For a long time now we have used DNS CNAME for our servers. CNAME stands for canonical name. It is an alias for another host name. In our case we have two servers. Their names have been changed to protect the innocent. Lets say they are called iserver1, and iserver2. We constantly replicate all of our data from iserver1 to iserver2.
We have created a CNAME and call it fileserver. This CNAME points right now to iserver1. All the users on our network share to \\fileserver\sharename. Now if something bad were to happen to iserver1 we could change the CNAME to iserver2 and within minutes we would be back and running again. This is what you would call a poor mans backup system – call it what you want, but it has saved us a tremendous amount of time on two different occasions.
Both of our servers have been humming along fine for a while now – and we decide it is finally time to upgrade 2003 to SP1. After the upgrade we could not share to \\fileserver. Now if we try to connect to the actual server name it works fine.
We suspected right away that SP1 must have some type of security enhancement that has disabled our CNAME trick. After a few hours of searching we finally found the registry key in question:
HKEY_LOCAL_MACHINE
SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
If we create a DWORD value under this key named:
DisableStrictNameChecking
And set it to ‘1’ – our CNAME works again!
Now we thought we might be making something insecure by doing this, but Microsoft KB article 281308 seems to indicate that this is a bug.
For those of you who do not want to dive into the registry, we have written a simple app that will change this setting for you. Find it in on our downloads page
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools