Unsolved
This post is more than 5 years old
8 Posts
0
1805
December 17th, 2009 12:00
File Server Migration and WINS/DNS
Hi, I'm migrating a Windows File Server to Celerra and figured as extra insurance I’d create a WINS and DNS record for clients still using the old server name.
So I created both a DNS "A" and "PTR" record along with a WINS record set of the 00h, 03h, 20h (per this KB article http://support.microsoft.com/kb/233375) to re-direct any affected clients.
Everything seems to work fine, nslookup, ping etc (all point to the new IP)... however when I enter the old fileserver name \\old-server I get a logon prompt (which I didn’t expect), so I enter my domain\username and password and the logon box re-appears. I enter other domain accoutns that do have access to \\new-server and the logon box re-appears each time. So for grins I enter \\new-server and I don’t get the logon prompt. I then launch Wireshark and I'm able to verify the MAC address destination it is the same for both \\old-server and \\new-server.
Incidentally, the re-direct works for OSX clients - only Windows clients seem to have the problem.
Should I be adding or doing something else to make this happen?
Any ideas would be appreciated.
Thanks,
Matt
0 events found
MattV2
8 Posts
0
December 17th, 2009 13:00
I did verify before prior to posting that I was talking to the correct WINS servers and just verified again. I also looked at the WINS MMC on each server and verified the records existed. For grins here is some output of nbtstat -a showing that WINS appears to be working fine. Maybe some other setting on the CIFS server that needs to be tweaked?
C:\Program Files\Support Tools>nbtstat -a old-servername
Local Area Connection:
Node IpAddress: [192.168.159.69] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
----------------------------------------------
new-servername <00> UNIQUE Registered
new-servername <20> UNIQUE Registered
domain <00> GROUP Registered
domain <1E> GROUP Registered
MAC Address = 00-60-16-26-A1-7C
C:\Program Files\Support Tools>nbtstat -a new-servername
Local Area Connection:
Node IpAddress: [192.168.159.69] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
----------------------------------------------
new-servername <00> UNIQUE Registered
new-servername <20> UNIQUE Registered
domain <00> GROUP Registered
domain <1E> GROUP Registered
MAC Address = 00-60-16-26-A1-7C
Rainer_EMC
6 Operator
•
8.6K Posts
0
December 17th, 2009 13:00
check with nbtstat on your Windows client where you are getting your name resolution from
Rainer_EMC
6 Operator
•
8.6K Posts
0
December 17th, 2009 14:00
well, depending on your client config there is a couple of ways that Windows takes to resolve a name:
so any of these could give you the old info - including slave servers that arent updated
Peter_EMC
674 Posts
0
December 17th, 2009 22:00
For use cases like this, the Datamover provides the aliasing feature for netbios and compnames.
Please check the server_cifs command.
I think the problem you are running into is kerberos related. "Problem is that with W2K3, the KDC may not provide the canonical compname of the CIFS server to the client requesting the access ticket, and the connection to the DM will fail."
Please take a look at knowledgebase emc158629 for a detailed description and workarounds of the issue.
kensagle
59 Posts
0
December 18th, 2009 07:00
As peter stated kerberos will not work if you are using an alias. It should then try NTLMv2 and then NTLMv1. This can cause issues if you have disabled NTLM on the clients or have lockout policies of less than 3 attempts.
Sagle
MattV2
8 Posts
0
December 18th, 2009 12:00
We do have NTLM enabled, specifically NTLMv2 response only for the entire domain and lockout policy is set to 10 bad attempts.
MattV2
8 Posts
0
December 18th, 2009 12:00
This sounded like it could be the issue, so I enabled the setting, rebooted the DM and tested.
When I try to connect to \\old-servername I get an error instead of the logon box. The message says "Logon Failure: The target account name is incorrect". So I reverted the setting back to defaults and I'm now getting the logon box again.