Hi @Henry Kay
The issue is a result of Strict Name Checking, have a read of the following article about how to disable StrictNameChecking.
Gary.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Dear All,
Currently i am accessing my file server through server name and are SSO through kerberos. Recently, i have onboarded a GSLB solution which are supposed to failover between my DC and DR. however i get an error when i perform the failover.
upon troubleshooting, i notice that it is due to the kerberos authentication expecting the name of the server when i was access, however the server was another one when i configure it in the GSLB.
server 1: servername1
server 2: servername2
the name that was configured on the GSLB: servername1
so when i access to servername1/folder, in peace time where i am accessing to the DC, no issue with accessing, because the kerberos authentication is expecting servername1.
the issue came when i performed a failover to DR, now when i access to servername1 (the GSLB Name), kerberos authentication fails as it was expecting servername2 now that i have failed over to DR.
i have a question on this, if i am able to workaround this by introducing an additional SPN into servername2, and have it recognized servername1 as an additional server name of the file server access.
Hi @Henry Kay
The issue is a result of Strict Name Checking, have a read of the following article about how to disable StrictNameChecking.
Gary.
@Gary Reynolds
thank you so much for the link.
it seems that instead of adding additional SPN, it could be an easier fix to disable the strict name checking, so the client can access it with multiple names.
i will go with this and see if it fix the issue. appreciate the link to the solution :D
Hi there,
If you wish you access your file server by an alternate name try tuning up this registry and see if that helps.
-In Registry Editor, locate and then click the following registry key:
-HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0. ...
-Right-click MSV1_0, point to New, and then click Multi-String Value.
-Type BackConnectionHostNames, and then press ENTER.
--If the reply is helpful, please Upvote and Accept it as an answer--