User cannot access shares on a server...

User cannot access shares on a server...
I have been to see a new client and set them up a file and print server.
i have installed Windows Server 2008 std.
All the users are running XP.
The users have been sent the laptops from the uk to here in Dubai and the laptops are already on the company domain, although there is no site to site VPN, just company.local
Since there is no DC available, i cannot add the server to the domain, so i have just left it on a workgroup.
I have created accounts for all 3 users, and individual shares, with the correct permissions.
2 of the users have no issues and can see the shares.
1 user cannot see any shares, cannot UNC to \\server\share  or \\ip address\share, he cannot map a drive to the share but can ping it and rdp to it.

im a bit stuck. ;0)

I have checked workstation service, server service, netlogon etc...


any ideas?
Who is Participating?
your laptops are joined on a domain but on the site there is no domain controller. Why are they joined to the domain from the first place?

Is it possible to remove the domain from laptops and turn them back to normal workgroup?
Alex_JenkinsAuthor Commented:
This is so that they ca use the client vpn on the laptops to authenticate to the UK domain...
The other laptops are fine...i id have one issue with theuser whereby he was hacked in a hotel in prague, so he closed port 445,  the issue started when he returned from holidays.  i have since backtracked his steps, and re-opened by adding the registry entry again...
still puzzled?
Alex_JenkinsAuthor Commented:
this is what he did to close port 445,
i have just re-added the you know what the value is supposed to be?

.        Click "Start"
4.        Click "Run..."
5.        Where it says "Open:" type "regedit"
6.        Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
7.        Find the value "TransportBindName" and right-click it to open up a menu of options.
8.        Click "Modify" (it is in bold text)
9.        Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
10.     Click "OK"
11.     Close the registry and reboot.  
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Shane Russell2nd Line Desktop SupportCommented:
do you get any errors in the event viewer relating to when you try to connect to the ip address or unc path or anything like that ?

Control panel --> administrative tools --> event viewer

Have you got windows firewall enabled or at least the relevant ports allowed as exceptions for ports 445, 135-139 and any authentication ports required for kerberos or the likes ( NTLM ) etc

also what happens if you try to telnet to the servers ip address on port 445 ie

telnet a.b.c.d:445

where a.b.c.d is the servers ip address with a colon ( : ) post fixed and then the port number so 445 in this instance

Also I presume both on the share and the NTFS permissions the said user(s) have full control

If you un share it and re share it with the relevant permissions does that help at all ?

The other thing not sure if this helps or not at all with the server being server 2008 there may be authentication level issues and smb signing version 2.0

I normally select the below setting myself although as per the guide you can try just the Send LM & NTLM response only ( either or )

Send LM & NTLM - Use NTLMv2 session security  if negotiated

And also SMB Signing 2.0 - although I would test again with the client computer before disabling this to see if it helps.

I am not sure if both or only one of the above 2 settings requires the windows client to restart but I normally disable both and restart and try to connect again from the client although the smb signing may pose a security risk so depends ( you may want to research into smb signing and the risks involved )

you could always use non-domain account to browse shares..
net use f: \\servername\sharename\ /user: username password

username and password should be a local account that has access to your server..
Shane Russell2nd Line Desktop SupportCommented:
Also as a side note ports 135-139 are netbios over tcp/ip so may also cause a security issue and always an idea to block these ports going outside of your network
Alex_JenkinsAuthor Commented:
Ok, cheers guys....
I have just learned that the value entered in the string at HKLM\System\CurrentControlSet\Services\NetBT\Parameters\transportbindsettings
was 1, whereas when i checked another machine it was \Device\  i have asked him to change this and let me know, and im hoping this wil solve it...
what you reckon?
Shane Russell2nd Line Desktop SupportCommented:
Always best to check after changing each setting to see if its any better or still the same and always an idea to get him to save a log for each event type in the event viewer ie application , system, etc and get them to attach each one to an email and send it to you to go over that or if you can remote control his computer in some way shape or form and see for yourself what errors he is getting that relate to trying to connect to the network unc path / share that may shed some light on what is going wrong.
Shane Russell2nd Line Desktop SupportCommented:
@ Alex - what was the resolution ?

Obviously with closing it down if anyone else finds this question it would be very helpful to also know the resolution

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.