I'm at the end of a win2k native to win2k3 win2k3FFL/DFL migration using Quest Migration Manager.
I've noticed we've had many login issues where users can map drives via ip but not hostname(dns is working and you can ping by name).
Also, when connecting via a drive mapping, the error recieved is "Login failure: The target name is incorrect".
Now I know when mapping via ip, you are using NTLM as opposed to Kerberos when you use a hostname.
So I thought it was a duplicate SPN issue due to the migration.
When I fire up LDP.exe and search for SPN, I see the pc in question has an SPN of the value "host\pc.Old.Domain.Name".
There is no SPN for the pc to reflect the new Forest it has been migrated to.
This is sporadic and doesn't affect all migrated pc's.
Another symptom is users not getting their home drive mappings(via ADUC).
The homedir server logs this error in the Security log-
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 2/21/2006
Time: 11:16:05 AM
User: NT AUTHORITY\SYSTEM
Computer: OPNJR01
Description:
Logon Failure:
Reason: An unexpected error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 2/21/2006
Time: 11:16:05 AM
User: NT AUTHORITY\SYSTEM
Computer: OPNJR01
Description:
Logon Failure:
Reason: An unexpected error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
I have two questions-
1. Could the issues I'm having be a symptom of this SPN "problem"?
2. Has anyone faced a simillar issue when migrating either via Quest ot ADMT,etc?
Thanks a lot.
