digital0g1c
asked on
Changed Server name and can no longer UNC to computer name
I changed a server to a new name, and I am able to access the shares via Ip address \\123.123.123.123\shares or from the system via \\localhost\shares but I am unable to access it via its name \\servername\shares. I am able to ping it by name, RDP to it by name, just unable to access the UNC shares by name. I ran into this on a server 2003 box 10 years or so ago and had to update something in the registry, but I can't find where that was. This is a 2008 R2 box. Any idea how I can fix this?
ASKER
On that command, I get the network path was not found twice.
I didn't add a CNAME, just changed the actual name. It does show correctly in DNS and in AD.
I didn't add a CNAME, just changed the actual name. It does show correctly in DNS and in AD.
Sure. You replaced "servername" with the server's name? It should show the names it responds on.
And does it respond to \\server.domain.local if it doesn't to \\server ?
And does it respond to \\server.domain.local if it doesn't to \\server ?
http://technet.microsoft.com/en-us/library/ff660057(v=ws.10).asp
You're thinking of "Disable Strict Name Checking". This is generally used when using an ALIAS to a server, but generally isn't necessary if you've renamed the computer. The IP works because of NTLM authentication, but kerberos is a mutual-authentication scheme. Your [edit] server may be having issues authenticating with domain controllers (getting a kerberos ticket). You can use KLIST to check the tickets and maybe you just need to purge the tickets.
http://blogs.technet.com/b/tspring/archive/2014/06/23/viewing-and-purging-cached-kerberos-tickets.aspx
Rebooting does this normally. You should also be able to view the failed kerberos authentication on the DCs, the server, or the desktop assuming you've enable security logging.
You're thinking of "Disable Strict Name Checking". This is generally used when using an ALIAS to a server, but generally isn't necessary if you've renamed the computer. The IP works because of NTLM authentication, but kerberos is a mutual-authentication scheme. Your [edit] server may be having issues authenticating with domain controllers (getting a kerberos ticket). You can use KLIST to check the tickets and maybe you just need to purge the tickets.
http://blogs.technet.com/b/tspring/archive/2014/06/23/viewing-and-purging-cached-kerberos-tickets.aspx
Rebooting does this normally. You should also be able to view the failed kerberos authentication on the DCs, the server, or the desktop assuming you've enable security logging.
ASKER
So I was in a bit of hurry and rand the command without changing the name... when changing the name I get "Access Denied"
I can try rebooting tonight.
I can try rebooting tonight.
Needs run-as-admin on a command prompt by the sounds of it. As tmassa99 suggests though there should be event log entries by the bucket load on the client, server and/or dc a the time of the connection. I just wanted to see what the server thought it was listening on name wise with that command.
Steve
Steve
ASKER
I did the run as administrator. I first didn't but figured it would need that and did it again. I will check event logs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Bizarre!
ASKER
The answer was the registry key update
Does it work with \\server.yourdomain.local\
You get the 'problem' of having to turn off "Strict Name Checking" still in 2008 R2, i.e. when you add a CNAME to DNS or via hosts table entries etc. That just needs a registry entry "DisableStrictNameChecking
Also what does the output of this command show:
netdom computername servername /enumerate
Steve