User cannot access shares on a server...

Posted on 2010-09-22
Last Modified: 2012-05-10
User cannot access shares on a server...
I have been to see a new client and set them up a file and print server.
i have installed Windows Server 2008 std.
All the users are running XP.
The users have been sent the laptops from the uk to here in Dubai and the laptops are already on the company domain, although there is no site to site VPN, just company.local
Since there is no DC available, i cannot add the server to the domain, so i have just left it on a workgroup.
I have created accounts for all 3 users, and individual shares, with the correct permissions.
2 of the users have no issues and can see the shares.
1 user cannot see any shares, cannot UNC to \\server\share  or \\ip address\share, he cannot map a drive to the share but can ping it and rdp to it.

im a bit stuck. ;0)

I have checked workstation service, server service, netlogon etc...


any ideas?
Question by:Alex_Jenkins
  • 4
  • 3
  • 2

Accepted Solution

psychogr earned 250 total points
ID: 33736405
your laptops are joined on a domain but on the site there is no domain controller. Why are they joined to the domain from the first place?

Is it possible to remove the domain from laptops and turn them back to normal workgroup?

Assisted Solution

Alex_Jenkins earned 0 total points
ID: 33736438
This is so that they ca use the client vpn on the laptops to authenticate to the UK domain...
The other laptops are fine...i id have one issue with theuser whereby he was hacked in a hotel in prague, so he closed port 445,  the issue started when he returned from holidays.  i have since backtracked his steps, and re-opened by adding the registry entry again...
still puzzled?

Author Comment

ID: 33736490
this is what he did to close port 445,
i have just re-added the you know what the value is supposed to be?

.        Click "Start"
4.        Click "Run..."
5.        Where it says "Open:" type "regedit"
6.        Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
7.        Find the value "TransportBindName" and right-click it to open up a menu of options.
8.        Click "Modify" (it is in bold text)
9.        Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
10.     Click "OK"
11.     Close the registry and reboot.  
LVL 23

Expert Comment

ID: 33736673
do you get any errors in the event viewer relating to when you try to connect to the ip address or unc path or anything like that ?

Control panel --> administrative tools --> event viewer

Have you got windows firewall enabled or at least the relevant ports allowed as exceptions for ports 445, 135-139 and any authentication ports required for kerberos or the likes ( NTLM ) etc

also what happens if you try to telnet to the servers ip address on port 445 ie

telnet a.b.c.d:445

where a.b.c.d is the servers ip address with a colon ( : ) post fixed and then the port number so 445 in this instance

Also I presume both on the share and the NTFS permissions the said user(s) have full control

If you un share it and re share it with the relevant permissions does that help at all ?

The other thing not sure if this helps or not at all with the server being server 2008 there may be authentication level issues and smb signing version 2.0

I normally select the below setting myself although as per the guide you can try just the Send LM & NTLM response only ( either or )

Send LM & NTLM - Use NTLMv2 session security  if negotiated

And also SMB Signing 2.0 - although I would test again with the client computer before disabling this to see if it helps.

I am not sure if both or only one of the above 2 settings requires the windows client to restart but I normally disable both and restart and try to connect again from the client although the smb signing may pose a security risk so depends ( you may want to research into smb signing and the risks involved )

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Expert Comment

ID: 33736697
you could always use non-domain account to browse shares..
net use f: \\servername\sharename\ /user: username password

username and password should be a local account that has access to your server..
LVL 23

Expert Comment

ID: 33736717
Also as a side note ports 135-139 are netbios over tcp/ip so may also cause a security issue and always an idea to block these ports going outside of your network

Author Comment

ID: 33736751
Ok, cheers guys....
I have just learned that the value entered in the string at HKLM\System\CurrentControlSet\Services\NetBT\Parameters\transportbindsettings
was 1, whereas when i checked another machine it was \Device\  i have asked him to change this and let me know, and im hoping this wil solve it...
what you reckon?
LVL 23

Assisted Solution

gecko_au2003 earned 250 total points
ID: 33736793
Always best to check after changing each setting to see if its any better or still the same and always an idea to get him to save a log for each event type in the event viewer ie application , system, etc and get them to attach each one to an email and send it to you to go over that or if you can remote control his computer in some way shape or form and see for yourself what errors he is getting that relate to trying to connect to the network unc path / share that may shed some light on what is going wrong.
LVL 23

Expert Comment

ID: 33796279
@ Alex - what was the resolution ?

Obviously with closing it down if anyone else finds this question it would be very helpful to also know the resolution


Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now