I agree with Guido. This can however also be done with (W2K3) netdom W2K3 NETDOM also registers all kinds of SPNs with the new name
NETDOM COMPUTERNAME <currentname- NetBIOS or DNS> /add:<additional FQDN name> Netdom does three things here: * Populate the OptionalNames regvalue which registers the additional name in WINS * Populate the AlternateComputerNames regvalue which registers the additional name in DNS as an A record * Creates new servicePrincipalNames using the new FQDN name (see with LDP) So, see to it that each name has an SPN registered (can also be done with NETDOM using the options VERIFY and enumerate Also make sure the new names are registered in DNS and WINS DNS: net stop netlogon & net start netlogon & ipconfig /registerdns WINS: nbtstat -RR OR reboot the box Jorge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Saturday, April 09, 2005 00:14 To: [email protected] Subject: RE: [spam] Re: [ActiveDir] alias not working Instead of using the "DisableStrictNameChecking" key as explained in the KB (which allows a machine to be contacted by _any_ name), I'd use the following keys to configure the FileServer to listen to specific Alias names: OptionalNames (Multi-SZ) in HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters and AlternateComputerNames value (Multi-SZ) in HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe Sent: Freitag, 8. April 2005 23:21 To: [email protected] Subject: RE: [spam] Re: [ActiveDir] alias not working Not sure if you've seen/referenced this? http://support.microsoft.com/default.aspx?scid=kb;en-us;281308 I used it on one of my servers here a while ago and seems OK. -DaveC Reuters CIO Infrastructure -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 08, 2005 5:10 PM To: [email protected] Cc: [email protected]; [EMAIL PROTECTED] Subject: [spam] Re: [ActiveDir] alias not working Hi Jeff This is because when I access a server it verifies that the server that I am requesting matches the netbios name on the server itself. Aliases, A records and WINS / LMHosts will not fix this in any configuration we have tried. The access denied is server name does not match. Regards; James R. Day Active Directory Core Team Office of the Chief Information Officer National Park Service (202) 354-1464 (direct) (202) 371-1549 (fax) [EMAIL PROTECTED] |---------+----------------------------------> | | "Cothern Jeff D. Team | | | EITC" | | | <[EMAIL PROTECTED]> | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 04/08/2005 04:33 PM AST| | | Please respond to | | | ActiveDir | |---------+----------------------------------> >----------------------------------------------------------------------- -------------------------------------------------------| | | | To: <[email protected]> | | cc: (bcc: James Day/Contractor/NPS) | | Subject: [ActiveDir] alias not working | >----------------------------------------------------------------------- -------------------------------------------------------| Ok for some reason 2003 and xp machines that are locked down with policies are not working with an alias that was created within DNS for a server. To shortin the length of a server name for share purposes we created an alias. IE. Fileserver1 alias FS1. If you go onto the machine and type in \\fs1 you get an access denied message. If you type \\Fileserver1 it takes you right into the server. Anyone have a clue on which policies may be affecting this. Jeff List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ----------------------------------------------------------------- Visit our Internet site at http://www.reuters.com To find out more about Reuters Products and Services visit http://www.reuters.com/productinfo Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
