Share via

Accessing file server through different name

Henry Kay 1 Reputation point
2021-11-25T02:34:31.577+00:00

Dear All,

Currently i am accessing my file server through server name and are SSO through kerberos. Recently, i have onboarded a GSLB solution which are supposed to failover between my DC and DR. however i get an error when i perform the failover.

upon troubleshooting, i notice that it is due to the kerberos authentication expecting the name of the server when i was access, however the server was another one when i configure it in the GSLB.

server 1: servername1

server 2: servername2

the name that was configured on the GSLB: servername1

so when i access to servername1/folder, in peace time where i am accessing to the DC, no issue with accessing, because the kerberos authentication is expecting servername1.

the issue came when i performed a failover to DR, now when i access to servername1 (the GSLB Name), kerberos authentication fails as it was expecting servername2 now that i have failed over to DR.

i have a question on this, if i am able to workaround this by introducing an additional SPN into servername2, and have it recognized servername1 as an additional server name of the file server access.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,635 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,406 Reputation points
    2021-11-25T09:26:18.907+00:00

    Hi @Henry Kay

    The issue is a result of Strict Name Checking, have a read of the following article about how to disable StrictNameChecking.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-cname-alias-cannot-access-smb-file-server-share

    Gary.

    0 comments
  2. Henry Kay 1 Reputation point
    2021-11-25T09:32:36.897+00:00

    @Gary Reynolds
    thank you so much for the link.
    it seems that instead of adding additional SPN, it could be an easier fix to disable the strict name checking, so the client can access it with multiple names.

    i will go with this and see if it fix the issue. appreciate the link to the solution :D

    0 comments
  3. Limitless Technology 39,511 Reputation points
    2021-11-26T08:29:57.467+00:00

    Hi there,

    If you wish you access your file server by an alternate name try tuning up this registry and see if that helps.

    -In Registry Editor, locate and then click the following registry key:
    -HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaMSV1_0. ...
    -Right-click MSV1_0, point to New, and then click Multi-String Value.
    -Type BackConnectionHostNames, and then press ENTER.

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments