Hello,
I have an issue I can't resolve on my own.
I have created a new domain (Domain B) and have set up a file server with a DFS Namespace on it. I also created a two way trust between this domain and the old one (Domain A).
I copied all the files and took the NTFS permissions with it. I have enabled "everyone" permission on the share.
The users in the old domain can access the shares via namespace as well as hostname/fqdn of the new Fileserver.
The problem is the following:
As there are still links in files to the old Fileserver I wanted to make it accessible by that name as well. I already did that a few times without any issues - but not in the scenario. I now have tried:
- Changing A-Record in the old domain to the new Fileserver
- Added CNAME to the new Fileserver in the old Domain
- Removed computer account on old domain for the old Fileserver
- Added SPN in all variations in the new Domain
- Disabled loopback check on new Fileserver (and plenty of other stuff I found)
When I try to access the share via IP - no problem. Access it with the old name or fqdn it says access denied and wants credentials. It only works, when I provide credentials of a user of the new domain. But the share permissions und NTFS are looking good. I can check the effective permissions as well - green all the way.
Nslookup also looks good and ping is possible wether it's IP, hostname or fqdn.
Is this a kerberos issue? It certainly feels like it. I did all the steps necessary to give the new Fileserver the alternative name and I also added the alternative name in the computer account via netdom.
I'm really not sure what else it could be and I am proper stuck. Do you guys have any ideas what I might be missing?