Avatar of George M
George M
 asked on

Unable to access shares, from multiple windows 10 machines, residing on a new build of server 2016.

I am having a problem accessing a remote share, from a windows 10 enterprise system, to a share that resides on a server 2016 machine.  Interestingly enough, I set up another 2016 system which I can access from the same windows 10 machine with no issue.  The system is currently not domain connected and I have tried accessing the hidden share on the d:\ drive of the remote 2016 machine.  I have also shared the drive out to the "Everyone" group with full permissions and I still cannot connect.

From the remote machine, I enter into a windows explorer window \\servername\share, but I never get prompted for a username/password.  Instead I get a window popup stating "Windows cannot access \\servername\share".  The error code is 0x80004005.  

In the event log, on the 2016 server, I am seeing an audit failure, in the Security log, stating "The user has not been granted the requested logon type at this machine"

On the second server, that I installed server 2016 on, I have no problem accessing the share, whether it's the hidden share or the share I set up to Everyone.  

I don't understand why I'm not being prompted to enter my credentials on my Windows 10 machine.  I have also confirmed with others, in my group and they too cannot access any of the shares on the problem 2016 server.

I have looked everywhere under the sun, but cannot find a resolution to this issue.  

Any help is appreciated.
SecurityWindows NetworkingWindows OSWindows 10Azure

Avatar of undefined
Last Comment
Michael B. Smith

8/22/2022 - Mon
masnrock

Check the NTFS permissions for the folder. Not just the permissions for the share itself.
George M

ASKER
I have checked the ntfs permissions and they seem to be ok.  I compared the problem systems settings to the one that is working properly.  Here's what I have:

Everyone - Read and Execuite
Creator Owner - Full Control
System - Full Control
Administrators - Full Control
Users - Read & Execute/Create Folders/append data/create files/write data

Owner of the drive is SYSTEM
matrix8086

If the Windows 10 machines are in a domain but you server is not, this explains everything: the Windows 10 present the current domain user credentials, but the server does'n't know about them. On a host integrated in a domain, we have Domain Users and Local Users. On a host which is not integrated in a domain, we have only Local Users, users availabile only on that host/machine.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
George M

ASKER
I can access the shared drive, on the second 2016 server I built, which is also not connected to the domain.  The way I was able to do this was by going into Advanced Sharing and sharing the folder to Everyone/Full Control.

I set up the share, on the problem 2016 server, exactly the same as above, but I still cannot access it.
matrix8086

Check your Network profile for the problem server: it must be Private. Also, on the problem server:
- In Control Panel -> Network and Sharing Center -> Advanced Sharing Center, check for the Private profile if the network discovery is ON and file and printer sharing is ON
- In All Networks profile check if password protected sharing is OFF

Or better, compare all above between the two servers
George M

ASKER
matrix8086, I tried your suggestions, but I still can't access the server shares.  I even matched the settings on the good server, but it still doesn't work.  I'm ready to toss it out the window...
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Michael B. Smith

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
George M

ASKER
I should also add, that I'm able to access the share, on the good 2016 server from other systems on that are on the domain.  I get prompted for a username/password, as expected and then I can access the share...

When I try to access the share, on the bad system, from the same domain systems, I don't get a prompt just a flat out "windows cannot access \\server\share"
matrix8086

It's your network working good? Can you ping the bad server by IP from a windows 10? How about ping the bad server by name from a windows 10?
George M

ASKER
Michael B. Smith, yes I tried that and yes I do in fact get prompted and can access the share, but I need to pass this system off to web/iis guys and this wouldn't work for them.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
matrix8086

@George M: OMG!!!
George M

ASKER
matrix8086, when I ping both the good and bad server, from my windows 10 machine and another domain machine, I get no response, but I can ping my windows 10 machine from both the good and bad server...
Michael B. Smith

File and Storage Services role and subsidiary services installed?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
George M

ASKER
Yeah, I know...I could try to pass it off though.  It's better than rebuilding the whole box, for something as goofy as this!!  Once I get it on the domain, this issue goes away...
George M

ASKER
Michael, File and Storage Services role is selected, but I don't know what subsidiary services are or how to check them.
Michael B. Smith

The easiest way (in my opinion) is from PowerShell:

Get-WindowsFeature File*, FS*, Stor*

Open in new window

This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
George M

ASKER
Here's the output:

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
        [ ] Data Deduplication                          FS-Data-Deduplication          Available
        [ ] DFS Namespaces                              FS-DFS-Namespace               Available
        [ ] DFS Replication                             FS-DFS-Replication             Available
        [ ] File Server Resource Manager                FS-Resource-Manager            Available
        [ ] File Server VSS Agent Service               FS-VSS-Agent                   Available
        [ ] iSCSI Target Server                         FS-iSCSITarget-Server          Available
        [ ] Server for NFS                              FS-NFS-Service                 Available
        [ ] Work Folders                                FS-SyncShareService            Available
    [X] Storage Services                                Storage-Services               Installed
[X] SMB 1.0/CIFS File Sharing Support                   FS-SMB1                        Installed
[ ] SMB Bandwidth Limit                                 FS-SMBBW                       Available
David Johnson, CD

net use * \\servername\sharename  password /USER:servername\username

Open in new window


save this as a batch file and share the batch file on something the iis team can access

edit: had the syntax wrong
George M

ASKER
Michael, going back to the net use command I have been looking at the New-PSDrive cmdlet for Powershell and if I'm understanding things correctly, there's a way to map a drive in Powershell and you can also make it available in file explorer as well?

I'm looking at some doc's online, but haven't gotten it to work yet...
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Michael B. Smith

So, and I'm just grasping at straws, try adding FS-Resource-Manager

Add-WindowsFeature FS-Resource-Manager

Open in new window

and then re-sharing the offending share (using server manager) and see if it makes a difference.
Michael B. Smith

Yes, with New-PsDrive, but that's PowerShell only. So I recommend "net use".

But be aware that "net use" is a per user setting.
George M

ASKER
All,

The initial solution for this was first stated by Michael, but there was one more step in making the mapping permanent and available to File Explorer, which is what I really wanted in the first place.

After using "net use" to map the drive, I also had to add the following registry entry as described below:

Mapped network drives created by an elevated process will not be visible to an unelevated process and vice versa. This has been the case since Windows Vista. Since Explorer doesn't run elevated (unless you fully disable UAC), it doesn't see the drives you made with your administrative command prompt.

To disable that isolation, you can modify the Registry, as instructed by this TechNet article. Navigate to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Create a DWORD entry named EnableLinkedConnections with a value of 1. Reboot the computer. Network drives mapped by the same user, even under different security contexts, will always appear to programs running as that user.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
George M

ASKER
This is my first time using this website and I wanted to thank everyone for their help!
Michael B. Smith

I didn't know about EnableLinkedConnections! Thanks for that and glad we were able to assist.