Probably not applicable to this subject but I had a problem with SP1 when it added in Data Execution Prevention.

 

A new tab labeled Data Execution Prevention is present under System Properties – Advanced – Performance Settings that tells the O/S not to run certain potentially harmful programs and scripts. I have to support a java-based application and it was driving us nuts until we adjusted DEP for Windows apps only.

 

Keep another SP1 item to keep an eye on......

 

-----Original Message-----
From: Guy Teverovsky [mailto:[EMAIL PROTECTED]
Sent: Friday, June 30, 2006 11:46 AM
To: [email protected]
Subject: RE: [ActiveDir] Windows 2003 sp1 DNS problem

 

 

I have been bitten by it with databases, but my understanding is that it is relevant to any authentication attempt that tries to access a resource that does not have a registered SPN.

http://support.microsoft.com/?id=887993

Now that I think about it, the right way would probably be to make sure the required SPN is registered for the server in question. The KB above can help determining whether it is an SPN issue. If it is, after registering the SPN, the DisableLoopbackCheck reg value can be set back to 0 or deleted.

 

Guy

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Abouelnasr, Jerry
Sent: Friday, June 30, 2006 11:54 AM
To: [email protected]
Subject: RE: [ActiveDir] Windows 2003 sp1 DNS problem

 

Is it your experience that this applies to UNC file paths as well?

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Teverovsky
Sent: Friday, June 30, 2006 9:57 AM
To: [email protected]
Subject: RE: [ActiveDir] Windows 2003 sp1 DNS problem

 

Another thing that is worth mentioning is the loopback check that has been enforced since W2K3 SP1.

Try disabling the loopback check or specifying additional FQDNs using one of the methods in the following KB:

http://support.microsoft.com/?kbid=896861

 

Guy


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, June 30, 2006 8:14 AM
To: [email protected]
Cc: [email protected]; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Windows 2003 sp1 DNS problem

 


Thanks a lot, It did not work. I used additional names, disabled strict name checking.... But it is still the same.
I am almost aware it´s a         SP1 security function. But there must be a way to disable that.....
I´m still waiting new tips...


Adrião.....

 





       

"Grillenmeier, Guido" <[EMAIL PROTECTED]>
Enviado Por: [EMAIL PROTECTED]

29/06/2006 20:40

Favor responder a
[email protected]

Para

<[email protected]>

cc

 

Assunto

RE: [ActiveDir] Windows 2003 sp1 DNS problem

 

 

 




I wasn't aware that this was a change in SP1, but it sounds as if StrictNameChecking is enabled on your server after you've added SP1
(http://support.microsoft.com/default.aspx?scid=kb;en-us;281308)
 
You ca disable it in general by configuring the DisableStrictNameChecking reg-key as the KB above explains.  However, this would allow to access the server via _any_ name.   I typically suggest to use the reg-keys to limit additional names to those you really want:
 
DNS:
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\AlternateComputerNames (Multi-SZ)
NetBios:
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Parameters\OptionalNames (Multi-SZ)
 
This can also be done via the Win2003 version of NETDOM:
NETDOM COMPUTERNAME <current NetBIOS or DNS name> /add:<additional FQDN name>
 
/Guido


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent:
Donnerstag, 29. Juni 2006 21:38
To:
[email protected]
Cc:
[EMAIL PROTECTED]
Subject:
[ActiveDir] Windows 2003 sp1 DNS problem



Hallow all.


       I need help in a problem I have after installing Service Pack 1


       This is the case:


       I have a windows 2003 Server (I Will call it SERVER01), without service pack 1

       I created a dns name like this


       aplicacao.mycompany.com


       Before installing SP1, when I called locally


       \\aplicacao.mycompany.com



       It opened shared folders perfectly


       Now , after SP1, if I call \\aplicacao.mycompany.com   It asks for a user and password. I don´t know witch password or user is that...


       If I call   \\SERVER01.mycompany.com, it works.....


       What was changed after installing SP1?


       how can I correct that?


Adrião

Reply via email to