Windows Server 2016 DC cant connect to NAS device.
Hi,
I have a client with a Windows 2016 server domain controller.
It had previously been able to connect to their Synology NAS device without an issue, i think a windows update has caused the issue.
I can connect to the NAS via a web brower using the device name or i.p address and login to it with NAS credentials.
I cant map a drive to the shares on the NAS or add a network location in Windows explorer.
I can do the above on other machines on the network.
The issue is specific to the 2016 DC. When trying to map a drive or connect to a folder on the NAS, Windows security asks for login details, no matter what i enter, the connection is denied. It defaults to "domain\username" I've tried "localhost\username" with no success.
We use the NAS to backup to locally and its starting to drive me around the bend :)
I'd appreciate any/all help.
ASKER
Hi Roland,
Thanks for the reply, \\ipofnas\share provides the same login credentials failure.
The I.p and device name both resolve in dns.
It seems to be a windows security "thing"
Thanks for the reply, \\ipofnas\share provides the same login credentials failure.
The I.p and device name both resolve in dns.
It seems to be a windows security "thing"
The Synology NAS is up-to-date?
I assume its domain joined? Have you checked the DCs event log? May have to check other DCs as well for auth. problems.
I assume its domain joined? Have you checked the DCs event log? May have to check other DCs as well for auth. problems.
ASKER
Hi,
Yes the synology is up to date and accessible to other machines on the network.
It's not domain joined.
Yes the synology is up to date and accessible to other machines on the network.
It's not domain joined.
Is there already a SMB connection with different credentials?
Open an administrative prompt on the affected system and run
Open an administrative prompt on the affected system and run
net useASKER
Hi,
No, other smb connections to the device
No, other smb connections to the device
Hi Steve,
Can you please post the screenshot of the error?
If you have a mapped drive please disconnect all your currently mapped drives and restart the PC and try again.
Can you please post the screenshot of the error?
If you have a mapped drive please disconnect all your currently mapped drives and restart the PC and try again.
ASKER
Hi,
Screen shot attached. The credentials entered work from other machines and i can login to the NAS via a web browser using them.
I cant delete the 3 other drive mappings as its an active DC, i've also restarted it numerous times.
Thanks again
Screen shot attached. The credentials entered work from other machines and i can login to the NAS via a web browser using them.
I cant delete the 3 other drive mappings as its an active DC, i've also restarted it numerous times.
Thanks again
Does the NAS only support SMB1? That protocol isn't very secure, & newer Windoze versions have that protocol disabled. Possibly the update disabled it.
If your NAS supports SMB2, enable that, or check if a DSM upgrade could give support to it.
If your NAS supports SMB2, enable that, or check if a DSM upgrade could give support to it.
ASKER
Hi,
Yes SMB 2 and 3 are enabled on the NAS
Yes SMB 2 and 3 are enabled on the NAS
the username should not be localhost but the defined username setup in the synology i.e. just plain admin without localhost\
ASKER
Hi,
Yes, that also fails on the DC.
Admin and password fail with "incorrect credentials"
Yes, that also fails on the DC.
Admin and password fail with "incorrect credentials"
try aaronnas\admin for the username.. how do you logon to the device via the web?
ASKER
Hi David,
That also fails.
Using a Web browser to the device name or I.p address gives access to the device dsm console, login as admin and password, including other users I have setup on the nas.
That also fails.
Using a Web browser to the device name or I.p address gives access to the device dsm console, login as admin and password, including other users I have setup on the nas.
I'm also guessing its trying to add "localhost" to the login is what is breaking it... That will come across as a domain login, but the domain doesn't exist...
Open a plain cmd window and run
net use
As michael suggested. What is the output?
Have seen a stale session on the system prevents a new one from establishing.
Try
net use /delete \\nasip\..
Does the admin account setup to access shares (aware it is a NAS admin account. But could be excluded from accessing shares.
Localohost\admin
Try .\admin
Add another user and try that.
Is the synology integrated into the AD domain
net use
As michael suggested. What is the output?
Have seen a stale session on the system prevents a new one from establishing.
Try
net use /delete \\nasip\..
Does the admin account setup to access shares (aware it is a NAS admin account. But could be excluded from accessing shares.
Localohost\admin
Try .\admin
Add another user and try that.
Is the synology integrated into the AD domain
ASKER
Hi Arnold.
Thanks for the reply.
net use in a command window returns "System Error 86" "The specified network password is not correct"
It is correct however and connects from other machines, i have 3 users setup, all with full access to all shares, which connect from other machines on the network.
The NAS is not attached to the domain.
There are no stale connections to the device from the DC in question.
.\ and localhost\ both fail, with incorrect credentials.
The issue is specific only to this Server 2016 DC and seems to have appeared following a batch of updates.
Thanks again everyone
Thanks for the reply.
net use in a command window returns "System Error 86" "The specified network password is not correct"
It is correct however and connects from other machines, i have 3 users setup, all with full access to all shares, which connect from other machines on the network.
The NAS is not attached to the domain.
There are no stale connections to the device from the DC in question.
.\ and localhost\ both fail, with incorrect credentials.
The issue is specific only to this Server 2016 DC and seems to have appeared following a batch of updates.
Thanks again everyone
If the Synology NAS is older, it probably had SMBv1 enabled. Make sure to update the Synology and enable SMBv2 as the lowest.
Since you are getting a login prompt, the system from which you are connecting supports the available SMB options on the Synology.
in a plain command windo
net use
returns an error instead of listing all existing mapped shares?
Do you have any mapped drives
one option is to run (non-elevated command)
net use * /delete
this will clear all your mapped/netowrk drive references
and try again
the only time I've run into a similar issue is when the NAS was mapped and listed in the response to net use
was being rejecting because the NAS does not let two distinct logins from the same source.....
Is the Synology joined to the domain?
in a plain command windo
net use
returns an error instead of listing all existing mapped shares?
Do you have any mapped drives
one option is to run (non-elevated command)
net use * /delete
this will clear all your mapped/netowrk drive references
and try again
the only time I've run into a similar issue is when the NAS was mapped and listed in the response to net use
was being rejecting because the NAS does not let two distinct logins from the same source.....
Is the Synology joined to the domain?
ASKER
Hi Arnold,
Sorry, i misread your question.
Net use lists 3 mapped drives that we have, 3 maps only, no connection to the NAS device at all.
When using Net use to try and map a drive to the NAS i get a login error.
The synology isnt joined to the domain.
SMB 1, 2 and 3 are enabled on the NAS.
Thanks again, this is becoming very frustrating. :)
Sorry, i misread your question.
Net use lists 3 mapped drives that we have, 3 maps only, no connection to the NAS device at all.
When using Net use to try and map a drive to the NAS i get a login error.
The synology isnt joined to the domain.
SMB 1, 2 and 3 are enabled on the NAS.
Thanks again, this is becoming very frustrating. :)
First of all I'd disable SMB1 on the NAS. And check if NTLMv1 is still enabled (should be disabled).
Then I'd check the Default Domain Controller policy for settings under Security Settings -> Local Policies -> Security Options.
The interesting stuff is "Microsoft network client: ..." and maybe cryptographic restrictions.
Compare them to the working WIndows 10 clients.
Then I'd check the Default Domain Controller policy for settings under Security Settings -> Local Policies -> Security Options.
The interesting stuff is "Microsoft network client: ..." and maybe cryptographic restrictions.
Compare them to the working WIndows 10 clients.
Also, if you try connecting with "net use", make sure you use /user & then connect with a user account that exists on the NAS, has the proper rights to the share, along with his correct password. Since it isn't domain connected, it won't know any of your Domain accounts.
when you run
net use \\nas\sharedfolder /user:.\nasuser
what happens? do you get wrong password, or a system error?
try the following,
control keymgr.dll to see whether you have stored a login that is no longer valid for the nas on this system.
this is the credential manager I think it can be accessed through the control panel.....users.
net use \\nas\sharedfolder /user:.\nasuser
what happens? do you get wrong password, or a system error?
try the following,
control keymgr.dll to see whether you have stored a login that is no longer valid for the nas on this system.
this is the credential manager I think it can be accessed through the control panel.....users.
Have you set the Synology to only use SMBv2/3? After doing so, let us know if your problem persists.
has reboot the nas and the server been tried?
when I had a similar issue, I had a stale session (cleared up with net use \\nas\share /delete)
the issue that one gets a login prompt is good, the reprompt suggests invalid username/password.
in a dc using .\username may avoid attaching the AD domain name into the credential packet.
when I had a similar issue, I had a stale session (cleared up with net use \\nas\share /delete)
the issue that one gets a login prompt is good, the reprompt suggests invalid username/password.
in a dc using .\username may avoid attaching the AD domain name into the credential packet.
ASKER
Hi Jason,
Yes, set NAS to SMB2 / 3. Same issue.
Yes, set NAS to SMB2 / 3. Same issue.
ASKER
Hi Arnold,
net use \\nas\sharedfolder /user:.\nasuser requests a password then fails with "The Password is invalid" does this for every user on the NAS.
The NAS and server have been rebooted and there are no credentials are saved in "Credential manager" for the NAS device.
net use \\nas\sharedfolder /user:.\nasuser requests a password then fails with "The Password is invalid" does this for every user on the NAS.
The NAS and server have been rebooted and there are no credentials are saved in "Credential manager" for the NAS device.
ASKER
I do appreciate everyones input.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start command prompt, type “net use S: \\IP_OF_NAS\ShareName”
See if this works, if not, you may wanna check your dns for the and name resolution