T
Trust No One®
Hi Folks,
I think the answer to my question is "Yes", but hopefully someone can
confirm and/or point me to the particular security patch that introduced it.
Recently - on the 14th of November when we rolled out a number of Microsoft
patches, a number of our Windows 2000 servers had problems where
applications running on these servers were no longer able to map to local
shares using an alias (DNS CNAME) for the server. Attempting the map the
share resulted in a request for login credentials.
Up to this point this kind of drive mapping worked flawlessly in Windows
2000, provided the DisableStrictNameChecking key was set as detailed in:
http://support.microsoft.com/kb/281308
During my investigation I found that the registry value
DisableLoopBackCheck=0 now appears in the registry of our Windows 2000
servers. This is related to the LoopBack check functionality which was first
introduced in Windows 2003 SP1. (see http://support.microsoft.com/kb/896861)
If I set "DisableLoopBackCheck=1" or alternately specify the desired alias
in a "BackConnectionHostNames" entry, then everything works, as per the KB
article for Windows 2003 SP1.
So it looks like a recent security patch has introduced the loopback check
functionality previously only applicable to Windows 2003 SP1 onwards.
Can anyone else confirm this behaviour?
Regds,
I think the answer to my question is "Yes", but hopefully someone can
confirm and/or point me to the particular security patch that introduced it.
Recently - on the 14th of November when we rolled out a number of Microsoft
patches, a number of our Windows 2000 servers had problems where
applications running on these servers were no longer able to map to local
shares using an alias (DNS CNAME) for the server. Attempting the map the
share resulted in a request for login credentials.
Up to this point this kind of drive mapping worked flawlessly in Windows
2000, provided the DisableStrictNameChecking key was set as detailed in:
http://support.microsoft.com/kb/281308
During my investigation I found that the registry value
DisableLoopBackCheck=0 now appears in the registry of our Windows 2000
servers. This is related to the LoopBack check functionality which was first
introduced in Windows 2003 SP1. (see http://support.microsoft.com/kb/896861)
If I set "DisableLoopBackCheck=1" or alternately specify the desired alias
in a "BackConnectionHostNames" entry, then everything works, as per the KB
article for Windows 2003 SP1.
So it looks like a recent security patch has introduced the loopback check
functionality previously only applicable to Windows 2003 SP1 onwards.
Can anyone else confirm this behaviour?
Regds,