Hello guys!
Want to consult with you about the following bag:
our configuration:
2 file servers, file1 and file2 on Windows 2008R2
shared folder 'FTP' which is replicated via DFS between the servers so each one has the same folder
one of the servers is a "primary node" - it has a CNAME record in DNS like ftp.domain.com, another one is just a copy of the 1st just in case of disasters\hardware maintenance. Users access the \\ftp.domain.com for shared resources.
due to a hardware replacement we decided to swap the servers, to make file2 primary
I've removed 2 SPN records from file1 and added SPNs for file2:
host/ftp
host/ftp.domain.com
CmRcService/FILE2
CmRcService/file2.domain.com
Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/FILE2.domain.com
WSMAN/FILE2.domain.com
WSMAN/FILE2
TERMSRV/FILE2.domain.com
TERMSRV/FILE2
RestrictedKrbHost/FILE2
HOST/FILE2
RestrictedKrbHost/FILE2.domain.com
HOST/FILE2.domain.com
I've also changed registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\optionanames on file2 to ftp, on file1 to ftp_copy.
Then i've rebooted the servers.
After it everything went fine except a few terminal servers on which i could not open the links like \\ftp\<any share>. The error message was something like accounts mismatch (unfortunately don't rember exactky) The links like \\file2\<any share> or \\<file2 ip address>\<any share> worked fine.
setspn -L file2 showed correct information
I've tried to restart Netlogon services and Computer browser but it didn't help. So i had to reboot the servers. It helped.
The issue happens only with terminal servers with many sessions. Actually i suppose the cause is some open sessions to \\ftp which somehow hangs up.. Could somebody advise how to avoid such issues in future? May be i've missed something?