Windows share requires authentication only when accessed locally [duplicate]
Solution 1:
This is an old post but I encountered this problem during Covid season while trying to work from home.
I want to redirect SMB server calls for \\SERVERNAME\ (or in the example above PROD_SHARE) to being the local SMB on the computer.
Method
- Add "SERVERNAME" to etc\hosts file with IP Address 127.0.0.1
-
Local Windows Authentication will pop up and give error because the computer does not recognize "SERVERNAME". So disable authentication check for loopback by editing/adding the following registry value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa > DWORD > DisableLoopbackCheck=1
Restart "Workstation" under services.msc.
Source: https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locally-by-using-its-fqd
Other methods (unverified):
Edit/add registry key:
HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters DWORD DisableStrictNameChecking=1
Other Sources: https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locally-by-using-its-fqd
Solution 2:
I haven't tried this, but maybe the LMHOSTS file would help?
It's like /etc/hosts for SMB server names. You can find it at %SystemRoot%\System32\Drivers\Etc (maybe it doesn't exist, but at least on Vista there is an lmhost.sam sample file).
Solution 3:
If I understand right, you want a machine in your backup environment to respond to the name of a server computer that's running in your production environment.
It's possible, but you may have some difficulties if there's NetBIOS communication between the backup environment and the production environment.
Here's the basic procedure for adding an alias name to a Windows Server machine.
On the backup server, add a REG_MULTI_SZ value named "OptionalNames" in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters. Put the name you'd like the backup server to respond to in that value.
Add a REG_DWORD value to the same registry key named "DisableStrictNameChecking" and set it to "1".
Bounce the "Server" service (or reboot the machine).
Where you may have a problem is that the backup server is going to try to register this alias name in WINS and will broadcast it using NetBIOS over TCP/IP. Since you already have a computer with the alias name running you may get "duplicate computer name" messages. If you can firewall your backup environment away from the production environment for NetBIOS then this will be a non-issue.
Also, be aware that there won't be any way to do Microsoft File and Print Sharing connections between the server with the alias name set and the real server computer using the NetBIOS name. You'll have to "connect" to the real server computer from the backup server by IP address if you need that functionality.