Symptoms

You are connecting via AFP to an Files Connect volume in a .local domain and it fails with the error-message below:

Solution

This may be a known issue that the .local domains are not resolved correctly from a Mac client. However, you can use «Search Domains» to help you auto-complete long host names:

• On the client: System Preferences –> Network –> Select the network connection service you want to use –> Advanced –> DNS  –> Search Domain –> Add .local. Please refer to the Apple KB for more details.
• On the server: Files Connect Admin -> Settings -> File Server -> Login methods -> Disable Kerberos logins.

If unchecking Kerberos now works then it may be that the problem server's SPN (Server Principle Name) is missing one or both names (long and short). For the Mac to get a Kerberos ticket via AFP you need both a long and short SPN. You can use the setspn command with the "-l" switch to list:

You should see two lines for "afpserver/" (long and short):
- afpserver/servername.company.com
- afpserver/servername

If not then run the following to add:
- setspn -a afpserver/servername.company.com targetservername
- setspn -a afpserver/servername targetservername

Then to confirm it worked enter:
setspn -l targetservername

You should see two lines:
- afpserver/servername.company.com
- afpserver/servername