DNS with HOST and ALIAS / open UNC path... 2

[DutchDude]

hi there,

situation, a server with an extra ALIAS in DNS. I can ping both names. if I try to access a share via UNC path I can only access the original HOST name, the ALIAS name will fail with the network name cannot be found. is this by design or an error on my part?

regards,

Ronald.

 

[ShackDaddy]

What operating systems are involved?

Chances are that the real A-record also matches what the destination host knows its NetBIOS name to be, which makes it easy to use UNC paths to get there. Your CNAME record doesn't match any known name on the actual host (nothing on that name stored on the target hosts' network settings), so that affects NetBIOS operations.

PING is a straight IP operation. UNC paths rely on the SMB subsystems which often employ NetBIOS.

Now the behavior also depends on which operating systems you are working with (if destination server is NT, this will always happen, no good way to fix it) and how NetBIOS has been set (on 2000/XP).

ShackDaddy

 

[DutchDude]

ShackDaddy,

this is on a W2K mixed domain, all of the servers/workstations I tried are w2k. on the server with that alias NETBIOS over TCP/IP is ENabled.

if I try to access a share via the run box, and type in the UNC path is responds with a duplicate name exist on the network.

if I use the run box and I use the original name of the server my shares are being listed as I type, but when I use the alias it does not do this. is this by design?

 

[ShackDaddy]

Yes, that's by design. Not great design, but basically only what a system considers its NetBIOS name is eligible for shares being autobrowsed. The NetBIOS system doesn't have a 100% tie-in to DNS, since it would be too burdensome and wouldn't work with different DNS technologies like round-robin, etc.

The functionality you have is due to the NETBIOS stuff being enabled. I think you would see less if it was turned off, normally you wouldn't be able to use UNC paths at all.

ShackDaddy

 

[chipk]

You need to perform the registry hack found here on the server you are attempting to alias:

http://support.microsoft.com/kb/281308/en-us

I just had this exact problem today and the above fixed it.

 

[ShackDaddy]

Thanks, chipk, I hadn't even known there was a workaround for that "feature".

ShackDaddy

 

[DutchDude]

thanks for your help guys, much appreciated!

 

[chipk]

Yeah, I was freakin out because I have a production application that relies on these aliases working. I typically use the "HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\OptionalNames" value to specify aliases, but tried the CNAME method this time.

It really isn't clear to me either what strict name checking accomplishes for you.

 

[ShackDaddy]

I think it's a security feature so that you can provide IP services like web to one alias without letting people who "know" that host's name actually connect to it for SMB purposes. That way you can provide services with an alias and still keep your sensitive service (smb, remote registry, etc) locked behind a name you haven't given away.

But there's less need for it now that firewalls have properly come into their own. Everyone knows of a corporate network in the mid 90's that used real IPs and didn't have a firewall....

ShackDaddy