Removing the CNAME would have resolved the issue but was not a possible solution in this particluar case.

I was experiencing issues with NETLOGON, SPN records, Kerberos, NLTEST, and connections beetwen servers and domain controllers.

The issue solved enabling scavenging on all reverse zones and purging old records.

In our case, Symantec Backup Exec 2012 was attempting to discover servers that are not being backed up causing these Kerberos errors on our backup server event logs. In our case, this error began after we changed the ip address of Windows 2003 domain controller and added a new Windows 2008 R2 domain controller on the older DC's IP address.

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server.Commonly, this is due to identically namedmachine accounts in the target realm ( In my case the issue was due to scavenging not enabled in reverse DNS zones.On the direct zone it was correct, but the records on the reverse zones were in some cases 5 years old.The solution was to go into the Backup Exec settings and disable discover data to back up. To resolve the problem, we removed the host file entries that were hard coded in the old DC's hosts files (to the old IP).Lesson of this was to not only check DNS for duplicate/stale dns entries but to also check the local hosts file as well.

