Error accessing file shares using alias (CNAME)

So, we recently migrated a file server from old server to a new one running on Windows server 2012 R2. We updated the old server’s DNS name to point to the new server. That was when all hell broke loose.

Issue: Users are unable to access file shares using server alias or CNAME record. They encountered the following error message:

Resolution

The below mentioned steps are for server side. Please make sure we restart the server after making the following changes.

  1. DisableStrictNameChecking
    1. Open the registry editor (rededit) and navigate to:
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
    2. Create a new DWORD value: DisableStrictNameChecking
    3. Set the value data to: 1
  2. DisableLoopbackCheck
      1. Open the registry editor (rededit) and navigate to:
        • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
      2. Create a new DWORD value: DisableLoopbackCheck
      3. Set the value data to: 1
  3. BackConnectionHostNames
    1. Open the registry editor (regedit) and navigate to:
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
    2. Create a new Multi-String value: BackConnectionHostNames
    3. Set the value data to: CNAME or DNS alias of the server name.
  4. State Computer Objects
    1. Ensure there is no computer object in AD with the same name as the DNS alias or CNAME record.
  5. SPN
    1. One of the Microsoft articles also suggests checking SPN, however, I haven’t come across this yet.
    2. Make sure Service Principle Name or SPN is registered for the hosted service using the DNS alias or CNAME.
    3. To register the SPN for the DNS alias (CNAME) records, use the Setspn tool with the following syntax:
      1. setspn -A HOST/CNAME ComputerName
      2. setspn -A HOST/CNAME_FQDN ComputerName