CNAME on Windows 2008 R2 server (print server)

In some cases you want to reference a single server using a CNAME (i.e. DNS alias that points to another record). You can use this technique to provide friendly names for the users to remember for the services, for example PrinterServer instead of NetPrnNoOsl01 (Net Printer Norway Oslo 01).


In other to reference a server with CNAME on Windows 2008 R2 you need to do the following:



  1. Create a correct CNAME in you DNS

  2. Add registry entries on the server (3 entries)

  3. Register SPN names into Active Directory

  4. Reboot the server (so the changes are implemented)

CName in DNS


To create a CNAME in DNS use the dnsmgmt.msc to create the alias in the correct zone.


Registry entries



  • Path: HKLM\SYSTEM\CurrentControlSet\Control\Print Key: DnsOnWire Type: REG_DWORD Value: 1

  • Path: HKLM\system\currentcontrolset\services\lanmanserver\parameters Key: DisableStrictNameChecking Type: REG_DWORD Value: 1

  • Path: HKLM\system\currentcontrolset\services\lanmanserver\parameters Key: OptionalNames Type: REG_MULTI_SZ Value: CNAME (only NETBIOS name)

Register SPN’s


You use the setspn.exe utility to add, list or remove SPN’s from users and/or computers. You need to create the SPN’s so authentication will work correctly.


Create HOST/CNAME and HOST/CNAME.domain.suffix on the computerobject hosting the alias name.


setspn.exe –a host/CNAME computerobject


Example


In this example I'’m creating an PrintServer CNAME for NetPrnNoOsl01 in contoso.com.



  1. CNAME PrintServer points to NetPrnNoOsl01.contoso.com.

  2. Add registry entries as specified

  3. Add SPN’s setspn.exe –a host/PrintServer NetPrnNoOsl01 setspn.exe –a host/PrintServer.contoso.com NetPrnNoOsl01

20 comments:

Alan V said...

Thanks for the info. I was able to get this working very easily with your steps. Thumbs-up!

DaddyR said...

Hello Alan,

Thanks for dropping a comment. It inspires me to blog if I know it helps other admins.

Anonymous said...

Thanks for the info. but it's not working for me. any ideas ??

DaddyR said...

Hello,

Do you get any error messages. Does the hostname work ?

Stoen said...

Worked for me, but the server needed a reboot at the end.

DaddyR said...

Stoen: You are correct that the server needs a reboot after the changes. I have updated the post with this information.

Anonymous said...

Just want to say that I will be framing this and hanging on my office wall. You saved the day!

Thanks!

Ben said...

Thanks Rikard, very well explained.

Bill M said...

We are attempting to do this for a 'poor mans' failover cluster. 2 2008 R2 DCs will host 6 printers, identical on each server. Cname will point to server1...but server2 will be set up with the above mentioned settings as well, matching server1...in the event of server1 failure, all we should have to do is to delete and re-create the Cname and wait for DNS to replicate...sound right?

DaddyR said...

Hello Bill,

In your case I would do the following:
1) Configure both servers to listen to the CNAME
2) Edit TTL in DNS to 5 minutes for the print server CNAME
3) Edit all settings on server A
4) Migrate settings using printBrm.exe
5) Test both servers using a edited HOSTS file so all print queues are working

Link to printbrm.exe information
http://technet.microsoft.com/en-us/library/cc722360.aspx

Please leave a note if this works for you.

Regards,
Rikard

DaddyR said...

Forgot to mention, in case of a failover you only update the DNS record and wait 5 minutes.

Regards,
Rikard

Bill M said...

Ok, first off, thanks for the quick reply. I manually created the printers on each to match each other (nice tool though...next time). I can't figure out how to change the TTL of just the one Cname entry. Thanks also for the TTL setting...I knew how to set it for a zone, but didn't know you could set it per record until I dug into it and found the advanced settings. I won't be able to test until tomorrow since I need to reboot, but will leave an update.

Thanks again,
Bill

Bill M said...

Sorry...meant to say I 'Couldn't' figure out the TTL setting...your post let me know there was a way and I did then find it.

Bill

Bill M said...

