Exchange SPN Issue
I have a Windows 2003 AD network with 2 DCs/GCs and 2 Exchange 2003 SP2 servers. Only one Exchange server is being used. The second one is being decommissoned. I had the issue with Outlook 2007 not being able to resolve the user profile on the Exchange server. While troubleshooting it, I ran the setspn -L command on it and found the following results: Microsoft Windows [Version 5.2.3790] (C) Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator>setspn -L exchangesvr Registered ServicePrincipalNames for CN=Exchangesvr,CN=Computers,DC=ourdomain,DC =com: exchangeMDB/Exchangesvr.ourdomain.com exchangeMDB/EXCHANGESVR exchangeRFR/Exchangesvr.ourdomain.com exchangeRFR/EXCHANGESVR exchangeAB/Exchangesvr.ourdomain.com exchangeAB/EXCHANGESVR SMTPSVC/EXCHANGESVR SMTPSVC/Exchangesvr.ourdomain.com NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/Exchangesvr.ourdomain.com HOST/Exchangesvr.ourdomain.com/OURDOMAIN HOST/Exchangesvr.ourdomain.com/ourdomain.com DNS/Exchangesvr.ourdomain.com HOST/Exchangesvr.ourdomain.com HOST/EXCHANGESVR C:\Documents and Settings\Administrator> As you can tell, I have changed the name of our domain and Exchange server in the above infomation for security reasons. Originally (years back) an Exchange 2003 server by the same name was on the network and was also a DC and a GC and ran WINS and DNS. I had successfully migrated it to a member server and demoted and removed the original server from the domain. The new Exchange member server was named something different but was changed back to the original name after another hardware migration. Several of the above SPN entries seem incorrect and I was wondering if someone could assist me in determining what entries need to be removed. Specifically the NtFrs entry, the DNS entry and the duplicate HOST entries. Any assistance will be greatly appreciated!
September 28th, 2011 5:37am

On Wed, 28 Sep 2011 02:37:06 +0000, ITGuy2011 wrote: [ snip ] >As you can tell, I have changed the name of our domain and Exchange server in the above infomation for security reasons. Originally (years back) an Exchange 2003 server by the same name was on the network and was also a DC and a GC and ran WINS and DNS. I had successfully migrated it to a member server and demoted and removed the original server from the domain. The new Exchange member server was named something different but was changed back to the original name after another hardware migration. Several of the above SPN entries seem incorrect and I was wondering if someone could assist me in determining what entries need to be removed. Specifically the NtFrs entry, the DNS entry and the duplicate HOST entries. Any assistance will be greatly appreciated! Get rid of these: NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/Exchangesvr.ourdomain.com HOST/Exchangesvr.ourdomain.com/OURDOMAIN HOST/Exchangesvr.ourdomain.com/ourdomain.com DNS/Exchangesvr.ourdomain.com --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2011 7:35pm

Rick, Thanks so much for your swift response. I figured that they had to go but I just don't want to risk our Exchange environment in any way. If for any reason it did affect Exchange functionality, I guess I can always re-add those entries with the setspn utility. As well, I guess I need to point the exchangeA/B records to the Global Catalog server correct? I will try it this weekend and let you know how it turns out. Thanks again!
September 28th, 2011 9:44pm

On Wed, 28 Sep 2011 18:44:31 +0000, ITGuy2011 wrote: >Thanks so much for your swift response. I figured that they had to go but I just don't want to risk our Exchange environment in any way. If for any reason it did affect Exchange functionality, I guess I can always re-add those entries with the setspn utility. That's correct. >As well, I guess I need to point the exchangeA/B records to the Global Catalog server correct? That's correct. Only you don't "point" them anywhere, you just add the SPN to the computer object. ;-) If the Exchange server is no longer a DC then you can remove those entries from the Exchange server's computer object, too. >I will try it this weekend and let you know how it turns out. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2011 1:27am

On Wed, 28 Sep 2011 18:44:31 +0000, ITGuy2011 wrote: >Thanks so much for your swift response. I figured that they had to go but I just don't want to risk our Exchange environment in any way. If for any reason it did affect Exchange functionality, I guess I can always re-add those entries with the setspn utility. That's correct. >As well, I guess I need to point the exchangeA/B records to the Global Catalog server correct? That's correct. Only you don't "point" them anywhere, you just add the SPN to the computer object. ;-) If the Exchange server is no longer a DC then you can remove those entries from the Exchange server's computer object, too. >I will try it this weekend and let you know how it turns out. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
September 29th, 2011 1:27am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics