George M
asked on
Unable to access shares, from multiple windows 10 machines, residing on a new build of server 2016.
I am having a problem accessing a remote share, from a windows 10 enterprise system, to a share that resides on a server 2016 machine. Interestingly enough, I set up another 2016 system which I can access from the same windows 10 machine with no issue. The system is currently not domain connected and I have tried accessing the hidden share on the d:\ drive of the remote 2016 machine. I have also shared the drive out to the "Everyone" group with full permissions and I still cannot connect.
From the remote machine, I enter into a windows explorer window \\servername\share, but I never get prompted for a username/password. Instead I get a window popup stating "Windows cannot access \\servername\share". The error code is 0x80004005.
In the event log, on the 2016 server, I am seeing an audit failure, in the Security log, stating "The user has not been granted the requested logon type at this machine"
On the second server, that I installed server 2016 on, I have no problem accessing the share, whether it's the hidden share or the share I set up to Everyone.
I don't understand why I'm not being prompted to enter my credentials on my Windows 10 machine. I have also confirmed with others, in my group and they too cannot access any of the shares on the problem 2016 server.
I have looked everywhere under the sun, but cannot find a resolution to this issue.
Any help is appreciated.
From the remote machine, I enter into a windows explorer window \\servername\share, but I never get prompted for a username/password. Instead I get a window popup stating "Windows cannot access \\servername\share". The error code is 0x80004005.
In the event log, on the 2016 server, I am seeing an audit failure, in the Security log, stating "The user has not been granted the requested logon type at this machine"
On the second server, that I installed server 2016 on, I have no problem accessing the share, whether it's the hidden share or the share I set up to Everyone.
I don't understand why I'm not being prompted to enter my credentials on my Windows 10 machine. I have also confirmed with others, in my group and they too cannot access any of the shares on the problem 2016 server.
I have looked everywhere under the sun, but cannot find a resolution to this issue.
Any help is appreciated.
Check the NTFS permissions for the folder. Not just the permissions for the share itself.
ASKER
I have checked the ntfs permissions and they seem to be ok. I compared the problem systems settings to the one that is working properly. Here's what I have:
Everyone - Read and Execuite
Creator Owner - Full Control
System - Full Control
Administrators - Full Control
Users - Read & Execute/Create Folders/append data/create files/write data
Owner of the drive is SYSTEM
Everyone - Read and Execuite
Creator Owner - Full Control
System - Full Control
Administrators - Full Control
Users - Read & Execute/Create Folders/append data/create files/write data
Owner of the drive is SYSTEM
If the Windows 10 machines are in a domain but you server is not, this explains everything: the Windows 10 present the current domain user credentials, but the server does'n't know about them. On a host integrated in a domain, we have Domain Users and Local Users. On a host which is not integrated in a domain, we have only Local Users, users availabile only on that host/machine.
ASKER
I can access the shared drive, on the second 2016 server I built, which is also not connected to the domain. The way I was able to do this was by going into Advanced Sharing and sharing the folder to Everyone/Full Control.
I set up the share, on the problem 2016 server, exactly the same as above, but I still cannot access it.
I set up the share, on the problem 2016 server, exactly the same as above, but I still cannot access it.
Check your Network profile for the problem server: it must be Private. Also, on the problem server:
- In Control Panel -> Network and Sharing Center -> Advanced Sharing Center, check for the Private profile if the network discovery is ON and file and printer sharing is ON
- In All Networks profile check if password protected sharing is OFF
Or better, compare all above between the two servers
- In Control Panel -> Network and Sharing Center -> Advanced Sharing Center, check for the Private profile if the network discovery is ON and file and printer sharing is ON
- In All Networks profile check if password protected sharing is OFF
Or better, compare all above between the two servers
ASKER
matrix8086, I tried your suggestions, but I still can't access the server shares. I even matched the settings on the good server, but it still doesn't work. I'm ready to toss it out the window...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I should also add, that I'm able to access the share, on the good 2016 server from other systems on that are on the domain. I get prompted for a username/password, as expected and then I can access the share...
When I try to access the share, on the bad system, from the same domain systems, I don't get a prompt just a flat out "windows cannot access \\server\share"
When I try to access the share, on the bad system, from the same domain systems, I don't get a prompt just a flat out "windows cannot access \\server\share"
It's your network working good? Can you ping the bad server by IP from a windows 10? How about ping the bad server by name from a windows 10?
ASKER
Michael B. Smith, yes I tried that and yes I do in fact get prompted and can access the share, but I need to pass this system off to web/iis guys and this wouldn't work for them.
@George M: OMG!!!
ASKER
matrix8086, when I ping both the good and bad server, from my windows 10 machine and another domain machine, I get no response, but I can ping my windows 10 machine from both the good and bad server...
File and Storage Services role and subsidiary services installed?
ASKER
Yeah, I know...I could try to pass it off though. It's better than rebuilding the whole box, for something as goofy as this!! Once I get it on the domain, this issue goes away...
ASKER
Michael, File and Storage Services role is selected, but I don't know what subsidiary services are or how to check them.
The easiest way (in my opinion) is from PowerShell:
Get-WindowsFeature File*, FS*, Stor*
ASKER
Here's the output:
Display Name Name Install State
------------ ---- -------------
[X] File and Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[ ] BranchCache for Network Files FS-BranchCache Available
[ ] Data Deduplication FS-Data-Deduplication Available
[ ] DFS Namespaces FS-DFS-Namespace Available
[ ] DFS Replication FS-DFS-Replication Available
[ ] File Server Resource Manager FS-Resource-Manager Available
[ ] File Server VSS Agent Service FS-VSS-Agent Available
[ ] iSCSI Target Server FS-iSCSITarget-Server Available
[ ] Server for NFS FS-NFS-Service Available
[ ] Work Folders FS-SyncShareService Available
[X] Storage Services Storage-Services Installed
[X] SMB 1.0/CIFS File Sharing Support FS-SMB1 Installed
[ ] SMB Bandwidth Limit FS-SMBBW Available
Display Name Name Install State
------------ ---- -------------
[X] File and Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[ ] BranchCache for Network Files FS-BranchCache Available
[ ] Data Deduplication FS-Data-Deduplication Available
[ ] DFS Namespaces FS-DFS-Namespace Available
[ ] DFS Replication FS-DFS-Replication Available
[ ] File Server Resource Manager FS-Resource-Manager Available
[ ] File Server VSS Agent Service FS-VSS-Agent Available
[ ] iSCSI Target Server FS-iSCSITarget-Server Available
[ ] Server for NFS FS-NFS-Service Available
[ ] Work Folders FS-SyncShareService Available
[X] Storage Services Storage-Services Installed
[X] SMB 1.0/CIFS File Sharing Support FS-SMB1 Installed
[ ] SMB Bandwidth Limit FS-SMBBW Available
net use * \\servername\sharename password /USER:servername\username
save this as a batch file and share the batch file on something the iis team can access
edit: had the syntax wrong
ASKER
Michael, going back to the net use command I have been looking at the New-PSDrive cmdlet for Powershell and if I'm understanding things correctly, there's a way to map a drive in Powershell and you can also make it available in file explorer as well?
I'm looking at some doc's online, but haven't gotten it to work yet...
I'm looking at some doc's online, but haven't gotten it to work yet...
So, and I'm just grasping at straws, try adding FS-Resource-Manager
Add-WindowsFeature FS-Resource-Manager
and then re-sharing the offending share (using server manager) and see if it makes a difference.
Yes, with New-PsDrive, but that's PowerShell only. So I recommend "net use".
But be aware that "net use" is a per user setting.
But be aware that "net use" is a per user setting.
ASKER
All,
The initial solution for this was first stated by Michael, but there was one more step in making the mapping permanent and available to File Explorer, which is what I really wanted in the first place.
After using "net use" to map the drive, I also had to add the following registry entry as described below:
The initial solution for this was first stated by Michael, but there was one more step in making the mapping permanent and available to File Explorer, which is what I really wanted in the first place.
After using "net use" to map the drive, I also had to add the following registry entry as described below:
Mapped network drives created by an elevated process will not be visible to an unelevated process and vice versa. This has been the case since Windows Vista. Since Explorer doesn't run elevated (unless you fully disable UAC), it doesn't see the drives you made with your administrative command prompt.
To disable that isolation, you can modify the Registry, as instructed by this TechNet article. Navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsof t\Windows\ CurrentVer sion\Polic ies\System
Create a DWORD entry named EnableLinkedConnections with a value of 1. Reboot the computer. Network drives mapped by the same user, even under different security contexts, will always appear to programs running as that user.
ASKER
This is my first time using this website and I wanted to thank everyone for their help!
I didn't know about EnableLinkedConnections! Thanks for that and glad we were able to assist.