Tested and working fine. Thanks for the tips.

Bill

DaddyR said...

Thanks for leaving an update and nice to know you got it working.

NTheEnd said...

I'm trying to setup almost the same solution as Bill M., I'm a little lost however. Do both print servers require the registry edits and the registering of the SPN? The steps provided only mention server A?

DaddyR said...

Hello NTheEnd,

Thanks for finding my blog and information.

More detailed steps for a "poor mans cluster" (i.e. 2 servers With identical configuration listening to a CName).

1) Install both servers and configure them as printer servers (same printers, drivers, etc)
- ServerA
- ServerB
2) Add a CNAME to you DNS and point it to ServerA
- PrintServer
3) Lower TTL on the CNAME (to 5 minutes)
- PrintServer
4) Add the correct registry entries on both servers (and restart)
5) Add the SPN to the server hosting the CNAME
- ServerA


In case of failover
1) Remove SPN from faulty server
- ServerA
2) Add SPN to working server
- ServerB
3) Replicate DC's (if you have many)
4) Point CNAME to ServerB

If you need a poor mans cluster I recommend you to script the failover tasks and have a BATCH file on both servers. I would script all steps including DNS changes.


Good luck and test carefully.

LawWhe said...

Hi,

I know that this is an older post - but just wondering if you could clear up a bit of a query that I have:

I have a similar scenario to Bill M - and am setting up a "poor man's failover"... I want to have both print servers powered on at the same time, so that a quick change of the DNS CName would point clients to the failover server should something happen to the primary...

Should the optionalnames registry setting be put on both servers (when they are powered on and connected to the network) ? Will there be any issues if both servers optionalnames are set with the same name ?

Any help appreciated

Bob Curran said...

thanks for the article, I tried all that you had recommended but still did not work, it was not until I found this website https://social.technet.microsoft.com/Forums/windowsserver/en-US/00eeb192-d03a-4d1b-9066-427fc678ae97/installing-printers-from-windows-2008-r2-printer-server-using-the-cname?forum=winserverprint

that suggested a QWORD instead of a DWORD, after that change I was able to get that working after I followed all the steps you listed first, FYI Window 2008R2SP1 print server on a Windows 2012R2 Domain

Tummà said...

Hi

thanks for this article is the first I found which describe this process in a straightforward way, I know it's quite old and not even sure you read the comments anymore but I'd give it a try anyway.

I've followed your instructions but still can't get it to work. I have a lab environment where I'm trying to test this with Hyper-V Vms. DNS server sit on its own on a W2k8R2, Print Server A and B are on two other separate machines with W2012R2 and I use another VM as client with W2012R2 as well.

The two print servers have been configured with one device each (same name, same driver, shared on the network, same configuration, etc).

I've applied on both the registry keys specified in the article and restarted both servers.

The DNS has a CNAME entry let's call it PrintServer that point to Print Server A with a TTL of 5min.

The SPN entries have been inputed like this
setspn -a host/PrintServer PrintServerA
setspn -a host/PrintServer.domain PrintServerA

I install the network printer on the client successfully and send a job (Test Page) which I see in the Print Queue on the Print Server A. So everything works.

Now to simulate failover. I delete the two spn entries with
setspn -d host/PrintServer PrintServerA
setspn -d host/PrintServer.domain PrintServerA

add the SPN entries on the PrintServerB
setspn -a host/PrintServer PrintServerB
setspn -a host/PrintServer.domain PrintServerB

I switch then the CNAME to PrintServerB and wait till the TTL expire

I ping the PrintServer CNAME from the client and I can see it resolves on PrintServerB now.

I send the Test Page to print and the job still appears on Print Server A queue instead of Print Server B.

Also tried to sign-out and sign back in on the client, as well as restarting the print spooler services with the same effect.

Looking at the system registry on the client machine I can see that the printer has been registered using as serverName/uNCName etc the Print Server A full address instead of using the CNAME which I guess it's causing the issue.. as this is not changing even though I log-off and back-in the DsSpooler obj in the Print Providers in the registry stay the same.

Any help you can offer would be greatly appreciated as this issue is driving me nuts.

Thanks