In scenarios involving system migration, accessing Windows servers by both the original and new hostnames is often crucial. To make a server recognizable by an alternate name, the most straightforward method involves adding a CNAME alias in the DNS that points to the original FQDN (A record).
To establish a CNAME alias for the former hostname, you can use the DNS Manager console by launching dnsmgmt.msc or employ the PowerShell command Add-DnsServerResourceRecordCName:
Add-DnsServerResourceRecordCName -ZoneName woshub.loc -Name new-wks11 -HostNameAlias wks11.woshub.loc
However, a critical issue arises after setting up a DNS alias; Kerberos authentication fails when accessing the server via its new hostname. This failure occurs because the SPN (Service Principal Name) in the AD object isn’t updated when the DNS record is created.
Windows Server includes a native tool called netdom.exe that helps in adding an additional hostname. For instance, to assign a secondary hostname to the computer named fs01, you would execute the following command with an alternative FQDN:
netdom computername fs01 /ADD new-fs01.woshub.loc
Ensure the newly assigned name is also registered in the DNS using the command:
ipconfig /registerdns
The netdom command will register a CNAME record in DNS, add the new name to the AlternateComputerNames registry parameter (described below), and update the value of the servicePrincipalName and msDS-AdditionalDnsHostName attributes for the computer account in AD.
List all registered computer names:
netdom computername m-dc01 /enum
Get registered SPNs for a computer account:
“`html
setspn.exe -L fs01
The netdom.exe command is missing in Windows 10 and 11, so you’ll need to change the registry to add an additional hostname manually.
To add an alternate DNS name:
- Under the
HKLMSystemCurrentControlSetServicesDNSCacheParametersregistry key, create a REG_Multi_SZ parameter called AlternateComputerNames. - Specify an additional FQDN name (or multiple names) for this (one FQDN per line)
- Register computer names in DNS:
ipconfig /registerdns - Add the new computer name to the SPN:
SETSPN -a host/new-wks11 wks11
SETSPN -a host/new-wks11_name.woshub.loc wks11
“`
To set up an additional NetBIOS name on a computer, initiate by generating the OptionalNames parameter (REG_Multi_SZ) in the HKLMSystemCurrentControlSetServicesLanManServerParameters registry key.
Proceed by rebooting the lanmanserver service with the following commands:
net stop lanmanserver
net start lanmanserver
Should there be issues updating the computer’s SPN in AD, establish a REG_DWORD parameter named DisableStrictNameChecking at HKLMSystemCurrentControlSetServicesLanmanServerParameters and assign it a value of 1. This adjustment permits access to shared SMB folders on the computer using the new name.