Windows Server 2019 LMHOSTS File Does Not Work

Question

I am trying to use the hosts/lmhosts files to create various aliases on my new Windows 2019 Server. It is on a corporate Active Directory Domain. "Use LMHOSTS" is checked in the TCP/IP properties.

In scenario 1 I want to create some aliases for the same machine. I placed the following lines in C:\Windows\System32\drivers\etc\lmhosts:

# loopback alias
127.0.0.1    myname1
# real IP alias
10.1.2.3     myname2

And correspondingly in C:\Windows\System32\drivers\etc\hosts:

127.0.0.1    myname1
10.1.2.3     myname2

I then restarted the server and lmhosts services and tried to access them with net use \\myname1/2 and Windows Explorer. They both cause a prompt for logon credentials which repeatedly rejects me. Those names do not exist anywhere else because I get "the network path was not found" when I try them with hosts and lmhosts blank. I can ping the names and it shows the right IP.

In scenario 2 I am trying to create a hosts/lmhosts alias to another server.

10.11.12.13    alias1

I restarted as before and net use gives me "System error 53 has occurred. You were not connected because a duplicate name exists on the network." Of course alias1 does not exist anywhere. I did not have any other connections to the real server. I verified that with net use and netstat.

In scenario 3 I am trying to create a hosts/lmhosts override of another server.

10.1.2.3    otherserver

I restarted as before and this time net use gives me "System error 64 has occurred. The specified network name is no longer available." When I ping otherserver is uses the correct IP address for the local machine that I specified.

So my big question is this. Either what am I doing wrong or what did Microsoft do to LMHOSTS to break it in 2019?? I have tried ipconfig /flushdns and nbtstat -R. I tried the #PRE lmhosts directive. Nothing worked.

One other thing, I have SMB auditing turned on and in the SMBServer/Security event log, there are corresponding SMB Session Authentication Failure entries. The client address is the local machine. There is one salient line: "SPN: session setup failed before the SPN could be queried".

I'm willing to try other means of creating machine aliases. But the main task is to mask another server so that its UNC paths will be resolved locally.

Thanks.

Answer 1

Either what am I doing wrong

Most likely it is not the name resolution to blame here (which is done in your hosts), but the fileserver name itself. Windows servers do listen for requests to their name.

You can add aliases to your server with netdom:

c:\> netdom computername <computername> /add:<aliasname.fqdn.local>

You will not need to patch your hosts/lmhosts if netdom is used correctly.

Answer 2

As said in another answer, Windows will complain if you try to call a server with a different name than its own; netdom can fix that.

But in a domain environment, there's also Kerberos to consider. In order for authentication to be successful, the server will need to have a Service Principal Name matching the name you are calling it as.

So you will also need to register an additional SPN for the server:

setspn -S CIFS/Alias Servername

(Where "Alias" is the new name and "Servername" is the actual host name of the server)