Cannot Access Windows 2012R2 Shares from Windows 2003 Server

windows network-share server-message-block
7,884

Solution 1

Just to close out this question with what ended up happening. I never could get it working but we ended up disabling SMBv1 across the enterprise and decommissioning the 2003 server shortly there after.

Solution 2

This does sound like a possible SMB issue. Yes there is SMB logging. You want to look in Event Viewer on both file servers and filter by Event ID. There are five Event IDs related to SMB. The Event IDs are 2011 2022 2504 2505 and 2506.

https://technet.microsoft.com/en-us/library/dd364961(v=ws.10).aspx

You should make sure that you have a common version of SMB enabled (in your case you need SMB1 enabled because you are using a Windows Server 2003 platform).

You can change the version of SMB the server uses in HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters by setting the value data to "0" (disable) or "1" (enable) for the value name SMB1 or SMB2.

Your Wireshark logs appear to indicate the two servers are not able to negotiate a common SMB version. If that is the cause then enabling SMB1 on the 2012 server should get things working.

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

Share:
7,884

Related videos on Youtube

Caynadian
Author by

Caynadian

Updated on September 18, 2022

Comments

  • Caynadian
    Caynadian over 1 year

    I am having an odd issue that I hope someone can help with. I have an older 32bit Windows Server 2003SP2 server that cannot access any shares on our 64bit Windows Server 2012R2 domain controller. The 2003 server can access shares on other 2012R2 servers fine, it is just the one server it has problems with. Also, the 2012R2 server can access shares on the 2003 server fine. There is no firewall or AV on the 2003 server but the 2012R2 server has both the firewall and Symantec Endpoint Protection installed on it. No other clients have problems access the 2012R2 server (although all the other machines access it are Win10/Win2012R2).

    I have checked the event log on both machines and there are no messages. If I try and access a share with Windows Explorer, I get the error "Windows cannot find '\win2012R2\sharename'. Check the spelling and try again, or try searching for the item by clicking the Start button and then clicking search." If I try from the command line using NET USE, I get the error "System error 64 has occurred. The specified network name is no longer available". I can ping the 2012R2 server from the 2003 server fine. DNS lookups also work fine.

    Is there some sort of SMB access logging I can look at?

    EDIT:

    I installed Wireshark and recorded the following traffic when from the 2003 server when trying to connect to the 2012R2 server:

    No.     Time           Source                Destination           Protocol Length Info
   6361 79.400489000   2003srvr.domainname.lcl 2012r2srvr.domainname.lcl TCP      62     12575->netbios-ssn [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1

Frame 6361: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0
Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04)
Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6)
Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
   6363 79.400812000   2012r2srvr.domainname.lcl 2003srvr.domainname.lcl TCP      62     netbios-ssn->12575 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 SACK_PERM=1

Frame 6363: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0
Ethernet II, Src: 192.168.112.6 (ff:ff:ff:9b:08:04), Dst: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5)
Internet Protocol Version 4, Src: 2012r2srvr.domainname.lcl (192.168.112.6), Dst: 2003srvr.domainname.lcl (192.168.112.10)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 12575 (12575), Seq: 0, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
   6364 79.400822000   2003srvr.domainname.lcl 2012r2srvr.domainname.lcl TCP      54     12575->netbios-ssn [ACK] Seq=1 Ack=1 Win=64240 Len=0

Frame 6364: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04)
Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6)
Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 1, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
   6366 79.400881000   2003srvr.domainname.lcl 2012r2srvr.domainname.lcl NBSS     126    Session request, to 2012R2SRVR<20> from 2003SRVR<00>

Frame 6366: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0
Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04)
Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6)
Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 1, Ack: 1, Len: 72
NetBIOS Session Service

No.     Time           Source                Destination           Protocol Length Info
   6368 79.401133000   2012r2srvr.domainname.lcl 2003srvr.domainname.lcl NBSS     60     Positive session response

Frame 6368: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: 192.168.112.6 (ff:ff:ff:9b:08:04), Dst: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5)
Internet Protocol Version 4, Src: 2012r2srvr.domainname.lcl (192.168.112.6), Dst: 2003srvr.domainname.lcl (192.168.112.10)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 12575 (12575), Seq: 1, Ack: 73, Len: 4
NetBIOS Session Service

