asked on
Windows Server 2016 DC cant connect to NAS device.
Hi,
I have a client with a Windows 2016 server domain controller.
It had previously been able to connect to their Synology NAS device without an issue, i think a windows update has caused the issue.
I can connect to the NAS via a web brower using the device name or i.p address and login to it with NAS credentials.
I cant map a drive to the shares on the NAS or add a network location in Windows explorer.
I can do the above on other machines on the network.
The issue is specific to the 2016 DC. When trying to map a drive or connect to a folder on the NAS, Windows security asks for login details, no matter what i enter, the connection is denied. It defaults to "domain\username" I've tried "localhost\username" with no success.
We use the NAS to backup to locally and its starting to drive me around the bend :)
I'd appreciate any/all help.
ASKER
Thanks for the reply, \\ipofnas\share provides the same login credentials failure.
The I.p and device name both resolve in dns.
It seems to be a windows security "thing"
I assume its domain joined? Have you checked the DCs event log? May have to check other DCs as well for auth. problems.
ASKER
Yes the synology is up to date and accessible to other machines on the network.
It's not domain joined.
Open an administrative prompt on the affected system and run
net use
and check if there are any
ASKER
No, other smb connections to the device
Can you please post the screenshot of the error?
If you have a mapped drive please disconnect all your currently mapped drives and restart the PC and try again.
ASKER
If your NAS supports SMB2, enable that, or check if a DSM upgrade could give support to it.
ASKER
Yes SMB 2 and 3 are enabled on the NAS
ASKER
Yes, that also fails on the DC.
Admin and password fail with "incorrect credentials"
ASKER
That also fails.
Using a Web browser to the device name or I.p address gives access to the device dsm console, login as admin and password, including other users I have setup on the nas.
net use
As michael suggested. What is the output?
Have seen a stale session on the system prevents a new one from establishing.
Try
net use /delete \\nasip\..
Does the admin account setup to access shares (aware it is a NAS admin account. But could be excluded from accessing shares.
Localohost\admin
Try .\admin
Add another user and try that.
Is the synology integrated into the AD domain
ASKER
Thanks for the reply.
net use in a command window returns "System Error 86" "The specified network password is not correct"
It is correct however and connects from other machines, i have 3 users setup, all with full access to all shares, which connect from other machines on the network.
The NAS is not attached to the domain.
There are no stale connections to the device from the DC in question.
.\ and localhost\ both fail, with incorrect credentials.
The issue is specific only to this Server 2016 DC and seems to have appeared following a batch of updates.
Thanks again everyone
in a plain command windo
net use
returns an error instead of listing all existing mapped shares?
Do you have any mapped drives
one option is to run (non-elevated command)
net use * /delete
this will clear all your mapped/netowrk drive references
and try again
the only time I've run into a similar issue is when the NAS was mapped and listed in the response to net use
was being rejecting because the NAS does not let two distinct logins from the same source.....
Is the Synology joined to the domain?
ASKER
Sorry, i misread your question.
Net use lists 3 mapped drives that we have, 3 maps only, no connection to the NAS device at all.
When using Net use to try and map a drive to the NAS i get a login error.
The synology isnt joined to the domain.
SMB 1, 2 and 3 are enabled on the NAS.
Thanks again, this is becoming very frustrating. :)
Then I'd check the Default Domain Controller policy for settings under Security Settings -> Local Policies -> Security Options.
The interesting stuff is "Microsoft network client: ..." and maybe cryptographic restrictions.
Compare them to the working WIndows 10 clients.
net use \\nas\sharedfolder /user:.\nasuser
what happens? do you get wrong password, or a system error?
try the following,
control keymgr.dll to see whether you have stored a login that is no longer valid for the nas on this system.
this is the credential manager I think it can be accessed through the control panel.....users.
when I had a similar issue, I had a stale session (cleared up with net use \\nas\share /delete)
the issue that one gets a login prompt is good, the reprompt suggests invalid username/password.
in a dc using .\username may avoid attaching the AD domain name into the credential packet.
ASKER
Yes, set NAS to SMB2 / 3. Same issue.
ASKER
net use \\nas\sharedfolder /user:.\nasuser requests a password then fails with "The Password is invalid" does this for every user on the NAS.
The NAS and server have been rebooted and there are no credentials are saved in "Credential manager" for the NAS device.
ASKER
Start command prompt, type “net use S: \\IP_OF_NAS\ShareName”
See if this works, if not, you may wanna check your dns for the and name resolution