Network share connections using logical DNS name

      Comments Off on Network share connections using logical DNS name

Situation:
You have an application server, but its network name is like abcx0143.domain.intra, which is just too hard to remember for your users.
You have created a DNS alias like shares.domain.intra, but when you try to open the shared folders through that alias, it won’t work.. 🙁

BUT! There is a solution!

By default, in Windows 2003 and later, Strict Name Checking is enabled for local loopback connections. That means, that Windows checks if it is being addressed by the its own Network Name.
Two hacks are needed to disable this behaviour. The first is to allow these connections anyway:

reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters /v DisableStrictNameChecking /t REG_DWORD /d 1

The second one is necessary to allow connections from that same machine using the DNS alias (instead of the local loopback IP address 127.0.0.1 *only*):

reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA /v DisableLoopbackCheck /t REG_DWORD /d 1

Note: As of Windows 2008, this does not work for cluster aliases, so you’d need to define the network name in the W2008 Cluster Administrator.


To reverse these changes, these are the commands:

reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters /v DisableStrictNameChecking /t REG_DWORD /d 0
reg add HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA /v DisableLoopbackCheck /t REG_DWORD /d 0