Cannot use \\+ip to connect share folders，but \\+hostname is ok

Question

Cannot use \\+ip to connect share folders，but \\+hostname is ok

eter P 1

This is the same computer under the control of ad，Shared folders on other PCs cannot be accessed via IP，But it can be accessed through the computer name。

2 answers

Your answer

Answer 1

MotoX80 36,416

Don't use an IP address.

https://www.bing.com/search?q=windows%20network%20share%20kerberos%20authentication%20%22ip%20address%22

By default Windows will not attempt Kerberos authentication for a host if the hostname is an IP address. It will fall back to other enabled authentication protocols like NTLM. However, applications are sometimes hardcoded to use IP addresses which means the application will fall back to NTLM and not use Kerberos.

Your AD group policy probably restricts NTLM authentication.

https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain?source=recommendations

There should be some events logged in the Security eventlog on the target server that may provide additional information about the logon failures. (Assuming that your audit policy is set to log failure events.)

eter P 1 Reputation point

2022-11-22T17:31:55.61+00:00

I think this method is also possible. I'm testing it。
Thank you for your ideas，If the test results, I will continue to feedback。
eter P 1 Reputation point

2022-11-28T06:01:19.927+00:00

Sorry,It took so long to reply
I think your method can succeed. I have tried to modify the group policy
However, I recovered the backup node of the AD server when testing the group policy. Now the AD controller has been damaged. Maybe I need to create a new AD master server
Thank you for your reply

Answer 2

Gabriel Dispemec 431

Olá @eter P

1. Verifique se o host pip-p-020 está configurado corretamente com o servidor DNS do AD.

2. Execute os seguinte comando no prompt (administrator)

ipconfig/flushdns
ipconfig/registerdns
reboot

eter P 1 Reputation point

2022-11-22T14:51:09.567+00:00

thank you for answer.
1、This machine is already under the control of AD server，and in addition, all Windows computers have this problem
2、I tried the method you provided just now, but I still haven't solved the problem
3、Could it be a group policy problem?
Gabriel Dispemec 431 Reputation points

2022-11-22T14:54:32.097+00:00

I don't believe it's politics, but some DNS problem
eter P 1 Reputation point

2022-11-22T14:59:31.107+00:00

If it is a DNS problem, should the hostname be inaccessible instead of the IP address？
I was confused because there was no place to find out the relevant problems
Gabriel Dispemec 431 Reputation points

2022-11-22T16:08:59.44+00:00

In this configuration, name resolution is done through the WINS service.
The WINS service must be installed and active on the server, and pointing in the tcp/ip network settings of all workstations to the server ip. If DHCP was used, the stations could receive the configuration automatically.

This way everyone can resolve each other's names, without depending on the broadcast (netbios).
eter P 1 Reputation point

2022-11-22T16:38:10.857+00:00

Understand。
I installed DHCP service on AD and configured it，It has been used for many years without any problems. This problem suddenly occurred last month. I have tried various methods，But it didn't work。Recall that on the night when it happened, I operated the group policy on AD: (deleted the policy of locking the account for three failed login attempts)。In the second week, they reported that they could not use IP

And I found that the freenas and truenas I am using are not affected, and they can still use IP to access normally。It seems that only Windows is affected, and the file sharing server I use cannot use IP to access shared files, only through hostname.
Gabriel Dispemec 431 Reputation points

2022-11-22T16:48:00.973+00:00

You saw how Windows settings are in: "Advanced sharing settings"
Leave everything open for testing, and if you have any antivirus enabled, disable it for testing
eter P 1 Reputation point

2022-11-22T17:12:59.02+00:00

Yes，i have kept all advance sharing settings allowed and closed firewall、windows defender
eter P 1 Reputation point

2022-11-28T06:03:48.44+00:00

Thank you for the solution
I tried your method, but failed.
I compared the method of another gentleman and found that it might be the problem of group strategy, because I modified it
Thank you for your reply

Share via

Cannot use \\+ip to connect share folders，but \\+hostname is ok

2 answers

Your answer