Solved

User cannot access shares on a server...

Posted on 2010-09-22
9
897 Views
Last Modified: 2012-05-10
User cannot access shares on a server...
I have been to see a new client and set them up a file and print server.
i have installed Windows Server 2008 std.
All the users are running XP.
The users have been sent the laptops from the uk to here in Dubai and the laptops are already on the company domain, although there is no site to site VPN, just company.local
Since there is no DC available, i cannot add the server to the domain, so i have just left it on a workgroup.
I have created accounts for all 3 users, and individual shares, with the correct permissions.
2 of the users have no issues and can see the shares.
1 user cannot see any shares, cannot UNC to \\server\share  or \\ip address\share, he cannot map a drive to the share but can ping it and rdp to it.

im a bit stuck. ;0)

I have checked workstation service, server service, netlogon etc...

AAAGGGGHHHHHHHH

any ideas?
0
Comment
Question by:Alex_Jenkins
  • 4
  • 3
  • 2
9 Comments
 
LVL 8

Accepted Solution

by:
psychogr earned 250 total points
ID: 33736405
your laptops are joined on a domain but on the site there is no domain controller. Why are they joined to the domain from the first place?

Is it possible to remove the domain from laptops and turn them back to normal workgroup?
0
 

Assisted Solution

by:Alex_Jenkins
Alex_Jenkins earned 0 total points
ID: 33736438
HI
 
This is so that they ca use the client vpn on the laptops to authenticate to the UK domain...
The other laptops are fine...i id have one issue with theuser whereby he was hacked in a hotel in prague, so he closed port 445,  the issue started when he returned from holidays.  i have since backtracked his steps, and re-opened by adding the registry entry again...
hmmm
still puzzled?
 
 
0
 

Author Comment

by:Alex_Jenkins
ID: 33736490
this is what he did to close port 445,
i have just re-added the entry...do you know what the value is supposed to be?
 

.        Click "Start"
4.        Click "Run..."
5.        Where it says "Open:" type "regedit"
6.        Navigate to HKLM\System\CurrentControlSet\Services\NetBT\Parameters
7.        Find the value "TransportBindName" and right-click it to open up a menu of options.
8.        Click "Modify" (it is in bold text)
9.        Where it says "Value data:" delete whatever is in the box so the box is blank. The blank entry is what closes the port.
10.     Click "OK"
11.     Close the registry and reboot.  
0
 
LVL 23

Expert Comment

by:gecko_au2003
ID: 33736673
do you get any errors in the event viewer relating to when you try to connect to the ip address or unc path or anything like that ?

Control panel --> administrative tools --> event viewer

Have you got windows firewall enabled or at least the relevant ports allowed as exceptions for ports 445, 135-139 and any authentication ports required for kerberos or the likes ( NTLM ) etc

also what happens if you try to telnet to the servers ip address on port 445 ie

telnet a.b.c.d:445

where a.b.c.d is the servers ip address with a colon ( : ) post fixed and then the port number so 445 in this instance

Also I presume both on the share and the NTFS permissions the said user(s) have full control

If you un share it and re share it with the relevant permissions does that help at all ?

The other thing not sure if this helps or not at all with the server being server 2008 there may be authentication level issues and smb signing version 2.0

I normally select the below setting myself although as per the guide you can try just the Send LM & NTLM response only ( either or )

Send LM & NTLM - Use NTLMv2 session security  if negotiated

http://blogs.techrepublic.com.com/networking/?p=577

And also SMB Signing 2.0 - although I would test again with the client computer before disabling this to see if it helps.

I am not sure if both or only one of the above 2 settings requires the windows client to restart but I normally disable both and restart and try to connect again from the client although the smb signing may pose a security risk so depends ( you may want to research into smb signing and the risks involved )

http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 8

Expert Comment

by:psychogr
ID: 33736697
you could always use non-domain account to browse shares..
try:
net use f: \\servername\sharename\ /user: username password

username and password should be a local account that has access to your server..
0
 
LVL 23

Expert Comment

by:gecko_au2003
ID: 33736717
Also as a side note ports 135-139 are netbios over tcp/ip so may also cause a security issue and always an idea to block these ports going outside of your network
0
 

Author Comment

by:Alex_Jenkins
ID: 33736751
Ok, cheers guys....
I have just learned that the value entered in the string at HKLM\System\CurrentControlSet\Services\NetBT\Parameters\transportbindsettings
was 1, whereas when i checked another machine it was \Device\  i have asked him to change this and let me know, and im hoping this wil solve it...
 
what you reckon?
 
 
0
 
LVL 23

Assisted Solution

by:gecko_au2003
gecko_au2003 earned 250 total points
ID: 33736793
Always best to check after changing each setting to see if its any better or still the same and always an idea to get him to save a log for each event type in the event viewer ie application , system, etc and get them to attach each one to an email and send it to you to go over that or if you can remote control his computer in some way shape or form and see for yourself what errors he is getting that relate to trying to connect to the network unc path / share that may shed some light on what is going wrong.
0
 
LVL 23

Expert Comment

by:gecko_au2003
ID: 33796279
@ Alex - what was the resolution ?

Obviously with closing it down if anyone else finds this question it would be very helpful to also know the resolution

Thanks
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now