Quantcast
Channel: Windows Server Forum
Viewing all articles
Browse latest Browse all 2531

Access denied on new file server in a trusted domain when accessing by alternative hostname

$
0
0

Hello,

I have an issue I can't resolve on my own.

I have created a new domain (Domain B) and have set up a file server with a DFS Namespace on it. I also created a two way trust between this domain and the old one (Domain A).

I copied all the files and took the NTFS permissions with it. I have enabled "everyone" permission on the share.

The users in the old domain can access the shares via namespace as well as hostname/fqdn of the new Fileserver.

The problem is the following:

As there are still links in files to the old Fileserver I wanted to make it accessible by that name as well. I already did that a few times without any issues - but not in the scenario. I now have tried:

  • Changing A-Record in the old domain to the new Fileserver
  • Added CNAME to the new Fileserver in the old Domain
  • Removed computer account on old domain for the old Fileserver
  • Added SPN in all variations in the new Domain
  • Disabled loopback check on new Fileserver (and plenty of other stuff I found)

When I try to access the share via IP - no problem. Access it with the old name or fqdn it says access denied and wants credentials. It only works, when I provide credentials of a user of the new domain. But the share permissions und NTFS are looking good. I can check the effective permissions as well - green all the way.

Nslookup also looks good and ping is possible wether it's IP, hostname or fqdn.

Is this a kerberos issue? It certainly feels like it. I did all the steps necessary to give the new Fileserver the alternative name and I also added the alternative name in the computer account via netdom.

I'm really not sure what else it could be and I am proper stuck. Do you guys have any ideas what I might be missing?


Viewing all articles
Browse latest Browse all 2531

Latest Images