Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

ayas

Community Manager

 • 

7.4K Posts

 • 

67.7K Points

24863

March 31st, 2015 00:00

SPN and Short Name

Hi there ...

Is anybody know anything about SPN and SmartconnectZone in Windows2008 and Windows 2012 Environment ?

My customer found SPN was registered as shortname in windows 2008  and cannot connect to cluster ,But the Other hand,

In Windows 2012 registered SPN as shortname but COULD access to cluster ...


I found no KB like this .. so please let me know if anybody experienced like this .


FYI ..Msg appeared upon Windows 2008 ( no access )

AD server missing needed SPN(s) HOST/cifs01, HOST/cifs01.isilon.local; try 'isi auth ads spn check'


thanks

aya



crklosterman

450 Posts

March 31st, 2015 11:00

In general you are best to create both SPNs for short and FQDNs, but don't worry about doing it manually, create it automatically with the cluster.

First check if the cluster thinks anything is missing:

isi auth ads spn check --domain=domain.com

Then fix it:

isi auth ads spn check --domain=domain.com --repair --user=

Then type in your password.  The user needs rights to be able to create SPNs on the machine account in question.

Hope this helps,

~Chris

chughh

122 Posts

March 31st, 2015 06:00

Hello Ayas,

SPN are created on every node you need to check missing entry on Isilon node and create entry.

isi auth spn create

It should work fine after that.

Thanks

ayas

Community Manager

 • 

7.4K Posts

 • 

67.7K Points

March 31st, 2015 17:00

Hi Chris and chughh

Thanks so much for the answers ! I am afraid I am new for Isilon... let me ask simple question one more , so Isilon allow to use short name and FQDN ( one of then or Both or At least FQDN ) ? Cos user concerns shot name access as ok only win2012 ...( He thinks this is Win version issue ...) 

crklosterman

450 Posts

April 1st, 2015 09:00

One tidbit,

--machinecreds is very helpful, however it only works if the machine account is delegated rights to manage ‘Self’ in Active Directory. This is not done by default, so it would require an AD Admin to set up this little low-risk permission delegation on the machine account object.

Chris Klosterman, ICSP, ICIE, CCNA, VCP

Email: chris.klosterman@emc.com

Senior Solution Architect

Offer and Enablement Team

EMC²| Isilon Storage Division

DHoffman77

13 Posts

October 26th, 2015 06:00

So, does REPAIR perform  the same function as adding?

NAS-101

4 Posts

November 13th, 2015 07:00

AWESOME!  I've been screwing around with this off and on to add spn's for an access zone I created. I kept getting an error code 19:  constraint violation.  I never tought to use --repair. 

It worked like a charm

Was this post helpful?

View All

0 events found

No Events found!

Top