I am moving a customer from one AD domain to another. They have a single server for the old domain that is a DC, plus File/Print server, and likewise its a single server on the new domain. The OS is Server 2016 Essentials on both. They have some hard-coded UNC paths in an application on the old server which references documents held on that server. There are too many of these UNC links for them to manually change them to the new server name, and they don't have the resources to pay to have that done, so I need to get the new server shares to be browseable using the old server name. Lets call the original server server1 and the new one server2. I followed the instructions on this link to set this up - https://4sysops.com/archives/disable-strict-name-checking-with-powershell. I created a CNAME record on server2 for server1, added the required registry entries and also created the SPN record using:
setspn -S host\server1 server2
If I run the command "setspn -l server2" after this, I see the new SPN record on the list displayed as:
host/server1
I can then successfully browse the shares on server2 using the UNC \\server1\share. All good so far. But within a few minutes the share browsing stops working and if I run "setspn -l server2" again, the SPN entry for "host\server1" is no longer there. I can add it again but a few minutes later it will disappear again. It appears that one of the Default Domain Policies may be clearing my custom SPN entry. If its not that some other process is deleting it. I can't see any references as to why that might be when I Google the problem. Is there something I'm missing here?
