Windows File Share Through FQDN
My company is currently in the process of replacing any Alias or IP reference with FQDNs in our code. Anything that has an IP or Computer Name will be replaced with something like fileserver.example.com, databaseserver.example.com, etc.
This process is working for database connections, web service references, API references. Where we are having issues is with file share access through UNC paths. Accessing files through an UNC path like this \\fileserver.example.com\path\to\files
does not work IN SOME CASES.
The IN SOME CASES is the important part here.
The UNC path can be accessed successfully in the following cases
- When viewing manually through windows explorer with FQDN path.
- When running a process that accesses the files that DOES NOT use the FQDN and instead uses the computer name (
\\COMPUTER_NAME\path\to\files
).
The UNC path CANNOT be accessed in the following case
- When running a process that accesses the files that DOES use the
FQDN
(
\\fileserver.example.com\path\to\files
).
I get the following error message.
Logon failure: unknown user name or bad password.
This error message leads you to believe it is an access issue but I don't think that is the case because the service user running the process can access the file using the COMPUTER_NAME in the path and that points to the same location as the FQDN.
Does anyone have experience with this issue?
Are FQDNs even supposed to be used to access file shares through UNC paths?
After reading Claytons post and looking through the security logs in the event viewer we realized this was only an issue when a machine was trying to access a file with an UNC path pointed at itself.
This led me to the loopback check documented in the following article on microsoft.com. https://blogs.technet.microsoft.com/sharepoint_foxhole/2010/06/21/disableloopbackcheck-lets-do-it-the-right-way/
We used Method 1: Specify host names (Preferred method if NTLM authentication is desired)
Disabled DisableStrictNameChecking in registry
Entered
fileserver.example.com
into the BackConnectionHostNames in registry