November 28, 2010

Problems accessing a shared folder using UNC path with alias name (Part 1)

This is a 2 part problem in that it was originally resolved by Microsoft but reintroduced again as a security feature.

Previously I encountered some issues where users are unable to connect to a Windows 2003 server share using \\alias\share. The errors were "A duplicate name exists on the network". However the normal \\servername\share works fine. After some digging, it was actually because the server was not listening to the alias name and hence not accepting any connections to that name, even though the alias points to itself. The issue is resolved with some registry edits specified below.

This issue only occurs in servers using SMB 1.0 protocol (2000/XP/2003). SMB 2.0 protocol has been rolled out on Vista/2008/7 and hence the registry edits are not required.

Microsoft describes this in KB281308.

  • Accessing a server share using \\alias\share will result in error
    "A duplicate name exists on the network"
  • Accessing the same share using \\servername\share works fine

To resolve
  1. regedit -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
  2. Add a new REG_DWORD key
    • Name : DisableStrictNameChecking
    • Radix : Decimal
    • Value : 1
  3. You may also have to set the SPN (Service Principal Name) for the alias. This requires Domain Admin level privilege (took me sometime to figure this out!)
    • setspn -a host/aliasname targetserver
    • setspn -a host/ targetserver

However, Microsoft reintroduced this as a security feature in SP1. Hence, look at my second post on this if you still encounter similar issues.

No comments:

Post a Comment