none
DNS Host pointing to an IP address of a host added to the domain

    Question

  • Hello 

    I have a server already joined to the domain, I need to migrate a file server, I want this file server host name to point to the actual server that is already joined to the domain. For some reason my company decided to create a host instead of using a DNS Alias (CNAME), 

    Look like it is working fine, I can connect to the shares. 

    ServerA -> File server to migrate

    ServerB -> Server to host the ServerA shares

    But on some cases looks like authentication is failing for some applications, 

    Do you know if there is a Kerberos limitation? I am not sure if I should set a spn

    Saturday, May 03, 2014 6:03 PM

Answers

  • Hi, your problem might be a lanmanserver misconfiguration. By default it can refuse request not make to it's own FQDN or NetBios's name. Thus the CNAME alias will fail to communicate because lanmanservice refuse the conection attemp.

    Step 14 - Add DisableStrictNameChecking Registry Key

    That technet article is wrote for SQL, but it's the same key for a file server, but I pasted that link because you see it can restrict SQL kerberos authentification too.


    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!

    Tuesday, May 06, 2014 2:48 AM
    Moderator

All replies

  • Hi,

    Could you share the error message with us?

    I don’t think DNS CNAME record cause the problem as long as you have configured it properly.

    In the meantime, you can do some troubleshoot the issue according to the articles.

    Troubleshooting Kerberos Authentication problems – Name resolution issues

    http://blogs.technet.com/b/askds/archive/2008/05/14/troubleshooting-kerberos-authentication-problems-name-resolution-issues.aspx

    Kerberos authentication and troubleshooting delegation issues

    http://support.microsoft.com/kb/907272

    Hope this helps.

    Monday, May 05, 2014 6:11 AM
    Moderator
  • Thanks, but in my case it seems that Kerberos Authentication is the issue

    http://blogs.technet.com/b/josebda/archive/2010/06/04/multiple-names-for-one-computer-consolidate-your-smb-file-servers-without-breaking-unc-paths.aspx

    I had done the option 1, I wonder if I could set up the spn, based on that article seems that it is not possible, but I know it is possible with DNS Aliases, in my case it is a HOST A Record pointing to the same IP address of the host on AD

    Monday, May 05, 2014 8:24 PM
  • Hi, your problem might be a lanmanserver misconfiguration. By default it can refuse request not make to it's own FQDN or NetBios's name. Thus the CNAME alias will fail to communicate because lanmanservice refuse the conection attemp.

    Step 14 - Add DisableStrictNameChecking Registry Key

    That technet article is wrote for SQL, but it's the same key for a file server, but I pasted that link because you see it can restrict SQL kerberos authentification too.


    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!

    Tuesday, May 06, 2014 2:48 AM
    Moderator
  • Thanks but I am not going to use a CNAME. 
    I am going to be using a HOST A record. 

    I want to avoid the disablestrictnamechecking key because the server serving the share is a NAS device, and apparently there is no equivalent to disablestrictnamechecking

    Thursday, August 28, 2014 6:52 PM