3

we have shares on a server that should open without asking for credentials (current user has permissions there). The server has several other records in another dns zone leading to it's ip. We can open the share from other servers in the domain by all three possible methods - servername, FQDN, IP. So using \\servername\mall or by FQDN \\application.company.se\mall or by \\ipaddress\mall the share opens without asking for creds. But when you are on the server itself via RDP and try to open this share using FQDN \\application.company.se\mall then it asks for credentials and no creds work instead of opening it right away! I can open it via \\servername\share or \\ipaddress\share when on the server, but only FQDN somehow does not work. Both server name and custom dns name are in DNS pointing to the same address and I can ping and resolve everything. I tested on another server which has another dns entry (besides it's computername.domain) and it behaves the same. I also tried it in some other completely different environment and it's the same.

So is it just normal behaviour, that you if you create a dns A record pointing to your server, you cannot access it's shares while logged on it via RDP using this DNS hostname you created? enter image description here

This server is not a DNS server

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Vitas
  • 157
  • 1
  • 8
  • 24
  • what are the ip settings for this server (advanced TCP/IP settings, DNS dialog) and is this server a DNS server or not? Please [edit] your question to reflect this additional info. – Fabby Apr 23 '18 at 10:42
  • 1
    Possible duplicate see https://serverfault.com/questions/908527/windows-file-share-through-fqdn – Clayton Apr 24 '18 at 13:50
  • 1
    Please don't add your solution to the question and add "solved". Instead, post your solution as an answer and accept it. And please post more than just a link, if the link dies your answer becomes useless. – Gerald Schneider Apr 27 '18 at 13:30

2 Answers2

1

Check you can ping the FQDN.

You’re using another dns server and not say google dns. If you can ping it, you can do it.

If ping works, check firewall. If you’re running against the FQDN even tho you’re on the same server without a host entry then you’re no longer using the private profile in firewall and need to disable or add an exception for the public profile.

Timothy Frew
  • 582
  • 3
  • 7
  • I said I can ping everything from everywhere. The only thing that is not working is opening a share using FQDN like \\application.company.se while I am on the same server via RDP. It asks for credentials but no credentials work. – Vitas Apr 27 '18 at 10:26
  • Indeed but you’ve not said explicitly that you can ping the FQDN from the server you’re on. Have you tried the firewall part of my answer – Timothy Frew Apr 27 '18 at 10:30
  • Firewall is off for app profiles. When I am on that server I can ping it's computername and all three DNS records it has all pointing to it's ip. We are going to try that DisableStrictNameChecking from the possible duplicate question in the second comment here. But will it require reboot to apply? – Vitas Apr 27 '18 at 10:36
  • I’m not too sure but if in doubt reboot :) – Timothy Frew Apr 27 '18 at 10:37
0

Found a solution on Technet

  • In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
  • Create new Multi-String Value. BackConnectionHostNames In the Value data box, type the host name or the host names for the sites that are on the local computer.

I put there two hostnames from DNS which the customer wants to use and then it immediately started to work.

I did not need to use that DisableStrictNameChecking value as they mention in linked article.

Vitas
  • 157
  • 1
  • 8
  • 24