Unable to access shares, from multiple windows 10 machines, residing on a new build of server 2016.

I am having a problem accessing a remote share, from a windows 10 enterprise system, to a share that resides on a server 2016 machine.  Interestingly enough, I set up another 2016 system which I can access from the same windows 10 machine with no issue.  The system is currently not domain connected and I have tried accessing the hidden share on the d:\ drive of the remote 2016 machine.  I have also shared the drive out to the "Everyone" group with full permissions and I still cannot connect.

From the remote machine, I enter into a windows explorer window \\servername\share, but I never get prompted for a username/password.  Instead I get a window popup stating "Windows cannot access \\servername\share".  The error code is 0x80004005.  

In the event log, on the 2016 server, I am seeing an audit failure, in the Security log, stating "The user has not been granted the requested logon type at this machine"

On the second server, that I installed server 2016 on, I have no problem accessing the share, whether it's the hidden share or the share I set up to Everyone.  

I don't understand why I'm not being prompted to enter my credentials on my Windows 10 machine.  I have also confirmed with others, in my group and they too cannot access any of the shares on the problem 2016 server.

I have looked everywhere under the sun, but cannot find a resolution to this issue.  

Any help is appreciated.
George MSystem AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
Check the NTFS permissions for the folder. Not just the permissions for the share itself.
0
George MSystem AdministratorAuthor Commented:
I have checked the ntfs permissions and they seem to be ok.  I compared the problem systems settings to the one that is working properly.  Here's what I have:

Everyone - Read and Execuite
Creator Owner - Full Control
System - Full Control
Administrators - Full Control
Users - Read & Execute/Create Folders/append data/create files/write data

Owner of the drive is SYSTEM
0
matrix8086Commented:
If the Windows 10 machines are in a domain but you server is not, this explains everything: the Windows 10 present the current domain user credentials, but the server does'n't know about them. On a host integrated in a domain, we have Domain Users and Local Users. On a host which is not integrated in a domain, we have only Local Users, users availabile only on that host/machine.
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

George MSystem AdministratorAuthor Commented:
I can access the shared drive, on the second 2016 server I built, which is also not connected to the domain.  The way I was able to do this was by going into Advanced Sharing and sharing the folder to Everyone/Full Control.

I set up the share, on the problem 2016 server, exactly the same as above, but I still cannot access it.
0
matrix8086Commented:
Check your Network profile for the problem server: it must be Private. Also, on the problem server:
- In Control Panel -> Network and Sharing Center -> Advanced Sharing Center, check for the Private profile if the network discovery is ON and file and printer sharing is ON
- In All Networks profile check if password protected sharing is OFF

Or better, compare all above between the two servers
0
George MSystem AdministratorAuthor Commented:
matrix8086, I tried your suggestions, but I still can't access the server shares.  I even matched the settings on the good server, but it still doesn't work.  I'm ready to toss it out the window...
0
Michael B. SmithExchange & Active Directory ExpertCommented:
if you just want to make it work, more than figuring out "why", then drop to the cmd line:

net use * \\server\share /user:server\username

Open in new window

You'll be prompted for the password.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
George MSystem AdministratorAuthor Commented:
I should also add, that I'm able to access the share, on the good 2016 server from other systems on that are on the domain.  I get prompted for a username/password, as expected and then I can access the share...

When I try to access the share, on the bad system, from the same domain systems, I don't get a prompt just a flat out "windows cannot access \\server\share"
0
matrix8086Commented:
It's your network working good? Can you ping the bad server by IP from a windows 10? How about ping the bad server by name from a windows 10?
0
George MSystem AdministratorAuthor Commented:
Michael B. Smith, yes I tried that and yes I do in fact get prompted and can access the share, but I need to pass this system off to web/iis guys and this wouldn't work for them.
0
matrix8086Commented:
@George M: OMG!!!
0
George MSystem AdministratorAuthor Commented:
matrix8086, when I ping both the good and bad server, from my windows 10 machine and another domain machine, I get no response, but I can ping my windows 10 machine from both the good and bad server...
0
Michael B. SmithExchange & Active Directory ExpertCommented:
File and Storage Services role and subsidiary services installed?
0
George MSystem AdministratorAuthor Commented:
Yeah, I know...I could try to pass it off though.  It's better than rebuilding the whole box, for something as goofy as this!!  Once I get it on the domain, this issue goes away...
0
George MSystem AdministratorAuthor Commented:
Michael, File and Storage Services role is selected, but I don't know what subsidiary services are or how to check them.
0
Michael B. SmithExchange & Active Directory ExpertCommented:
The easiest way (in my opinion) is from PowerShell:

Get-WindowsFeature File*, FS*, Stor*

Open in new window

0
George MSystem AdministratorAuthor Commented:
Here's the output:

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
        [ ] Data Deduplication                          FS-Data-Deduplication          Available
        [ ] DFS Namespaces                              FS-DFS-Namespace               Available
        [ ] DFS Replication                             FS-DFS-Replication             Available
        [ ] File Server Resource Manager                FS-Resource-Manager            Available
        [ ] File Server VSS Agent Service               FS-VSS-Agent                   Available
        [ ] iSCSI Target Server                         FS-iSCSITarget-Server          Available
        [ ] Server for NFS                              FS-NFS-Service                 Available
        [ ] Work Folders                                FS-SyncShareService            Available
    [X] Storage Services                                Storage-Services               Installed
[X] SMB 1.0/CIFS File Sharing Support                   FS-SMB1                        Installed
[ ] SMB Bandwidth Limit                                 FS-SMBBW                       Available
0
David Johnson, CD, MVPOwnerCommented:
net use * \\servername\sharename  password /USER:servername\username

Open in new window


save this as a batch file and share the batch file on something the iis team can access

edit: had the syntax wrong
0
George MSystem AdministratorAuthor Commented:
Michael, going back to the net use command I have been looking at the New-PSDrive cmdlet for Powershell and if I'm understanding things correctly, there's a way to map a drive in Powershell and you can also make it available in file explorer as well?

I'm looking at some doc's online, but haven't gotten it to work yet...
0
Michael B. SmithExchange & Active Directory ExpertCommented:
So, and I'm just grasping at straws, try adding FS-Resource-Manager

Add-WindowsFeature FS-Resource-Manager

Open in new window

and then re-sharing the offending share (using server manager) and see if it makes a difference.
0
Michael B. SmithExchange & Active Directory ExpertCommented:
Yes, with New-PsDrive, but that's PowerShell only. So I recommend "net use".

But be aware that "net use" is a per user setting.
0
George MSystem AdministratorAuthor Commented:
All,

The initial solution for this was first stated by Michael, but there was one more step in making the mapping permanent and available to File Explorer, which is what I really wanted in the first place.

After using "net use" to map the drive, I also had to add the following registry entry as described below:

Mapped network drives created by an elevated process will not be visible to an unelevated process and vice versa. This has been the case since Windows Vista. Since Explorer doesn't run elevated (unless you fully disable UAC), it doesn't see the drives you made with your administrative command prompt.

To disable that isolation, you can modify the Registry, as instructed by this TechNet article. Navigate to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Create a DWORD entry named EnableLinkedConnections with a value of 1. Reboot the computer. Network drives mapped by the same user, even under different security contexts, will always appear to programs running as that user.
0
George MSystem AdministratorAuthor Commented:
This is my first time using this website and I wanted to thank everyone for their help!
0
Michael B. SmithExchange & Active Directory ExpertCommented:
I didn't know about EnableLinkedConnections! Thanks for that and glad we were able to assist.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.