Out of the box Windows is not allowing access to a file system share exept using the server name. Example \\Server\share or \\server.domain.com\share
To access a share using a dns alias do the following.
- create a dns alias pointing to the server
- change the following regkeys on the server
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“DisableStrictNameChecking”=dword:00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“SrvAllowedServerNames”=hex(7)
Add all names in fqdn format to this multistring including the server:
example: server.domain.com alias1.dmain.com alias2.dmain.com
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
“OptionalNames”=hex(7):
Add all names in short Netbios format to this multistring without the server name:
example: alias1 alias2
Info: Accessing a share using short names will result in password errors without this parameter.
example: dir \\server\share
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
“BackConnectionHostNames”=hex(7)
Add all names in fqdn format to this multistring including the server:
example: server.domain.com alias1.dmain.com alias2.dmain.com
- Restart the server (optional on a non productive server restart the service lanmanserver)
Switch to the failover or new system
- apply all the settings above on your failover server
- Lower DNS TTL settings of all DNS entries used as alias so a DNS change happens faster.
- Change all dns aliases to your new server
- Remove alias SPN on your old Server object in ADDS.
- Add SPNs on your failover server object in ADDS
- remove the settings above from your old server.