Server Fault Asked by lordadmira on February 9, 2021
I am trying to use the hosts/lmhosts files to create various aliases on my new Windows 2019 Server. It is on a corporate Active Directory Domain. "Use LMHOSTS" is checked in the TCP/IP properties.
In scenario 1 I want to create some aliases for the same machine. I placed the following lines in C:WindowsSystem32driversetclmhosts
:
# loopback alias
127.0.0.1 myname1
# real IP alias
10.1.2.3 myname2
And correspondingly in C:WindowsSystem32driversetchosts
:
127.0.0.1 myname1
10.1.2.3 myname2
I then restarted the server
and lmhosts
services and tried to access them with net use \myname1/2
and Windows Explorer. They both cause a prompt for logon credentials which repeatedly rejects me. Those names do not exist anywhere else because I get "the network path was not found" when I try them with hosts
and lmhosts
blank. I can ping the names and it shows the right IP.
In scenario 2 I am trying to create a hosts
/lmhosts
alias to another server.
10.11.12.13 alias1
I restarted as before and net use
gives me "System error 53 has occurred. You were not connected because a duplicate name exists on the network." Of course alias1 does not exist anywhere. I did not have any other connections to the real server. I verified that with net use
and netstat
.
In scenario 3 I am trying to create a hosts
/lmhosts
override of another server.
10.1.2.3 otherserver
I restarted as before and this time net use
gives me "System error 64 has occurred. The specified network name is no longer available." When I ping otherserver is uses the correct IP address for the local machine that I specified.
So my big question is this. Either what am I doing wrong or what did Microsoft do to LMHOSTS to break it in 2019?? I have tried ipconfig /flushdns
and nbtstat -R
. I tried the #PRE
lmhosts directive. Nothing worked.
One other thing, I have SMB auditing turned on and in the SMBServer/Security event log, there are corresponding SMB Session Authentication Failure entries. The client address is the local machine. There is one salient line: "SPN: session setup failed before the SPN could be queried".
I’m willing to try other means of creating machine aliases. But the main task is to mask another server so that its UNC paths will be resolved locally.
Thanks.
As said in another answer, Windows will complain if you try to call a server with a different name than its own; netdom
can fix that.
But in a domain environment, there's also Kerberos to consider. In order for authentication to be successful, the server will need to have a Service Principal Name matching the name you are calling it as.
So you will also need to register an additional SPN for the server:
setspn -S CIFS/Alias Servername
(Where "Alias" is the new name and "Servername" is the actual host name of the server)
Answered by Massimo on February 9, 2021
Either what am I doing wrong
Most likely it is not the name resolution to blame here (which is done in your hosts), but the fileserver name itself. Windows servers do listen for requests to their name.
You can add aliases to your server with netdom
:
c:> netdom computername <computername> /add:<aliasname.fqdn.local>
You will not need to patch your hosts/lmhosts if netdom
is used correctly.
Answered by bjoster on February 9, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP