Some client can't access SMB share folders

It started happening some time ago. it doesn't seem there's a pattern.
First, SMB ports are all open in firewall, 137,138,139,445. Wireshark shows client connects then RST (reset) connection.
Network team repeatedly confirmed that there was no change no error no deny log, everything is fine.

I virtually followed all solutions online for two days modifying registry, doesn't work. When client connects to share folders by \\xxx.xxx.xxx.xxx\share1, it throws 0x80004005 and windows events related to SMB:
30803
30804
30805
30807

Any comment, will be appreciated
Sungpill HanAsked:
Who is Participating?
 
Sungpill HanAuthor Commented:
I can't tell what it is but it seems as the man-in-the-middle device which actually has SMB control. Device controlling session or application layer between networks are hard to troubleshoot because system admin has no access to it
0
 
JohnBusiness Consultant (Owner)Commented:
Are the mappings requiring SMBv1? And was SMBv1 disabled or removed?
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Step1:
check networking
ping xxx.xxx.xxx.xxx
If necessary do an extended and leave for a minute
ping xxx.xxx.xxx.xxx -t

Step2:
Review Firewall.
If windows firewall is open, check if you have any other software in the box that can control the firewall.

Step3
Physical NIC.
Use ping 127.0.0.1
if it answers the nic is good, if it doesn't physically the NIC is bad and the hardware needs to be replaced.


Step4:
Permissions.
Make sure that in the shares, in both tabs (Security and Share) the users have the adequate permissions access. In windows, a denial permission gets over any granting permissions.
1
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Sungpill HanAuthor Commented:
No connection or permission issue. Even folder permission with everyone.

I need to find why clients reset connection after NTLM auth was completed from servers to the client. This happens to all servers.
I also checked if recently there was windows updates, no history of updates also.
Researching on the SMB event IDs, I can't find many but most of solutions are focused on client sides...
0
 
Sungpill HanAuthor Commented:
Wireshark shows SMB 2 negotiation success.
On client sides SMB1 is disabled.
0
 
JohnBusiness Consultant (Owner)Commented:
Are you using legacy mappings that require SMBv1?
0
 
Sungpill HanAuthor Commented:
what is legacy mapping? I use UNC path format \\server\share
0
 
JohnBusiness Consultant (Owner)Commented:
I should have said Legacy Machines . I did not mean Mappings - sorry.
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Did you do all the steps I provided? I'm not clear on your answer sorry.
0
 
Sungpill HanAuthor Commented:
I already did the 4 steps you mentioned before I post here, spent two days
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Turn off the firewall completely, do the test if anyone can access if it can, there's a problem with your firewall, if not you should consider changing the nic or adding a new one to test.
0
 
Sungpill HanAuthor Commented:
Firewall is off. same issue.
using a different lan to usb adapter, same issue
0
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
Try antimalwarebytes software.
0
 
Sungpill HanAuthor Commented:
Does anyone know about the following SMB events? I don't find many resources regarding such;

30803
30804
30805
30807
0
 
Sungpill HanAuthor Commented:
didn't get the best answer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.