records are having a hard time replicating. Looks to be a timing issue. As troubleshooting steps, I deleted the DNS record and then rebooted the server, hoping (correctly) that it would trigger a DNS record add/update. Replication then occurred to my other DNS servers after a short period of time.

UPDATE: A much better account of this:
http://codersforchrist.com/cs/blogs/nick/archive/2013/03/06/Server-Swap-Leads-to-SPN-Discovery.aspx

No comments:

Additional Info

My photo
email: support (AT) mangrumtech (DOT) com
mobile: 480-270-4332