Windows share requires authentication only when accessed locally [duplicate]

windows server-message-block

Solution 1:

This is an old post but I encountered this problem during Covid season while trying to work from home.

I want to redirect SMB server calls for \\SERVERNAME\ (or in the example above PROD_SHARE) to being the local SMB on the computer.

Method

  1. Add "SERVERNAME" to etc\hosts file with IP Address 127.0.0.1

  2. Local Windows Authentication will pop up and give error because the computer does not recognize "SERVERNAME". So disable authentication check for loopback by editing/adding the following registry value:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa > DWORD > DisableLoopbackCheck=1

  3. Restart "Workstation" under services.msc.

Source: https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locally-by-using-its-fqd

Other methods (unverified):

Edit/add registry key:

HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters  DWORD      DisableStrictNameChecking=1

Other Sources: https://support.microsoft.com/en-us/help/926642/error-message-when-you-try-to-access-a-server-locally-by-using-its-fqd

Solution 2:

I haven't tried this, but maybe the LMHOSTS file would help?

It's like /etc/hosts for SMB server names. You can find it at %SystemRoot%\System32\Drivers\Etc (maybe it doesn't exist, but at least on Vista there is an lmhost.sam sample file).

Solution 3:

If I understand right, you want a machine in your backup environment to respond to the name of a server computer that's running in your production environment.

It's possible, but you may have some difficulties if there's NetBIOS communication between the backup environment and the production environment.

Here's the basic procedure for adding an alias name to a Windows Server machine.

  • On the backup server, add a REG_MULTI_SZ value named "OptionalNames" in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters. Put the name you'd like the backup server to respond to in that value.

  • Add a REG_DWORD value to the same registry key named "DisableStrictNameChecking" and set it to "1".

Bounce the "Server" service (or reboot the machine).

Where you may have a problem is that the backup server is going to try to register this alias name in WINS and will broadcast it using NetBIOS over TCP/IP. Since you already have a computer with the alias name running you may get "duplicate computer name" messages. If you can firewall your backup environment away from the production environment for NetBIOS then this will be a non-issue.

Also, be aware that there won't be any way to do Microsoft File and Print Sharing connections between the server with the alias name set and the real server computer using the NetBIOS name. You'll have to "connect" to the real server computer from the backup server by IP address if you need that functionality.

Related

How to use Azure DNS server to set local CNAME?
How can I hide/delete the "?" help button on the "title bar" of a Qt Dialog?
Select link by text (exact match)
Defining type aliases
SELECT INTO in MySQL
What is the purpose of XSD files?
JQuery - how to select dropdown item based on value
How to use Console.WriteLine in ASP.NET (C#) during debug?
Differences between these three ways of defining a function in Scala
Select row and element in awk
How to call JavaScript function instead of href in HTML
jQuery select option elements by value