November 28, 2010

Problems accessing a shared folder using UNC path with alias name (Part 2)

This is a follow up to my earlier post on issues accessing a server share with UNC path using alias.

Windows XP SP2 and Windows 2003 SP1 introduced a new Loopback check security feature that is meant to prevent reflection attacks on a computer. What this means is that if an authentication is made to the computer with credentials used does not match the server's hostname.

While the intention is good, it also resulted in share access using alias failing with "Access denied" or "No network provider accepted the given network path" errors. I had a few separate occasions where application teams or DBA team giving feedback on such errors.

The end result was we disabled this feature by registry settings, even though it is not as secure as adding each alias that references the server, as doing this across all the servers in our domain poses a big administrative challenge.

This issue is further discussed by Microsoft here.




Symptoms
  • Accessing a server share using \\alias\share will result in error
    "Access denied"
    OR
    "No network provider accepted the given network path"
  • Accessing the same share using \\servername\share works fine

To resolve
  1. regedit -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  2. Add new REG_DWORD key
    • Name : DisableLoopbackCheck
    • Value : 1
  3. Restart the server



No comments:

Post a Comment