No.     Time           Source                Destination           Protocol Length Info
   6369 79.401226000   2003srvr.domainname.lcl 2012r2srvr.domainname.lcl SMB      191    Negotiate Protocol Request

Frame 6369: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0
Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04)
Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6)
Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 73, Ack: 5, Len: 137
NetBIOS Session Service
SMB (Server Message Block Protocol)

No.     Time           Source                Destination           Protocol Length Info
   6371 79.401507000   2012r2srvr.domainname.lcl 2003srvr.domainname.lcl TCP      60     netbios-ssn->12575 [RST, ACK] Seq=5 Ack=210 Win=0 Len=0

Frame 6371: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: 192.168.112.6 (ff:ff:ff:9b:08:04), Dst: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5)
Internet Protocol Version 4, Src: 2012r2srvr.domainname.lcl (192.168.112.6), Dst: 2003srvr.domainname.lcl (192.168.112.10)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 12575 (12575), Seq: 5, Ack: 210, Len: 0

    Maybe someone with more SMB knowledge can help but it looks like the 2003 server is closing the connection after trying to negotiate the protocol.

  • Caynadian
    Caynadian about 7 years
    I looked on both servers for those event IDs and did not find any messages. On the 2012R2 server I also looked in the Applications and Service Logs\Microsoft\Windows\SMBClient and SMBServer logs and didn't see anything from the 2003 server.
  • Caynadian
    Caynadian about 7 years
    I thought it might be something like this but the 2003 server can access any of the other 2012R2 servers we have installed (including other domain controllers). It is just this one specific server it has problems with. If it was a group policy thing it would affect at least all other domain controllers as we don't have any group policies that affect the one 2012R2 server I can't connect to.
  • user5870571
    user5870571 about 7 years
    What version of SMB are you running on each server?
  • user5870571
    user5870571 about 7 years
    Please see my updated answer.
  • Caynadian
    Caynadian about 7 years
    I was sure this would be it but unfortunately, no. SMB v1 is NOT disabled on my 2012R2 server. Server 2003 only supports SMB V1 so there is nothing to enable/disable on that one. They should both be able to talk using SMB V1.
  • user5870571
    user5870571 about 7 years
    I agree they should be able to talk using SMB1. What happens if you try using Wireshark but doing a capture filter port 139 || port 445? Once you start Wireshark try to access the other server and then what does it tell you?
  • Caynadian
    Caynadian about 7 years
    That is what you are seeing above. I filtered the traffic only by src/dst host IP addresses. All traffic on all ports between the hosts should be shown.
  • user5870571
    user5870571 about 7 years
    Ok, thanks. You could try disabling SMB2 (not recommended). Please note if you make the change from the registry then you do need to restart the computer.
  • Caynadian
    Caynadian about 7 years
    Ok. I'll have to try this after hours as this is our active file server and I don't want to mess up other users.
  • Caynadian
    Caynadian about 7 years
    Well, that didn't work either. Same error. The 2003 server is going to get replaced in a few months so maybe I'll just ignore it for now.
  • user5870571
    user5870571 about 7 years
    Here is an example of the SMB communication for each device. You might also want to check your registry settings to make sure the data for lmcompatibilitylevel is correct. The article with that information is https://richardkok.wordpress.com/2011/02/03/wireshark-determ‌​ining-a-smb-and-ntlm‌​-version-in-a-window‌​s-environment/
  • Andrew Schulman
    Andrew Schulman about 6 years
    Don't enable SMBv1. It has fatal security flaws and is or should be being phased out everywhere. Win 2003 server is also past end-of-life, so the solution here is to upgrade Win 2003 server.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why are hidden Windows shares not really hidden?
Windows 8 and SMB2 Issues
Preventing Mac OS X clients from polluting Windows shares with resource forks
How to mount a windows administrative share on linux via SMB
Long pause when accessing DFS namespace
How to force Windows to prompt for credentials while accessing share
Windows 10 connecting to external SMB share
Why do my network shares disappear?
Why Does the Print$ Share Exist on Some Servers and How Do I Disable It
Work folders not working