Kerbros failng when using FQDN

While using FQDN kerbros fails to authenicate a user when opening c$ share on a Windows 7 Machine.  The machines in question are members of domain yyy.zzz the machines authenicate when the machine_name.yyy.zzz is called.  But does not when the FQDN is changes to machine_name.FFF.TTT.yyy.zzz.  DNS has both entires in there tables.  We have it this way for software development and when we deploy the machines to another environment.  The error we are receiving is KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN.  The Domain is running in Windows 2008 mod of operations.
Who is Participating?
ToxaconConnect With a Mentor Commented:
Windows Kerberos is bound to the domain name yyy.zzz, not to the DNS name of the computer. DNS is only for name resolution, not for authentication. Kerberos is for authentication and it authenticates only on the specified realm which is the domain DNS name (yyy.zzz). For Kerberos, fff.ttt.yyy.zzz is a "foreigner" and it has no idea on realm list where that realm could be, so the Principal is unknown.
copenjsAuthor Commented:
Thanks for the clarificaiton. Do you know if there is a way to associate the canonical name with the active directory name so that the canonical name will authenticate?
Umm, I'm not sure if I understood the question correctly as the canonicalName in AD will always reflect the actual name in the object, in this case, the computer name.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.