Connection problem on Windows shares between servers

Christian 1 Reputation point
2022-09-26T05:15:43.783+00:00

Hello all,

I am really hoping for ideas on the following problem.

I still have two old Windows Servers 2012, one being a file server and the other being a SQL Server.
Both servers are in the same domain.
Without significant changes to the systems, I have the problem that from the SQL server, I can only connect shares of the file server via IP address but not via DNS name. It doesn't matter if I use the Domain Admin account or a normal user. It also doesn't matter if I try to connect normal shares or administrative shares. I always get the error

The user cannot log in because the account is currently disabled.

As written, but if I use the IP, it worked without problems.

I have already removed the SQL server from the domain and added it again, without any effect. I exclude an error at the file server, because on other servers and clients the problem does not exist.

I have checked the DNS server, no visible errors. nslookup of the file server on the SQL server resolves correctly.

net use in CMD shows the same error.

Does anyone possibly have an idea or troubleshooting approach for me?

Many thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,035 questions
Windows Server Storage
Windows Server Storage
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Storage: The hardware and software system used to retain data for subsequent retrieval.
643 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Gary Reynolds 9,406 Reputation points
    2022-09-26T10:54:29.953+00:00

    Hi @Christian

    By using the IP address of the server you are bypassing Kerberos authentication and using NTLM.

    A few questions that might help find the cause of the issue:

    • If you log onto the server do you get the same error or something different?
    • Are you using a domain or local account to connect to the server?
    • Have you implemented any additional security hardening or using Protected Users group?
    • Have you checked the SPN configuration of the servers?
    • Do you get any Kerberos event log errors on the servers or DCs?

    Gary.


  2. Limitless Technology 44,121 Reputation points
    2022-09-28T07:32:44.033+00:00

    Hello Christian,

    First I will recommend to check in Credentials Manager if you have already stored any credential for that FQDN share. An old credential for the DNS name, would be likely the issue.

    On the other hand you should check also the integrity of the Active Directory replication and synchronization using DCDIAG:

    DCDIAG /s:<DCNAMEtocheck> /c /v

    Last but not list try to re-register the flie server on DNS with the next commands from an Administrator command line:
    ipconfig /flushdns
    ipfonrig /registerdns

    Then refresh the DNS on the SQL server with:
    ipconfig /flushdns

    ------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments