Link to home
Start Free TrialLog in
Avatar of George M
George M

asked on

Unable to access shares, from multiple windows 10 machines, residing on a new build of server 2016.

I am having a problem accessing a remote share, from a windows 10 enterprise system, to a share that resides on a server 2016 machine.  Interestingly enough, I set up another 2016 system which I can access from the same windows 10 machine with no issue.  The system is currently not domain connected and I have tried accessing the hidden share on the d:\ drive of the remote 2016 machine.  I have also shared the drive out to the "Everyone" group with full permissions and I still cannot connect.

From the remote machine, I enter into a windows explorer window \\servername\share, but I never get prompted for a username/password.  Instead I get a window popup stating "Windows cannot access \\servername\share".  The error code is 0x80004005.  

In the event log, on the 2016 server, I am seeing an audit failure, in the Security log, stating "The user has not been granted the requested logon type at this machine"

On the second server, that I installed server 2016 on, I have no problem accessing the share, whether it's the hidden share or the share I set up to Everyone.  

I don't understand why I'm not being prompted to enter my credentials on my Windows 10 machine.  I have also confirmed with others, in my group and they too cannot access any of the shares on the problem 2016 server.

I have looked everywhere under the sun, but cannot find a resolution to this issue.  

Any help is appreciated.
Avatar of masnrock
masnrock
Flag of United States of America image

Check the NTFS permissions for the folder. Not just the permissions for the share itself.
Avatar of George M
George M

ASKER

I have checked the ntfs permissions and they seem to be ok.  I compared the problem systems settings to the one that is working properly.  Here's what I have:

Everyone - Read and Execuite
Creator Owner - Full Control
System - Full Control
Administrators - Full Control
Users - Read & Execute/Create Folders/append data/create files/write data

Owner of the drive is SYSTEM
If the Windows 10 machines are in a domain but you server is not, this explains everything: the Windows 10 present the current domain user credentials, but the server does'n't know about them. On a host integrated in a domain, we have Domain Users and Local Users. On a host which is not integrated in a domain, we have only Local Users, users availabile only on that host/machine.
I can access the shared drive, on the second 2016 server I built, which is also not connected to the domain.  The way I was able to do this was by going into Advanced Sharing and sharing the folder to Everyone/Full Control.

I set up the share, on the problem 2016 server, exactly the same as above, but I still cannot access it.
Check your Network profile for the problem server: it must be Private. Also, on the problem server:
- In Control Panel -> Network and Sharing Center -> Advanced Sharing Center, check for the Private profile if the network discovery is ON and file and printer sharing is ON
- In All Networks profile check if password protected sharing is OFF

Or better, compare all above between the two servers
matrix8086, I tried your suggestions, but I still can't access the server shares.  I even matched the settings on the good server, but it still doesn't work.  I'm ready to toss it out the window...
ASKER CERTIFIED SOLUTION
Avatar of Michael B. Smith
Michael B. Smith
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I should also add, that I'm able to access the share, on the good 2016 server from other systems on that are on the domain.  I get prompted for a username/password, as expected and then I can access the share...

When I try to access the share, on the bad system, from the same domain systems, I don't get a prompt just a flat out "windows cannot access \\server\share"
It's your network working good? Can you ping the bad server by IP from a windows 10? How about ping the bad server by name from a windows 10?
Michael B. Smith, yes I tried that and yes I do in fact get prompted and can access the share, but I need to pass this system off to web/iis guys and this wouldn't work for them.
@George M: OMG!!!
matrix8086, when I ping both the good and bad server, from my windows 10 machine and another domain machine, I get no response, but I can ping my windows 10 machine from both the good and bad server...
File and Storage Services role and subsidiary services installed?
Yeah, I know...I could try to pass it off though.  It's better than rebuilding the whole box, for something as goofy as this!!  Once I get it on the domain, this issue goes away...
Michael, File and Storage Services role is selected, but I don't know what subsidiary services are or how to check them.
The easiest way (in my opinion) is from PowerShell:

Get-WindowsFeature File*, FS*, Stor*

Open in new window

Here's the output:

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] File and Storage Services                           FileAndStorage-Services        Installed
    [X] File and iSCSI Services                         File-Services                  Installed
        [X] File Server                                 FS-FileServer                  Installed
        [ ] BranchCache for Network Files               FS-BranchCache                 Available
        [ ] Data Deduplication                          FS-Data-Deduplication          Available
        [ ] DFS Namespaces                              FS-DFS-Namespace               Available
        [ ] DFS Replication                             FS-DFS-Replication             Available
        [ ] File Server Resource Manager                FS-Resource-Manager            Available
        [ ] File Server VSS Agent Service               FS-VSS-Agent                   Available
        [ ] iSCSI Target Server                         FS-iSCSITarget-Server          Available
        [ ] Server for NFS                              FS-NFS-Service                 Available
        [ ] Work Folders                                FS-SyncShareService            Available
    [X] Storage Services                                Storage-Services               Installed
[X] SMB 1.0/CIFS File Sharing Support                   FS-SMB1                        Installed
[ ] SMB Bandwidth Limit                                 FS-SMBBW                       Available
net use * \\servername\sharename  password /USER:servername\username

Open in new window


save this as a batch file and share the batch file on something the iis team can access

edit: had the syntax wrong
Michael, going back to the net use command I have been looking at the New-PSDrive cmdlet for Powershell and if I'm understanding things correctly, there's a way to map a drive in Powershell and you can also make it available in file explorer as well?

I'm looking at some doc's online, but haven't gotten it to work yet...
So, and I'm just grasping at straws, try adding FS-Resource-Manager

Add-WindowsFeature FS-Resource-Manager

Open in new window

and then re-sharing the offending share (using server manager) and see if it makes a difference.
Yes, with New-PsDrive, but that's PowerShell only. So I recommend "net use".

But be aware that "net use" is a per user setting.
All,

The initial solution for this was first stated by Michael, but there was one more step in making the mapping permanent and available to File Explorer, which is what I really wanted in the first place.

After using "net use" to map the drive, I also had to add the following registry entry as described below:

Mapped network drives created by an elevated process will not be visible to an unelevated process and vice versa. This has been the case since Windows Vista. Since Explorer doesn't run elevated (unless you fully disable UAC), it doesn't see the drives you made with your administrative command prompt.

To disable that isolation, you can modify the Registry, as instructed by this TechNet article. Navigate to this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Create a DWORD entry named EnableLinkedConnections with a value of 1. Reboot the computer. Network drives mapped by the same user, even under different security contexts, will always appear to programs running as that user.
This is my first time using this website and I wanted to thank everyone for their help!
I didn't know about EnableLinkedConnections! Thanks for that and glad we were able to assist.