User cannot access shares on a server...

Posted on 2010-09-22
Last Modified: 2012-05-10
User cannot access shares on a server...
I have been to see a new client and set them up a file and print server.
i have installed Windows Server 2008 std.
All the users are running XP.
The users have been sent the laptops from the uk to here in Dubai and the laptops are already on the company domain, although there is no site to site VPN, just company.local
Since there is no DC available, i cannot add the server to the domain, so i have just left it on a workgroup.
I have created accounts for all 3 users, and individual shares, with the correct permissions.
2 of the users have no issues and can see the shares.
1 user cannot see any shares, cannot UNC to \\server\share  or \\ip address\share, he cannot map a drive to the share but can ping it and rdp to it.

im a bit stuck. ;0)

I have checked workstation service, server service, netlogon etc...


any ideas?
Question by:Alex_Jenkins
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2

Accepted Solution

psychogr earned 250 total points
ID: 33736405
your laptops are joined on a domain but on the site there is no domain controller. Why are they joined to the domain from the first place?

Is it possible to remove the domain from laptops and turn them back to normal workgroup?

Assisted Solution

Alex_Jenkins earned 0 total points
ID: 33736438
This is so that they ca use the client vpn on the laptops to authenticate to the UK domain...
The other laptops are fine...i id have one issue with theuser whereby he was hacked in a hotel in prague, so he closed port 445,  the issue started when he returned from holidays.  i have since backtracked his steps, and re-opened by adding the registry entry again...
still puzzled?

Author Comment

ID: 33736490
this is what he did to close port 445,
i have just re-added the you know what the value is supposed to be?

.        Click "Start"
4.        Click "Run..."
5.        Where it says "Open:" type "regedit"
6.        Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
7.        Find the value "TransportBindName" and right-click it to open up a menu of options.
8.        Click "Modify" (it is in bold text)
9.        Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
10.     Click "OK"
11.     Close the registry and reboot.  
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

LVL 23

Expert Comment

ID: 33736673
do you get any errors in the event viewer relating to when you try to connect to the ip address or unc path or anything like that ?

Control panel --> administrative tools --> event viewer

Have you got windows firewall enabled or at least the relevant ports allowed as exceptions for ports 445, 135-139 and any authentication ports required for kerberos or the likes ( NTLM ) etc

also what happens if you try to telnet to the servers ip address on port 445 ie

telnet a.b.c.d:445

where a.b.c.d is the servers ip address with a colon ( : ) post fixed and then the port number so 445 in this instance

Also I presume both on the share and the NTFS permissions the said user(s) have full control

If you un share it and re share it with the relevant permissions does that help at all ?

The other thing not sure if this helps or not at all with the server being server 2008 there may be authentication level issues and smb signing version 2.0

I normally select the below setting myself although as per the guide you can try just the Send LM & NTLM response only ( either or )

Send LM & NTLM - Use NTLMv2 session security  if negotiated

And also SMB Signing 2.0 - although I would test again with the client computer before disabling this to see if it helps.

I am not sure if both or only one of the above 2 settings requires the windows client to restart but I normally disable both and restart and try to connect again from the client although the smb signing may pose a security risk so depends ( you may want to research into smb signing and the risks involved )


Expert Comment

ID: 33736697
you could always use non-domain account to browse shares..
net use f: \\servername\sharename\ /user: username password

username and password should be a local account that has access to your server..
LVL 23

Expert Comment

ID: 33736717
Also as a side note ports 135-139 are netbios over tcp/ip so may also cause a security issue and always an idea to block these ports going outside of your network

Author Comment

ID: 33736751
Ok, cheers guys....
I have just learned that the value entered in the string at HKLM\System\CurrentControlSet\Services\NetBT\Parameters\transportbindsettings
was 1, whereas when i checked another machine it was \Device\  i have asked him to change this and let me know, and im hoping this wil solve it...
what you reckon?
LVL 23

Assisted Solution

gecko_au2003 earned 250 total points
ID: 33736793
Always best to check after changing each setting to see if its any better or still the same and always an idea to get him to save a log for each event type in the event viewer ie application , system, etc and get them to attach each one to an email and send it to you to go over that or if you can remote control his computer in some way shape or form and see for yourself what errors he is getting that relate to trying to connect to the network unc path / share that may shed some light on what is going wrong.
LVL 23

Expert Comment

ID: 33796279
@ Alex - what was the resolution ?

Obviously with closing it down if anyone else finds this question it would be very helpful to also know the resolution


Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question