Ah - you are right. I was thinking of Loopback Checking: http://support.microsoft.com/kb/926642 rather than Strict Name Checking: http://support.microsoft.com/kb/281308
Cheers Ken -----Original Message----- From: Sean Martin [mailto:[email protected]] Sent: Friday, 30 September 2011 3:52 PM To: NT System Admin Issues Subject: Re: fake-out NetBIOS I'm pretty sure its required to access a 2003 server using an alias. - Sean On Sep 29, 2011, at 9:39 PM, Ken Schaefer <[email protected]> wrote: > Strict Name Checking is for reflection attacks - you need to disable it when > a server connects to itself using something other than its own name. > > I'm pretty sure it's not necessary when an external party/machine > connects using a CNAME or some other alias > > Cheers > Ken > > -----Original Message----- > From: Steve Kradel [mailto:[email protected]] > Sent: Friday, 30 September 2011 12:48 PM > To: NT System Admin Issues > Subject: Re: fake-out NetBIOS > > Are y'all positive that disabling strict name checking is necessary in > conjunction with a CNAME? Most apps will get the canonical name > (de-alias) when looking for SPNs, etc. > > --Steve > > On Thu, Sep 29, 2011 at 2:44 PM, Sean Martin <[email protected]> wrote: >> We disable it on all of our SQL servers so our DBAs can leverage DNS >> aliases for DBs. Makes it easy to move DBs between SQL servers. >> >> - Sean >> >> On Thu, Sep 29, 2011 at 5:15 AM, David Lum <[email protected]> wrote: >>> >>> That's perfect, thanks! I have never run into this before nor even >>> heard of "disable strict name checking", so this is good new stuff. >>> >>> >>> >>> Reason number 703,510 to love this list. >>> >>> >>> >>> How did you know about that anyhow? >>> >>> >>> >>> Dave >>> >>> >>> >>> From: Glen Johnson [mailto:[email protected]] >>> Sent: Thursday, September 29, 2011 6:12 AM >>> >>> To: NT System Admin Issues >>> Subject: RE: fake-out NetBIOS >>> >>> >>> >>> Google disable strict name checking and you will find what you seek. >>> >>> >>> >>> From: David Lum [mailto:[email protected]] >>> >>> Sent: Thursday, September 29, 2011 9:09 AM >>> To: NT System Admin Issues >>> Subject: fake-out NetBIOS >>> >>> >>> >>> How do I go about having a Windows client (XP, or 7) connect to a >>> UNC that's different from the actual hostname w/out using a FQDN? I >>> have a server named BOB but I want users to be able to attach using \\FRED. > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
