User cannot access shares on a server...

Posted on 2010-09-22
Last Modified: 2012-05-10
User cannot access shares on a server...
I have been to see a new client and set them up a file and print server.
i have installed Windows Server 2008 std.
All the users are running XP.
The users have been sent the laptops from the uk to here in Dubai and the laptops are already on the company domain, although there is no site to site VPN, just company.local
Since there is no DC available, i cannot add the server to the domain, so i have just left it on a workgroup.
I have created accounts for all 3 users, and individual shares, with the correct permissions.
2 of the users have no issues and can see the shares.
1 user cannot see any shares, cannot UNC to \\server\share  or \\ip address\share, he cannot map a drive to the share but can ping it and rdp to it.

im a bit stuck. ;0)

I have checked workstation service, server service, netlogon etc...


any ideas?
Question by:Alex_Jenkins
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2

Accepted Solution

psychogr earned 250 total points
ID: 33736405
your laptops are joined on a domain but on the site there is no domain controller. Why are they joined to the domain from the first place?

Is it possible to remove the domain from laptops and turn them back to normal workgroup?

Assisted Solution

Alex_Jenkins earned 0 total points
ID: 33736438
This is so that they ca use the client vpn on the laptops to authenticate to the UK domain...
The other laptops are fine...i id have one issue with theuser whereby he was hacked in a hotel in prague, so he closed port 445,  the issue started when he returned from holidays.  i have since backtracked his steps, and re-opened by adding the registry entry again...
still puzzled?

Author Comment

ID: 33736490
this is what he did to close port 445,
i have just re-added the you know what the value is supposed to be?

.        Click "Start"
4.        Click "Run..."
5.        Where it says "Open:" type "regedit"
6.        Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
7.        Find the value "TransportBindName" and right-click it to open up a menu of options.
8.        Click "Modify" (it is in bold text)
9.        Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
10.     Click "OK"
11.     Close the registry and reboot.  
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 23

Expert Comment

ID: 33736673
do you get any errors in the event viewer relating to when you try to connect to the ip address or unc path or anything like that ?

Control panel --> administrative tools --> event viewer

Have you got windows firewall enabled or at least the relevant ports allowed as exceptions for ports 445, 135-139 and any authentication ports required for kerberos or the likes ( NTLM ) etc

also what happens if you try to telnet to the servers ip address on port 445 ie

telnet a.b.c.d:445

where a.b.c.d is the servers ip address with a colon ( : ) post fixed and then the port number so 445 in this instance

Also I presume both on the share and the NTFS permissions the said user(s) have full control

If you un share it and re share it with the relevant permissions does that help at all ?

The other thing not sure if this helps or not at all with the server being server 2008 there may be authentication level issues and smb signing version 2.0

I normally select the below setting myself although as per the guide you can try just the Send LM & NTLM response only ( either or )

Send LM & NTLM - Use NTLMv2 session security  if negotiated

And also SMB Signing 2.0 - although I would test again with the client computer before disabling this to see if it helps.

I am not sure if both or only one of the above 2 settings requires the windows client to restart but I normally disable both and restart and try to connect again from the client although the smb signing may pose a security risk so depends ( you may want to research into smb signing and the risks involved )


Expert Comment

ID: 33736697
you could always use non-domain account to browse shares..
net use f: \\servername\sharename\ /user: username password

username and password should be a local account that has access to your server..
LVL 23

Expert Comment

ID: 33736717
Also as a side note ports 135-139 are netbios over tcp/ip so may also cause a security issue and always an idea to block these ports going outside of your network

Author Comment

ID: 33736751
Ok, cheers guys....
I have just learned that the value entered in the string at HKLM\System\CurrentControlSet\Services\NetBT\Parameters\transportbindsettings
was 1, whereas when i checked another machine it was \Device\  i have asked him to change this and let me know, and im hoping this wil solve it...
what you reckon?
LVL 23

Assisted Solution

gecko_au2003 earned 250 total points
ID: 33736793
Always best to check after changing each setting to see if its any better or still the same and always an idea to get him to save a log for each event type in the event viewer ie application , system, etc and get them to attach each one to an email and send it to you to go over that or if you can remote control his computer in some way shape or form and see for yourself what errors he is getting that relate to trying to connect to the network unc path / share that may shed some light on what is going wrong.
LVL 23

Expert Comment

ID: 33796279
@ Alex - what was the resolution ?

Obviously with closing it down if anyone else finds this question it would be very helpful to also know the resolution


Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Using MS Hello on a Domain Joined Surface Book 4 51
Move FSMO roles... 9 41
DCOM was unable to communicate with the computer 8 34
Decommissioning DNS server question 3 37
A procedure for exporting installed hotfix details of remote computers using powershell
An article on effective troubleshooting
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question