Spoofing a Netbios name to a windows client....

I am in the midst of a data center move.  I have been asked by my customer to put together a proof of concept for an application - which uses UNC names to denote destinations for writing its files.

In effect, there is a client PC (lets say its a Windows 2003 server) who, through its application, writes files to \\destination\share

Now, I want to test this proof of concept without affecting the production destination.  So, I want to "spoof" the destination to a 3rd location thats nearby, lets say \\newdest\share.  However, I want to use the original server name {destination}.

I have over-written the HOSTS file on the client, and when I ping "destination" I see the IP address for "newdest".  Wonderful.

The issue comes when I try to connect to \\destination\share in Windows explorer - or if I try a "net use \\destination\ipc$" in the client command line.

In windows explorer, I get a message stating

"\\{destination\share} is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.

You were not connected because a duplicate name exists on the network.  Go to System in Control Panel to change the computer name and try again".

Undaunted, I fire up my trusty mac.  I quickly add a hosts entry for "destination" - and when I use the Mac finder, I can instantly connect to "smb:\\destination\share" and I see the "newdest\share" files !  Wonderful.

So, I think it has something to do with WINS or Netbios.  So, back on my client PC, I change the IP address advanced configuration, remove all WINS addresses, disable "LMHOSTS lookup" and "Disable NetBIOS over TCP/IP" and reboot (hey, why not).  I still get the same issue.

So, I'm trying to map to "\\destination\share" but I really want it to go to "\\newdest\share".

What suggestions does the group have on this conundrum ?
LVL 1
altquarkAsked:
Who is Participating?
 
scuthberConnect With a Mentor Commented:
I take it this is an Active Directory scenario? To be able to connect to shares on a server using another server's name you need to add the name and service principal names to the new destination.

If your HOSTS entry resolves to the NEWDEST but you can't connect you will have to add the host Service Principal Name for DESTINATION to NEWDEST:

setspn -A HOST\DESTINATION NEWDEST

setspn is in the resource kit tools or adminpak.msi

Note, DESTINATION will have to be disconnected from the network when you do this or it won't allow its SPN to be moved to NEWDEST.

You may also have to add the DESTINATION server name to NEWDEST. You can do this by creating the following REG_MULTI_SZ value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\OptionalNames
on NEWDEST. Add the DESTINATION name to this key and restart the server service. Again, DESTINATION needs to be off the network when you do this.

you may need to add BackConnectionHostnames in to newdest's registry, as per http://support.microsoft.com/kb/926642, or you may get "the target account is incorrect".
0
 
tualchrisConnect With a Mentor Commented:
On a per-system basis, I've been able to spoof names resolved using both DNS and WINS.  DNS, as you've already noted, uses HOSTS.  WINS (a.k.a. Netbios) uses LMHOSTS.

If you want traffic sent to OLDSYSTEM to be directed to NEWSYSTEM and NEWSYSTEM's IP address is 192.168.1.200, you'd want something like this added to your LMHOSTS file:

192.168.1.200 OLDSYSTEM      #PRE

When this is saved, from a command line, issue the following command:
nbtstat -R
(use the upper case R)

As you've said with your HOSTS file, you'd want something like this in place:

192.168.1.200 oldsystem

When this is saved, from the command line, issue the following command:
ipconfig /flushdns

I've used this technique when testing a copy of our database during a database move from our web server.  This allowed me to attempt running the web applications and verify things were wroking okay before I contacted our network administrator to make the permanent switch.

Keep in mind that any system you want to spoof name resolution will need to have these modifications.

Hope this helps!
0
 
altquarkAuthor Commented:
We tried this earlier.  We added that exact line to LMHOSTS, ensured that the "Use LMHOSTS file" was checked in WINS, flushed DNS and also NBSTAT-R, and it didn't do nothing....

Now - heres the kicker - NEWSYSTEM is on the same Domain (AD) as the client, but OLDSYSTEM is a on a trusted domain.

HOWEVER, when I also tried doing this with "FAKESYSTEM" ( a system name that doesn't exist at all on the network) - I'm getting the same error (duplicate name on the network) - which is WIERD ?!
0
 
altquarkAuthor Commented:
Closing manually.  Sorry it took a while.
0
 
altquarkAuthor Commented:
We decided to not spoof the IP - so it wasn't possible to accurately test the solutions offered.  I am closing this question and awarding points with the higher points to Scuthber since his was information we didn't know about.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.