I encountered an issue when bringing up a cluster and enabling Kerberos Authentication. Apparently, there’s a bug where the cluster nodes won’t properly register SPNs which results in Kerberos Authentication to fail. The fix is easy thanks to KB935676:
Let’s say you have 2 nodes; node1 and node2. Run the following commands (make sure you change the Common Name of the CMS):
add-ADPermission -Identity “cn=exchange-cms,cn=computers,dc=mydomain,dc=com” -User “node1$” -AccessRights WriteProperty -Properties “Validated-SPN”
add-ADPermission -Identity “cn=exchange-cms,cn=computers,dc=mydomain,dc=com” -User “node2$” -AccessRights WriteProperty -Properties “Validated-SPN”
Leave a Reply