ITS LANNOS
LNGS Home
U-M Windows Home
U-M Forest
Security
ITCS Services
Central Accounts
Windows Update Service
Exchange
How To
FAQ
Development
Help
Internal
change UMROOT password

Last Updated: October 22, 2009

Using DNS CNAMEs for your file server

When file servers are joined to the UMROOT domain, they are automatically registered in DNS with a DNS A record of .adsroot.itcs.umich.edu. There are cases where you may want to register an alternate CNAME to using your units DNS space ..umich.edu. Reasons for this may be so your users can access the server with a simpler DNS name or in the future when the adsroot.itcs.umich.edu DNS namespece is not available from off campus. If you register a CNAME for your Windows 2003 server and then try to connect to a file share using that name, you will receive the following error:

You were not connected because a duplicate name exists on the network....

This problem occurs because Windows Server 2003 SP1 includes two new security features named loopback check functionality and strict name checking. To resolve this problem, change the two registry settings below and restart the server:

Set the DisableStrictNameChecking registry entry to 1.

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and click the following key in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  3. On the Edit menu, click Add Value, and then add the following registry value:
    Value name: DisableStrictNameChecking
    Data type: REG_DWORD
    Radix: Decimal
    Value: 1
  4. Quit Registry Editor.

Create the Local Security Authority host names that can be referenced in an NTLM authentication request

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  3. Right-click MSV1_0, point to New, and then click Multi-String Value.
  4. In the Name column, type BackConnectionHostNames, and then press ENTER.
  5. Right-click BackConnectionHostNames, and then click Modify.
  6. In the Value data box, type the CNAME or the DNS alias, that is used for the local shares on the computer, and then click OK.
    Note Type each host name on a separate line.
    Note: If the BackConnectionHostNames registry entry exists as a REG_DWORD type, you have to delete the BackConnectionHostNames registry entry.

Restart the Server.

References

Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
http://support.microsoft.com/kb/281308/

Error message when you try to access a server locally by using its FQDN or its CNAME alias after you install Windows Server 2003 Service Pack 1: "Access denied" or "No network provider accepted the given network path"
http://support.microsoft.com/kb/926642/en-us