SOLVED

Windows Server 2016 folder share problem

Copper Contributor

I am currently having a problem with connecting new users to a shared network folder. Our network consists of three (3) Windows Servers (2016, 2019 & 2022) and a couple dozen of Windows 10 & 11 workstations. The shared folder we are having problems with is on the Windows Server 2016 (it's the only folder shared on this server). When this server was put into service, we had a couple of older servers (2008 & 2012 R2) and a mix of Windows 7 & XP workstations. At that time, I added the SMB 1 file-sharing support for the older systems.

But recently, the first time I tried to connect a new user to the share on the 2016 server, I got an error that stated, "An error occurred while reconnecting M: to \\server3\data Microsoft Windows Network: you can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack. Your system requires SMB2 or higher. This connection has not been restored".

I enabled the SMB1 protocol on a couple of Windows 10 workstations, but I am now getting the error "M:\ is not accessible. The sc count is not authorized to log in from this station". I did run SFC /SCANNOW on the 2016 server, and it did find errors, but was unable to fix them. I ran DISM and found the component store had corruption but was fixable. I tried repairing it online, but it failed, so I had to use the installation media to perform the repair. SFC /SCANNOW reports that all system files are healthy, but the share is still not accessible to new users.

I have searched the Internet for the last couple of days and have found a few articles on this issue, but none of the recommended actions worked. Does anybody have an idea of how I can resolve this issue? Thanks in advance for all of the assistance.

11 Replies
I also noticed that when I browse the network with File Explorer and I select the Windows Server 2016, I get an error message that states, "\\SERVER3 is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The account is not authorized to log in from this station." When I use just the server IP address, the folder is empty.

Since you have Server 2016 (oldest) and windows 10 desktops you should be using SMBv3        

Overview of file sharing using the SMB 3 protocol in Windows Server | Microsoft Learn      

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows | Microsoft Learn      

 

     

 

Both SMBv2 & SMBv3 are enabled on this 2016 server. This server also has an issue with Windows Backup using a network share. I have run the Network Troubleshooter, but it found nothing wrong.

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on **any** domain controller)
ipconfig /all > C:\%computername%.txt (run on **EVERY** domain controller)
ipconfig /all > C:\problemworkstation.txt (run on problem pc)


Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)

then put unzipped text files up on OneDrive and share a link.   

    

 

Hi Dave,

Here's the link to the files.

https://1drv.ms/f/s!AgsdgwkJ9Sjnm3nCfGbceDOHaoUm?e=exle29

Thanks for the assistance.
best response confirmed by scottstgelais (Copper Contributor)
Solution

- Each domain controller should at a minimum have its own static ip address plus the loopback (127.0.0.1) listed for DNS. Its fine to have the other DCs listed as well but you should add the missing "own" static address to each.

 

- Server3 IsmServ Service is stopped on [SERVER3]
this one could help here
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/ismserv-not-start-when-domain...

 

- Diagnostic Service Host service failed to start
I believe it should be set to Manual start so you could try that.

   

- The bigger problem is they all three complain about sysvol replication issues. The DFS Replication event logs on all three should have more details. I don't know how long this has been happening or if the tombstone has been exceeded. If so you may need to pick one and rebuild the other two. The one you keep you can try an authoritative sync to fix that before adding new ones. 
https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-a...

 

Also WINS is from the days of NT and somewhat windows 2000 so I'd get rid of that confusion as it is no longer needed. 

      

 

Hi Dave,

I cannot find the CN=SYSVOL Subscription attribute using ADSIEDIT.MSC. Is there a specific location where it may be found?

Thx,
Scott

Make sure you connect to the Default naming context (at top of tree right-click Connect to) then drill in as shown below. (drill into the correct domain controller)

  

DavePatrick_0-1698328311987.png

 

@scottstgelais  just checking if there's any progress or updates? please don't forget to mark helpful replies.    

    

 

After going through each of the steps you outlined (thanks again) without any problems, I still had the issue. I had noticed a random loss of connection every minute or two to the problem server. I started scanning the network and found a Netgear device was randomly taking the server's IP. Psychical access to these servers has been minimal for the last couple of months, so I decided it was time to go on-site. Sure enough, someone had plugged a Netgear WiFi router into the network switch. Once I disconnected the network router, everything started working correctly again.

Thanks again, Dave, for all of your assistance.
Glad to hear, you're welcome.

1 best response

Accepted Solutions
best response confirmed by scottstgelais (Copper Contributor)
Solution

- Each domain controller should at a minimum have its own static ip address plus the loopback (127.0.0.1) listed for DNS. Its fine to have the other DCs listed as well but you should add the missing "own" static address to each.

 

- Server3 IsmServ Service is stopped on [SERVER3]
this one could help here
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/ismserv-not-start-when-domain...

 

- Diagnostic Service Host service failed to start
I believe it should be set to Manual start so you could try that.

   

- The bigger problem is they all three complain about sysvol replication issues. The DFS Replication event logs on all three should have more details. I don't know how long this has been happening or if the tombstone has been exceeded. If so you may need to pick one and rebuild the other two. The one you keep you can try an authoritative sync to fix that before adding new ones. 
https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-a...

 

Also WINS is from the days of NT and somewhat windows 2000 so I'd get rid of that confusion as it is no longer needed. 

      

 

View solution in original post