When trying to access a share by it's UNC name it only works when I am authenticated to an 2008 R2 domain controller.

When authenticated to the 2012 R2 domain controller I am not able to access the same share by it's UNC name.

When replacing the server name with it's ip address the share can be accessed.

It's not related to name resolution.

There are no cached credentials in the Credential Manager.

Any idea ?

does it happen for all the users or one  specific user? Can you setup a script to dump the logs, each time user logs in, to confirm DC user is authenticating against ?

save the script below as a bat file, and attach it as Logon script to a Group policy. Update the Share FQDN and share name to reflect your environment. This will confirm if DC with Server 2012 is really to be blamed here. 

--------------------

@echo off

echo  %computername%, %username%, %logonserver%, %date%, %time% , >> \\FileShareServerFQDN\SharedriveWithWritablePermissions\DClogons\%username%-AuthDC.txt

net use >> \\FileShareServerFQDN\SharedriveWithWritablePermissions\DClogons\%username%-AuthDC.txt

@ipconfig /flushdns >nul
CLS
goto exit

:exit

-----------------

• Edited by Azarya Thursday, May 21, 2015 11:24 PM

As long as both the 2008 and 2012 DC are online it happens to all users randomly.

When the 2012 DC is switched off, it doesn't happen anymore.

> When trying to access a share by it's UNC name it only works when I am > authenticated to an 2008 R2 domain controller. > > When authenticated to the 2012 R2 domain controller I am not able to > access the same share by it's UNC name.   Different eTypes in the TGS? What OS is the Server hosting the UNC runninng?  

I'll have to check the eType, good tip anyway, thanks.

update: it seems that it is only an issue when running 2008 or higher in combination with 2003.

The Server hosting the UNC is a NetApp CIFS share, running OnTap 8.2 cluster mode.

• Edited by Piet111 Friday, May 22, 2015 1:42 PM

Hi,

You could compare the registry value between the issued server and normal one.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DependOnService

Similar thread has been discussed:

Can't access UNC share on Windows Server 2012 R2

https://social.technet.microsoft.com/Forums/windowsserver/en-US/bca317cd-87aa-4fd7-b12a-6715e6dddfe5/cant-access-unc-share-on-windows-server-2012-r2?forum=winserver8gen

If you need to modify the registry key, please backup it firstly.

Regards.

Hi,

Any update about the issue?

Regards.

Hi

Are you still facing after trying all ?  you can check any even id reported related to Kerberos - Event ID 4 

The kerberos client received a KRB_AP_ERR_MODIFIED error ***   this will report on servers while accessing UNc. If then it is an issue with SPN. Please let us know .