Oct 25 2023 06:57 AM
I am currently having a problem with connecting new users to a shared network folder. Our network consists of three (3) Windows Servers (2016, 2019 & 2022) and a couple dozen of Windows 10 & 11 workstations. The shared folder we are having problems with is on the Windows Server 2016 (it's the only folder shared on this server). When this server was put into service, we had a couple of older servers (2008 & 2012 R2) and a mix of Windows 7 & XP workstations. At that time, I added the SMB 1 file-sharing support for the older systems.
But recently, the first time I tried to connect a new user to the share on the 2016 server, I got an error that stated, "An error occurred while reconnecting M: to \\server3\data Microsoft Windows Network: you can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack. Your system requires SMB2 or higher. This connection has not been restored".
I enabled the SMB1 protocol on a couple of Windows 10 workstations, but I am now getting the error "M:\ is not accessible. The sc count is not authorized to log in from this station". I did run SFC /SCANNOW on the 2016 server, and it did find errors, but was unable to fix them. I ran DISM and found the component store had corruption but was fixable. I tried repairing it online, but it failed, so I had to use the installation media to perform the repair. SFC /SCANNOW reports that all system files are healthy, but the share is still not accessible to new users.
I have searched the Internet for the last couple of days and have found a few articles on this issue, but none of the recommended actions worked. Does anybody have an idea of how I can resolve this issue? Thanks in advance for all of the assistance.
Oct 25 2023 09:39 AM
Oct 25 2023 12:04 PM
Since you have Server 2016 (oldest) and windows 10 desktops you should be using SMBv3
Overview of file sharing using the SMB 3 protocol in Windows Server | Microsoft Learn
How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows | Microsoft Learn
Oct 25 2023 12:46 PM
Oct 25 2023 12:53 PM - edited Oct 25 2023 12:54 PM
Please run;
Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log (run on PDC emulator)
repadmin /showrepl >C:\repl.txt (run on **any** domain controller)
ipconfig /all > C:\%computername%.txt (run on **EVERY** domain controller)
ipconfig /all > C:\problemworkstation.txt (run on problem pc)
Also check the domain controller System and Replication (DFS or FRS) event logs for errors since last boot. Post the Event Source and Event IDs of any found. (no evtx files)
then put unzipped text files up on OneDrive and share a link.
Oct 25 2023 02:31 PM
Oct 25 2023 03:29 PM - edited Oct 25 2023 03:58 PM
Solution- Each domain controller should at a minimum have its own static ip address plus the loopback (127.0.0.1) listed for DNS. Its fine to have the other DCs listed as well but you should add the missing "own" static address to each.
- Server3 IsmServ Service is stopped on [SERVER3]
this one could help here
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/ismserv-not-start-when-domain...
- Diagnostic Service Host service failed to start
I believe it should be set to Manual start so you could try that.
- The bigger problem is they all three complain about sysvol replication issues. The DFS Replication event logs on all three should have more details. I don't know how long this has been happening or if the tombstone has been exceeded. If so you may need to pick one and rebuild the other two. The one you keep you can try an authoritative sync to fix that before adding new ones.
https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-a...
Also WINS is from the days of NT and somewhat windows 2000 so I'd get rid of that confusion as it is no longer needed.
Oct 26 2023 06:20 AM
Oct 26 2023 06:52 AM - edited Oct 26 2023 06:53 AM
Make sure you connect to the Default naming context (at top of tree right-click Connect to) then drill in as shown below. (drill into the correct domain controller)
Oct 27 2023 07:37 AM - edited Oct 27 2023 07:38 AM
@scottstgelais just checking if there's any progress or updates? please don't forget to mark helpful replies.
Oct 27 2023 08:23 AM
Oct 25 2023 03:29 PM - edited Oct 25 2023 03:58 PM
Solution- Each domain controller should at a minimum have its own static ip address plus the loopback (127.0.0.1) listed for DNS. Its fine to have the other DCs listed as well but you should add the missing "own" static address to each.
- Server3 IsmServ Service is stopped on [SERVER3]
this one could help here
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/ismserv-not-start-when-domain...
- Diagnostic Service Host service failed to start
I believe it should be set to Manual start so you could try that.
- The bigger problem is they all three complain about sysvol replication issues. The DFS Replication event logs on all three should have more details. I don't know how long this has been happening or if the tombstone has been exceeded. If so you may need to pick one and rebuild the other two. The one you keep you can try an authoritative sync to fix that before adding new ones.
https://learn.microsoft.com/en-US/troubleshoot/windows-server/group-policy/force-authoritative-non-a...
Also WINS is from the days of NT and somewhat windows 2000 so I'd get rid of that confusion as it is no longer needed.