Cannot Access Windows 2012R2 Shares from Windows 2003 Server
Solution 1
Just to close out this question with what ended up happening. I never could get it working but we ended up disabling SMBv1 across the enterprise and decommissioning the 2003 server shortly there after.
Solution 2
This does sound like a possible SMB issue. Yes there is SMB logging. You want to look in Event Viewer on both file servers and filter by Event ID. There are five Event IDs related to SMB. The Event IDs are 2011 2022 2504 2505 and 2506.
https://technet.microsoft.com/en-us/library/dd364961(v=ws.10).aspx
You should make sure that you have a common version of SMB enabled (in your case you need SMB1 enabled because you are using a Windows Server 2003 platform).
You can change the version of SMB the server uses in HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters by setting the value data to "0" (disable) or "1" (enable) for the value name SMB1 or SMB2.
Your Wireshark logs appear to indicate the two servers are not able to negotiate a common SMB version. If that is the cause then enabling SMB1 on the 2012 server should get things working.
Related videos on Youtube
Caynadian
Updated on September 18, 2022Comments
-
Caynadian over 1 year
I am having an odd issue that I hope someone can help with. I have an older 32bit Windows Server 2003SP2 server that cannot access any shares on our 64bit Windows Server 2012R2 domain controller. The 2003 server can access shares on other 2012R2 servers fine, it is just the one server it has problems with. Also, the 2012R2 server can access shares on the 2003 server fine. There is no firewall or AV on the 2003 server but the 2012R2 server has both the firewall and Symantec Endpoint Protection installed on it. No other clients have problems access the 2012R2 server (although all the other machines access it are Win10/Win2012R2).
I have checked the event log on both machines and there are no messages. If I try and access a share with Windows Explorer, I get the error "Windows cannot find '\win2012R2\sharename'. Check the spelling and try again, or try searching for the item by clicking the Start button and then clicking search." If I try from the command line using NET USE, I get the error "System error 64 has occurred. The specified network name is no longer available". I can ping the 2012R2 server from the 2003 server fine. DNS lookups also work fine.
Is there some sort of SMB access logging I can look at?
EDIT:
I installed Wireshark and recorded the following traffic when from the 2003 server when trying to connect to the 2012R2 server:
No. Time Source Destination Protocol Length Info 6361 79.400489000 2003srvr.domainname.lcl 2012r2srvr.domainname.lcl TCP 62 12575->netbios-ssn [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 Frame 6361: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0 Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04) Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6) Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 0, Len: 0 No. Time Source Destination Protocol Length Info 6363 79.400812000 2012r2srvr.domainname.lcl 2003srvr.domainname.lcl TCP 62 netbios-ssn->12575 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 SACK_PERM=1 Frame 6363: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0 Ethernet II, Src: 192.168.112.6 (ff:ff:ff:9b:08:04), Dst: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5) Internet Protocol Version 4, Src: 2012r2srvr.domainname.lcl (192.168.112.6), Dst: 2003srvr.domainname.lcl (192.168.112.10) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 12575 (12575), Seq: 0, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6364 79.400822000 2003srvr.domainname.lcl 2012r2srvr.domainname.lcl TCP 54 12575->netbios-ssn [ACK] Seq=1 Ack=1 Win=64240 Len=0 Frame 6364: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0 Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04) Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6) Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 1, Ack: 1, Len: 0 No. Time Source Destination Protocol Length Info 6366 79.400881000 2003srvr.domainname.lcl 2012r2srvr.domainname.lcl NBSS 126 Session request, to 2012R2SRVR<20> from 2003SRVR<00> Frame 6366: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0 Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04) Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6) Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 