asked on
You might not have permission to use this network. - Browsing a server UNC.
ASKER
Tried that and it says i have mapped the drive but its not showing and unable to browse the drive. Net use shows the drive as mapped.
I see a mapped drive (S:\)to a share within the c:\ drive which is available and can be opened by this test user. It also shows the admin mapped drive t:\ as status unavailable (like the s:\) but not showing in explorer as this user doesn't have permission or part of the GPO for mapped drives.
Workstation service fails to restart. Hanging/ in a stopping state..
ASKER
Rebooted server, service now running. Unable to browse still.
try...
Net use T: /delete
This will delete the T: drive mapping. Then try accessing the share.
ASKER
T:\ is a valid drive for myself and after disconnecting it i still cant access the UNC path. T:\ is mapped to a subfolder of c$
If this is a newer server, and only happens when trying to connect to C$, it maybe due to newer, local security policies in the OS. I have ran into something similar with newer servers I have built in our DMZ as some of the app owners like to do this to move files.
Launch Local Security Policy -> Security Options ->
Scroll down to User Account Control: Admin Approval Mode for Built-in Administrator Account
Make sure this is set to "disabled". On newer OS's it is enabled.
If that does not work, then another option is the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
There may be an entry there called: LocalAccountTokenFilterPolicy
If so, then right click and modify it by changing it to a "1". If it does not exist, then right-click -> DWORD(32-bit) and add the key with the value of "1".
This will require a reboot.
ASKER
Server 2012 r2. The other server i tried which works is newer OS> Tried another server with same OS and all fine.
UAC admin policy is already disabled.
The LATFP setting is also already 1.
ASKER
I haven't and that is working..
Check the following and set it to 0 if it is set to anything else.
Registry Path: HKLM\System\CurrentControlSet\Control\Lsa\
Value Name: LmCompatibilityLevel
Value Type: REG_DWORD
Value: 0
Also, since the IP works, have you tried with the FQDN rather than just the short name? You screenshot blackout seems short like it is just the shortname.
ASKER
There isnt an entry for that key.
Browsing using FQDN work as well
So the only thing not working is trying to browse by the short name, correct?
ASKER
Yes
While I do not think this would be the issue, it may be work disabling strict name checking. You may need to add this key.
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
DWORD name: DisableStrictNameChecking
DWORD value: 1
Also check and see if NetBIOS was somehow disabled.
If you do a ping with the short\NetBIOS name does it resolve and respond?
ASKER
Have tried the reg and NIC setting change, but not helped.
I can ping to the short name works fine, which resolves the FQDN to the IP.
Forgot to add that the issue only occurs when accessing the UNC path via a user account without admin permission. i.e. it opens the windows security box prompt. Not sure if of any relevance as the IP and FQDN works when entering my creds.
https://learn.microsoft.com/en-US/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction
ASKER
In an elevated CMD prompt, run the 'net use' command. Are there any mapped drives to that server?
Also try restarting the Workstation service.