Interesting. What should be happening with the client's discovery of the server is that at the same time it tries to authenticate the server using the public key, and it uses the public certificate to do that - the name in the CRT file is primarily there for display purposes.
The name only comes into actual play if you don't have multicasting enabled properly on your network. Not having multicasting sometimes is a conscious decision, but it also often happens to people through oversight - lots of folks don't realise that if they have a Layer-3 switch, they need to enable a thing called an IGMP Querier to generate the IGMP traffic for the switch to "sniff". Without an IGMP querier, switches time out multicast addresses from their tables in about 3 minutes or so.
If the client can't get in touch with the server via multicast, it tries an alternative method using the classic Windows workgroup protocol WINS (which is basically a subset of DNS with an extension to allow broadcasting if no actual server is assigned). In this case, it does try looking for the name in the public certificate.
However, the server tries to deal with this too - if the name of the machine it's on now is different from the one on which it was first installed, it registers
both names - it has to do this because of old certificates stored in images and the like. So, things should still be working.
When the client sees that it's working with an old name for the server, it makes a note of the fact and uses that name (because it's mainly used for display).
However, if they have to fall back to WINS that's possibly the wrong thing to do in this case because the server always registers the very first name it was ever installed to and not any name in between. So, the first server rename seems to work fine but the second one doesn't, because some of the clients will have current certificates pointing to the second of the three names the server has had.
So, a pretty pickle.
> Can I edit that file and make a change to that portion that shows the "old" name and replace it with the "current" name of the original server?
Not at present (it's a binary file with some delicate stuff) although I could probably write a rename utility for you. What concerns me more is any old certificates that are sitting around lurking in your client images. If the second server name was in use for long enough, probably your images will mostly refer to that and a rename should be fine.
What intrigues me more is whether your network is meant to be multicast-enabled or not, because if it is then the clients
should be discovering the server regardless of the names the server machine has. Do you happen to know if your network is using Layer-3 switches and if you have a router configured to act as an IGMP querier? If not, then some multicast operations appear to work because they involve short-lived multicast groups, but the server's discovery group needs to live for a long time.
If you don't know the answer, I can work it out from a packet capture but that's more involved. If there is something up at the low level that is causing the clients to fall back to WINS sooner than they should, it's definitely worth fixing.
Still, writing a rename utility for you (and perhaps also a tool to temporarily register an additional WINS name entry) seems like a good idea. I'll just have to run that past The Management.