Access Windows File Server with Alternate Names

You have a fancy name for Windows File Server and you thought, why not use a fancier name for the File Server. You went to the DNS and created a cname record, let say rgnfileserver.alivebits.com.

And tried to connect to the File Server with new cname \rgnfileserver.alivebits.com from the server itself. You would receive the following

Access File server with cname

There are no issues accessing the fileshare with new name over the network. The reason of such an behaviour can be found Microsoft KB https://support.microsoft.com/en-us/kb/896861

Here is an excerpt from the above KB

Loopback check is a security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

We need to implement the following registry keys and set SPN.

  • In Registry Editor, locate and then click the following registry key:
  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0. If the registry Key doesn’t exist, create a new one.
  • Right-click MSV1_0, point to New, and then click Multi-String Value.
  • Type BackConnectionHostNames, and then press ENTER.
  • Right-click BackConnectionHostNames, and then click Modify.
  • In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.

Now, start an elevated cmd prompt and set the SPN

Setspn -S HOST/CNAME ServerName

Setspn -S HOST/CNAME.domain.com ServerName

Restart the netlogon service.

In case, the server is being used as Print Server, you would also need to implement the following registry key.

reg add HKLMSYSTEMCurrentControlSetControlPrint /v DnsOnWire /t REG_DWORD /d 1

you should be able to access your file server remotely using a fancier name \rgnfileshares.alivebits.com locally on the server.

Thanks to Martin Binder for providing pointers leading to resolution.

Hope this helps !

Previous

What ! You don’t have permissions to access this folder

Next

How to Migrate DirSync to Azure AD Connect to New Active Directory Forest

2 Comments

  1. Ganapathi D

    There are no issues accessing the fileshare with new name over the network. The reason of such an behaviour can be found Microsoft KB

Leave a Reply

Copyright © 2018, All Rights Reserved.