Access Shares via DNS CNAME

The Scenario

I had a Windows 2012 R2 file server that has a DNS alias, I need to be able to access the shares using the CNAME as well as the A record.

The Problem

When I tried to access the share using the CNAME I got the following error: The target account name is incorrect. 

The Solution

Once the DNS alias/CNAME is created you then have to add an SPN (Service Principal Name) alias on the server, matching the DNS alias.

List the current SPN: setspn -L <the_server_hostname> (you’ll see amongst the lines the A record hostname in the format:

HOST/HOSTNAME ComputerName
HOST/HOSTNAME_FQDN ComputerName

i.e if your server is called server-file1.domainA.test you will see:

HOST/ server-file1
HOST/server-file1.domainA.test

Create a new SPN alias:

setspn -A HOST/CNAME ComputerName
setspn -A HOST/CNAME_FQDN ComputerName

i.e. if your CNAME is file1.domainA.test

setspn -A HOST/file1
setspn -A HOST/file1.domainA.test

NOTE: The SPNs are stored in your Active Directory. If you have multiple domain controllers, especially if in different sites with slow replication you need to ensure all Domain Controllers have successfully replicated otherwise you may still see the error.

 

The Other Solution (workaround)

Instead of creating SPN aliases, use this workaround instead:

  1. Open Regedit on the file server and open:
    Hive: HKEY_LOCAL_MACHINE
    Key: System\CurrentControlSet\Services\LanmanServer\ Parameters
  2. Add the following string-value under the Parameters key:
    Value Name: OptionalNames
    Data Type: REG_SZ (string value)
    Value: <CNAME of file server>
  3. Restart the Server service

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Advertisements