Tuesday, March 5, 2013

Strict Name Checking

This is a security feature introduced to Windows 2003 R2 whereby incoming packets are checked to see whether the IP header is addressed to the real host name of the server. If the hostname in the header does not match, the packets are blocked. Sounds reasonable right? Except... if you are using a DNS CName you are going to get blocked, if you are using a load balancer you are going to get blocked and I am sure there are other examples. The issue can present itself in a number of ways, typically if you are trying to browse to a share via a UNC the error will be:

"System Error 52 has occurred. A duplicate name exists on the network" Which I think is a very strange way of reporting the rejection. Bottom line if you need to switch this off you can, this is done via the registry and requires a reboot. The key is:

HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters

You will need to create a new DWORD named:

DisableStrictNameChecking

Give the value of 1 and reboot.

Cheers!


No comments:

Post a Comment