1, Ack: 1, Len: 72 NetBIOS Session Service No. Time Source Destination Protocol Length Info 6368 79.401133000 2012r2srvr.domainname.lcl 2003srvr.domainname.lcl NBSS 60 Positive session response Frame 6368: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: 192.168.112.6 (ff:ff:ff:9b:08:04), Dst: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5) Internet Protocol Version 4, Src: 2012r2srvr.domainname.lcl (192.168.112.6), Dst: 2003srvr.domainname.lcl (192.168.112.10) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 12575 (12575), Seq: 1, Ack: 73, Len: 4 NetBIOS Session Service No. Time Source Destination Protocol Length Info 6369 79.401226000 2003srvr.domainname.lcl 2012r2srvr.domainname.lcl SMB 191 Negotiate Protocol Request Frame 6369: 191 bytes on wire (1528 bits), 191 bytes captured (1528 bits) on interface 0 Ethernet II, Src: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5), Dst: 192.168.112.6 (ff:ff:ff:9b:08:04) Internet Protocol Version 4, Src: 2003srvr.domainname.lcl (192.168.112.10), Dst: 2012r2srvr.domainname.lcl (192.168.112.6) Transmission Control Protocol, Src Port: 12575 (12575), Dst Port: netbios-ssn (139), Seq: 73, Ack: 5, Len: 137 NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 6371 79.401507000 2012r2srvr.domainname.lcl 2003srvr.domainname.lcl TCP 60 netbios-ssn->12575 [RST, ACK] Seq=5 Ack=210 Win=0 Len=0 Frame 6371: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: 192.168.112.6 (ff:ff:ff:9b:08:04), Dst: Vmware_9b:7e:e5 (ff:ff:ff:9b:7e:e5) Internet Protocol Version 4, Src: 2012r2srvr.domainname.lcl (192.168.112.6), Dst: 2003srvr.domainname.lcl (192.168.112.10) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 12575 (12575), Seq: 5, Ack: 210, Len: 0
Maybe someone with more SMB knowledge can help but it looks like the 2003 server is closing the connection after trying to negotiate the protocol.
-
Caynadian about 7 yearsI looked on both servers for those event IDs and did not find any messages. On the 2012R2 server I also looked in the Applications and Service Logs\Microsoft\Windows\SMBClient and SMBServer logs and didn't see anything from the 2003 server.
-
Caynadian about 7 yearsI thought it might be something like this but the 2003 server can access any of the other 2012R2 servers we have installed (including other domain controllers). It is just this one specific server it has problems with. If it was a group policy thing it would affect at least all other domain controllers as we don't have any group policies that affect the one 2012R2 server I can't connect to.
-
user5870571 about 7 yearsWhat version of SMB are you running on each server?
-
user5870571 about 7 yearsPlease see my updated answer.
-
Caynadian about 7 yearsI was sure this would be it but unfortunately, no. SMB v1 is NOT disabled on my 2012R2 server. Server 2003 only supports SMB V1 so there is nothing to enable/disable on that one. They should both be able to talk using SMB V1.
-
user5870571 about 7 yearsI agree they should be able to talk using SMB1. What happens if you try using Wireshark but doing a capture filter
port 139 || port 445
? Once you start Wireshark try to access the other server and then what does it tell you? -
Caynadian about 7 yearsThat is what you are seeing above. I filtered the traffic only by src/dst host IP addresses. All traffic on all ports between the hosts should be shown.
-
user5870571 about 7 yearsOk, thanks. You could try disabling SMB2 (not recommended). Please note if you make the change from the registry then you do need to restart the computer.
-
Caynadian about 7 yearsOk. I'll have to try this after hours as this is our active file server and I don't want to mess up other users.
-
Caynadian about 7 yearsWell, that didn't work either. Same error. The 2003 server is going to get replaced in a few months so maybe I'll just ignore it for now.
-
user5870571 about 7 yearsHere is an example of the SMB communication for each device. You might also want to check your registry settings to make sure the data for
lmcompatibilitylevel
is correct. The article with that information is https://richardkok.wordpress.com/2011/02/03/wireshark-determining-a-smb-and-ntlm-version-in-a-windows-environment/ -
Andrew Schulman about 6 yearsDon't enable SMBv1. It has fatal security flaws and is or should be being phased out everywhere. Win 2003 server is also past end-of-life, so the solution here is to upgrade Win 2003 server.