To facilitate failover schemes, a common technique is to use DNS CNAME records (DNS Aliases) for différent machine roles. Then à la place of changing le Windows computername of le actual machine name, one can switch a DNS record to point to a nouveau host.
Cela peut work on Microsoft Windows machines, mais to make it work avec file sharing le suivant configuration steps need to be taken.
Outline
The Problem
The Solution
Allowing autre machines to use filesharing via le DNS Alias (DisableStrictNameChecking)
Allowing server machine to use filesharing avec itself via le DNS Alias (BackConnectionHostNames)
Providing browse capabilities for multiple NetBIOS names (OptionalNames)
Register le Kerberos service principal names (SPNs) for autre Windows functions like Printing (setspn)
References
1. The Problem
On Windows machines, file sharing can work via le computer name, avec ou sans full qualification, ou by le IP Address. Par défaut, cependant, filesharing will pas work avec arbitrary DNS aliases. To enable filesharing et autre Windows services to work avec DNS aliases, you must make registry changes as detailed ci-dessous et reboot le machine.
2. The Solution
Allowing autre machines to use filesharing via le DNS Alias (DisableStrictNameChecking)
This change alone will allow autre machines on le network to connect to le machine using tout arbitrary hostname. (However this change will pas allow a machine to connect to itself via a hostname, see BackConnectionHostNames below).
-
Edit le registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters et ajoutez un value DisableStrictNameChecking of type DWORD set to 1.
-
Edit le registry key (on 2008 R2) HKLM\SYSTEM\CurrentControlSet\Control\Print et ajoutez un value DnsOnWire of type DWORD set to 1
Allowing server machine to use filesharing avec itself via le DNS Alias (BackConnectionHostNames)
This change is nécessaire for a DNS alias to work avec filesharing depuis a machine to find itself. This creates le Local Security Authority host names that can be referenced in an NTLM authentication request.
To do this, follow these steps for tous le nodes on le client computer:
To le registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0, add nouveau Multi-String Value BackConnectionHostNames
In le Value data box, type le CNAME ou le DNS alias, that is used for le local shares on le computer, et alors click OK.
Note: Type chaque host name on a separate line.
Providing browse capabilities for multiple NetBIOS names (OptionalNames)
Allows ability to see le network alias in le network browse list.
Edit le registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters et ajoutez un value OptionalNames of type Multi-String
Add in a newline delimited list of names that should be registered under le NetBIOS browse entries
Names should match NetBIOS conventions (i.e. pas FQDN, juste hostname)
Register le Kerberos service principal names (SPNs) for autre Windows functions like Printing (setspn)
NOTE: Should pas need to do this for basic functions to work, documented here for completeness. We had one situation in qui le DNS alias was pas working parce que there was an old SPN record interfering, so si autre steps ne sont pas working check si there are tout stray SPN records.
You must register le Kerberos service principal names (SPNs), le host name, et le fully-qualified domain name (FQDN) for tous le nouveau DNS alias (CNAME) records. If you do pas do this, a Kerberos ticket request for a DNS alias (CNAME) record may fail et return le error code KDC_ERR_S_SPRINCIPAL_UNKNOWN.
To view le Kerberos SPNs for le nouveau DNS alias records, use le Setspn command-line tool (setspn.exe). The Setspn tool is included in Windows Server 2003 Support Tools. Vous pouvez install Windows Server 2003 Support Tools depuis le Support\Tools folder of le Windows Server 2003 startup disk.
How to use le tool to list tous records for a computername:
setspn -L computername
To register le SPN for le DNS alias (CNAME) records, use le Setspn tool avec le suivant syntax:
setspn -A host/your_ALIAS_name computername
setspn -A host/your_ALIAS_name.company.com computername
3. References
All le Microsoft references work via: http://support.microsoft.com/kb/
Connecting to SMB share on a Windows 2000-based computer ou a Windows Server 2003-based computer may pas work avec an alias name
Covers le basics of making file sharing work properly avec DNS alias records depuis autre computers to le server computer.
KB281308
Error message quand you essayez de access a server locally by using its FQDN ou its CNAME alias après you install Windows Server 2003 Service Pack 1: "Access denied" ou "No network provider accepted le given network path"
Covers how to make le DNS alias work avec file sharing depuis le file server itself.
KB926642
How to consolidate print servers by using DNS alias (CNAME) records in Windows Server 2003 et in Windows 2000 Server
Covers more complex scenarios in qui records in Active Directory may need to be updated for certain services to work properly et for browsing for such services to work properly, how to register le Kerberos service principal names (SPNs).
KB870911
Distributed File System update to support consolidation roots in Windows Server 2003
Covers even more complex scenarios avec DFS (discusses OptionalNames).
KB829885
