User cannot access shares on a server...
User cannot access shares on a server...
I have been to see a new client and set them up a file and print server.
i have installed Windows Server 2008 std.
All the users are running XP.
The users have been sent the laptops from the uk to here in Dubai and the laptops are already on the company domain, although there is no site to site VPN, just company.local
Since there is no DC available, i cannot add the server to the domain, so i have just left it on a workgroup.
I have created accounts for all 3 users, and individual shares, with the correct permissions.
2 of the users have no issues and can see the shares.
1 user cannot see any shares, cannot UNC to \\server\share or \\ip address\share, he cannot map a drive to the share but can ping it and rdp to it.
im a bit stuck. ;0)
I have checked workstation service, server service, netlogon etc...
AAAGGGGHHHHHHHH
any ideas?
I have been to see a new client and set them up a file and print server.
i have installed Windows Server 2008 std.
All the users are running XP.
The users have been sent the laptops from the uk to here in Dubai and the laptops are already on the company domain, although there is no site to site VPN, just company.local
Since there is no DC available, i cannot add the server to the domain, so i have just left it on a workgroup.
I have created accounts for all 3 users, and individual shares, with the correct permissions.
2 of the users have no issues and can see the shares.
1 user cannot see any shares, cannot UNC to \\server\share or \\ip address\share, he cannot map a drive to the share but can ping it and rdp to it.
im a bit stuck. ;0)
I have checked workstation service, server service, netlogon etc...
AAAGGGGHHHHHHHH
any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do you get any errors in the event viewer relating to when you try to connect to the ip address or unc path or anything like that ?
Control panel --> administrative tools --> event viewer
Have you got windows firewall enabled or at least the relevant ports allowed as exceptions for ports 445, 135-139 and any authentication ports required for kerberos or the likes ( NTLM ) etc
also what happens if you try to telnet to the servers ip address on port 445 ie
telnet a.b.c.d:445
where a.b.c.d is the servers ip address with a colon ( : ) post fixed and then the port number so 445 in this instance
Also I presume both on the share and the NTFS permissions the said user(s) have full control
If you un share it and re share it with the relevant permissions does that help at all ?
The other thing not sure if this helps or not at all with the server being server 2008 there may be authentication level issues and smb signing version 2.0
I normally select the below setting myself although as per the guide you can try just the Send LM & NTLM response only ( either or )
Send LM & NTLM - Use NTLMv2 session security if negotiated
http://blogs.techrepublic.com.com/networking/?p=577
And also SMB Signing 2.0 - although I would test again with the client computer before disabling this to see if it helps.
I am not sure if both or only one of the above 2 settings requires the windows client to restart but I normally disable both and restart and try to connect again from the client although the smb signing may pose a security risk so depends ( you may want to research into smb signing and the risks involved )
http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm
Control panel --> administrative tools --> event viewer
Have you got windows firewall enabled or at least the relevant ports allowed as exceptions for ports 445, 135-139 and any authentication ports required for kerberos or the likes ( NTLM ) etc
also what happens if you try to telnet to the servers ip address on port 445 ie
telnet a.b.c.d:445
where a.b.c.d is the servers ip address with a colon ( : ) post fixed and then the port number so 445 in this instance
Also I presume both on the share and the NTFS permissions the said user(s) have full control
If you un share it and re share it with the relevant permissions does that help at all ?
The other thing not sure if this helps or not at all with the server being server 2008 there may be authentication level issues and smb signing version 2.0
I normally select the below setting myself although as per the guide you can try just the Send LM & NTLM response only ( either or )
Send LM & NTLM - Use NTLMv2 session security if negotiated
http://blogs.techrepublic.com.com/networking/?p=577
And also SMB Signing 2.0 - although I would test again with the client computer before disabling this to see if it helps.
I am not sure if both or only one of the above 2 settings requires the windows client to restart but I normally disable both and restart and try to connect again from the client although the smb signing may pose a security risk so depends ( you may want to research into smb signing and the risks involved )
http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm
you could always use non-domain account to browse shares..
try:
net use f: \\servername\sharename\ /user: username password
username and password should be a local account that has access to your server..
try:
net use f: \\servername\sharename\ /user: username password
username and password should be a local account that has access to your server..
Also as a side note ports 135-139 are netbios over tcp/ip so may also cause a security issue and always an idea to block these ports going outside of your network
ASKER
Ok, cheers guys....
I have just learned that the value entered in the string at HKLM\System\CurrentControl
was 1, whereas when i checked another machine it was \Device\ i have asked him to change this and let me know, and im hoping this wil solve it...
what you reckon?
I have just learned that the value entered in the string at HKLM\System\CurrentControl
was 1, whereas when i checked another machine it was \Device\ i have asked him to change this and let me know, and im hoping this wil solve it...
what you reckon?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@ Alex - what was the resolution ?
Obviously with closing it down if anyone else finds this question it would be very helpful to also know the resolution
Thanks
Obviously with closing it down if anyone else finds this question it would be very helpful to also know the resolution
Thanks
ASKER
i have just re-added the entry...do you know what the value is supposed to be?
. Click "Start"
4. Click "Run..."
5. Where it says "Open:" type "regedit"
6. Navigate to HKLM\System\CurrentControl
7. Find the value "TransportBindName" and right-click it to open up a menu of options.
8. Click "Modify" (it is in bold text)
9. Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
10. Click "OK"
11. Close the registry and reboot.