I had a Windows 2012 R2 file server that has a DNS alias, I need to be able to access the shares using the CNAME as well as the A record.
When I tried to access the share using the CNAME I got the following error: The target account name is incorrect.
Once the DNS alias/CNAME is created you then have to add an SPN (Service Principal Name) alias on the server, matching the DNS alias.
List the current SPN: setspn -L <the_server_hostname> (you’ll see amongst the lines the A record hostname in the format:
i.e if your server is called server-file1.domainA.test you will see:
Create a new SPN alias:
setspn -A HOST/CNAME ComputerName
setspn -A HOST/CNAME_FQDN ComputerName
i.e. if your CNAME is file1.domainA.test
setspn -A HOST/file1
setspn -A HOST/file1.domainA.test
NOTE: The SPNs are stored in your Active Directory. If you have multiple domain controllers, especially if in different sites with slow replication you need to ensure all Domain Controllers have successfully replicated otherwise you may still see the error.
The Other Solution (workaround)
Instead of creating SPN aliases, use this workaround instead:
- Open Regedit on the file server and open:
Key: System\CurrentControlSet\Services\LanmanServer\ Parameters
- Add the following string-value under the Parameters key:
Value Name: OptionalNames
Data Type: REG_SZ (string value)
Value: <CNAME of file server>
- Restart the Server service
Disclaimer: provided “AS IS” with no warranties and confer no rights