Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Archiving and eDiscovery Community Blog

Why you might disable Strict Name Checking and Authentication Loopback on Enterprise Vault Servers

Created: 12 Mar 2013 • Updated: 29 May 2014
Rob.Wilcox's picture
0 0 Votes
Login to vote

 

A few days ago I hit an issue on one of my new Enterprise Vault servers that I had added to my Enterprise Vault site.  I was busily browsing different folders, and comparing via network browsing different aspects of the servers to make sure that they appeared to be the same.  I was doing this whilst multi-tasking some other tasks on a different machine.  Every now and again, whilst installing updates, changing settings and so on, I would get to a state where I browsed the remote 'new' machine and got errors like:

"Access denied"

or

"No network provider accepted the given  network path"

A reboot, and 15 minutes later when I got back to the task it seemed to work.. but then on my final bit of configuration I was *actually* concentrating, and hit these errors again.

The reason was that I was attempting to access the server, remotely, using a UNC path involving the machine alias.  And that doesn't work in Windows 2008 R2 x64. For example my second physical name was SRV18V01, but I had created a DNS alias for it... to make my life easier (so I thought) called EV2.  Browsing \\SRV18V01 seemed to work, but, browsing \\EV2 wasn't.

This is all down to Strict Name Checking and Authentication Loopback check:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
Under parameters add a new DWORD.
The name is DisableStrictNameChecking, and the value should be set to 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Under LSA add a new DWORD
THe name is DisableLoopbackCheck, and the value should be set to 1

Restart after setting both.

This fixed the problem for my network browsing by alias.