Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
castelon

Still Checking the Forum Out
Registered:
Posts: 5
Reply with quote  #1 

I work at a public library and performed an experiment. I have 2 Windows 7 computers, c1 and c2, that are connected to our network and are members of our Windows domain. We have a Windows Server 2012 R2 Standard server, s1, that performs many functions, including DHCP and DNS.

We have NetBIOS over TCP/IP enabled on our network but we have no WINS server.

I turned on c1 and it obtained an IP address from s1 and a DNS host record was created for c1 on s1. I then turned c1 off and unplugged the Ethernet cable to it. C1 has no wireless capability. I then turned c2 on and configured it so that it had a static IP address and other network settings (such as DNS server and so forth) that matched the settings for c1. I then went to my computer and pinged c1 and I got a reply. The reply must have come from c2 because c1 is disconnected.

I then tried something else. I know that computers communicate with each other using IP addresses and not names. When I enter a UNC path in the address bar of Windows Explorer on my computer, such as “\\c2”, my computer will then query my DNS server for the IP address of c2. Windows Explorer would then display the shares on c2 after the name “c2” has been resolved. I would expect, therefore, that I would see the shares on c2 when I type “\\c1” in Windows Explorer, since both c1 and c2 share the same IP address.

This didn’t happen. I instead received an error message that included the words “Logon Failure The target account name is incorrect”.

I have, in the past, created a DNS host record for a fictional computer and configured the IP address in this host record to match the IP address of an actual computer on my network. I was then able to enter the name of this fictional computer in the UNC path in the address bar of Windows Explorer and I was then able to see the shares on the actual computer (which had a different name). So, I decided to try this in my current experiment. I deleted the DNS host record for c1 and created a new record that included the name “c1” and the IP address of c1. I was still, however, unable to reach c2 by entering “c1” in the UNC path in the address bar of Windows Explorer.

Do you know why I was unable to “fool” my computer into browsing to c2 when I used “c1” in the UNC path in Windows Explorer?

0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 177
Reply with quote  #2 
Quote:
Originally Posted by castelon

Do you know why I was unable to “fool” my computer into browsing to c2 when I used “c1” in the UNC path in Windows Explorer?



Yes. https://support.microsoft.com/en-us/help/281308/connecting-to-smb-share-on-a-windows-2000-based-computer-or-a-windows-server-2003-based-computer-may-not-work-with-an-alias-name

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
castelon

Still Checking the Forum Out
Registered:
Posts: 5
Reply with quote  #3 
Mr. Smirnov:

Thank-you for your attention! I do not believe, however, that the article that you provided me is applicable in my scenario. For example, the 2 computers that I mention, "c1" and "c2", are Windows 7 computers, not servers.
0
donoli

Senior Member
Registered:
Posts: 459
Reply with quote  #4 
Quote:
I would expect, therefore, that I would see the shares on c2 when I type “\\c1” in Windows Explorer, since both c1 and c2 share the same IP address..


Quote:
I have, in the past, created a DNS host record for a fictional computer and configured the IP address in this host record to match the IP address of an actual computer on my network.


Apparently, you were able to poison/spoof the DNS record on your previous experiment but it didn't work on your most recent attempt. 

https://en.wikipedia.org/wiki/DNS_spoofing
https://null-byte.wonderhowto.com/how-to/tutorial-dns-spoofing-0167796/
http://techgenix.com/understanding-man-in-the-middle-attacks-arp-part2/
0
Pieter

Avatar / Picture

Senior Member
Registered:
Posts: 130
Reply with quote  #5 
Quote:
Originally Posted by castelon
I do not believe, however, that the article that you provided me is applicable in my scenario. For example, the 2 computers that I mention, "c1" and "c2", are Windows 7 computers, not servers.


I'm with Evgenij. Just try it, it might work.  ;-)
Create a reg-key on C2 : HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\DisableStrictNameChecking=1 (REG_DWORD)

You should be able to address c2 by typing \\c1\.. if, of course, the A-record in your DNS for c1 points to the same IP address as for c2.

__________________
Pieter Demeulemeester
0
castelon

Still Checking the Forum Out
Registered:
Posts: 5
Reply with quote  #6 
Thank-you all for your help! I performed this experiment because I have a number of workstations that look to a certain server for the files on that server. I had to replace this server with a new server with a different name. I hoped that I could simply give the new server the same IP address as the old server. When a workstation tried to access the old server, the DNS record for the old server would direct the workstation to the new server (which has the same IP address as the old server). I would not, therefore, have to go to each workstation and configure it with the name of the new server.

I read about disabling "strict name checking" after your suggestion, Mr. Smirnov, but I thought that this was inapplicable because of the experiment that I tried before. I created a DNS host record for a fictional computer ("test") and configured this record with the IP address of my new server. I was then able to type "test" in the address bar of Windows Explorer and I was able to see the shares on my new server. If my new server was enforcing "strict name checking", then I would not have been able to access it by typing "test" in the address bar. Thanks again, everyone!
0
castelon

Still Checking the Forum Out
Registered:
Posts: 5
Reply with quote  #7 
I tried the suggestion that was posted by Mr. Smirnov and Mr. Pieter. I created the registry entry on c2 and then restarted the computer and then tried to browse to c2 on my computer by typing "c1" in the address bar. Unfortunately, I received the same error message. This was a good suggested solution, though, and I learned about the concept of "strict name checking".
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 177
Reply with quote  #8 
OK, if you use Kerberos authentication you have to create SPNs for C1 and assign them to C2, the above fix only works for NTLM.

Try setting

Code:
setspn -A HOST/C1 C2
setspn -A HOST/C1.domain.tld C2

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 177
Reply with quote  #9 
Quote:
Originally Posted by castelon
I tried the suggestion that was posted by Mr. Smirnov and Mr. Pieter.


On a different note: We are on a first-name basis here (at least those who publish that as repeatedly requested by Mark). Or at least forum nicks, but no one is expecting to be adressed as Mr. or Mrs. [smile]

__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
castelon

Still Checking the Forum Out
Registered:
Posts: 5
Reply with quote  #10 

Success! I have read a lot about the technology of Service Principal Names since I wrote last, thanks to you fellows. I ran the Command Prompt on my computer as an administrator and removed the SPN “host/c1” and “host/c1.domain.local” from c1 using “setspn –d”. I then added these 2 SPN to c2 using “setspn –s”. I then configured c2 with the static IP address that corresponded to the DNS host record for c1 (c1 was unplugged) and I was then able to see the shares on c2 when I entered “c1” in the address bar of Windows Explorer on my computer.

I mentioned that I was able to browse to c2 when I created a DNS host record for a fictional computer, which included the IP address of c2, and then entered the name of that fictional computer in the address bar of Windows Explorer. I believe that this was possible because no Service Connection Point had been created for that fictional computer. A SCP had long ago been created for c1, however, which is why I was unable to browse to c2 by simply configuring c2 with the IP address of c1 and entering “c1” in my Address Bar.

Thanks for your help!

0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: