Here's a situation that came up yesterday: we have a share on a machine we have to access using an alias (CNAME). The machine is running Windows Server 2012 R2, and services Windows 7 and 8 clients.
Windows 7 clients have no issues opening the share \SHARECNAME or \IP.AD.DR.ESS
Windows 8 clients can only open the share by \IP.AD.DR.ESS
What worked eventually was to create SPN records for the CNAME to point to the HOSTNAME (setspn -S HOST/CNAME HOSTNAME, etc.) and suddenly the share was usable.
The HOSTNAME machine did log an error:
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server HOSTNAME$. The target name used was cifs/CNAME." for which I haven't found that much information, but did point me in the direction of setting the proper SPN records.
What I'm trying to understand is why the difference in client experience?
Thank you.
Best Answer
Not exactly sure, but did you happen to set the DisableStrictNameChecking registry setting?
http://www.md3v.com/enable-windows-server-smb-2-0-alias-cname
The IP vs CName along with the SPN is obviously indicating that Kerberos is involved. Perhaps it's the SMB 3.0 encryption that's showing itself. This would only be on a Server2012 to Win8 connection, but that's one of the major differences between SMB 2 and SMB 3. I don't believe that encryption on the shares is enabled by default, but by moving to SMB 3, the protocol might be requiring a Kerberos authentication.
http://blogs.technet.com/b/josebda/archive/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-you-are-using.aspx