Network shares can't be accessedWindows 10 2004

okynnor

okynnor

Explorer
Joined
Mar 14, 2019
Messages
71
FREENAS Version: FreeNAS-11.3-U4.1
RAM: 32GB


Hi,

I've been dealing with this issue and I have searched high and low on Google to no avail. So I'm turning to the FreeNAS community for assistance.

In prior version of Windows, I have been able to access SMB shares on FreeNAS. But ever since I upgraded to 2004, the network shares can't be accessed at all.

Network Error:
Windows cannot access \\FreeNAS
Check the spelling of the name. Otherwise, there might be problem with your network.

The FreeNAS shares can be accessed without any issues via MacOS.

Most of the shares are setup as Guest access OK.
The user account exists FreeNAS, Windows and Mac -- that is, they are matching with what's on the FreeNAS Account.
I'm not sure if the fact that Windows 10 2004's account is linked to my Microsoft account has anything to do with it.
I have tried to enable "Enable insecure guest logons" by using gpedit.msc >> Computer Configuration >> Administrative Templates >> Network >> Lanman Workstation >> Enable
I have also tried to reinstall SMB1.0/CIFS File Sharing Support under Windows Features

Then, I thought that I should disable SMB1 support on SMB Services on FreeNAS because Windows 10 2004 appears to have deprecated support for SMB1 all together. The thought was may be it needs to connect via SMB2 or SMB3. My question, is SMB3 running in FreeNAS by default? How do I check?

I'd appreciate your help and insights to solve this mystery.
 
F

firsway

Dabbler
Joined
Oct 20, 2018
Messages
32
What was your version/feature of Windows before the upgrade?
AFAIR the ability for insecure guest login was removed by default in Windows 10 full stop, but as you have pointed out, can be re-enabled in the registry.
If you were previously on Win10 under a different feature version, then that would suggest something else in the Windows config is causing the problem perhaps? The feature upgrade didn't do anything daft to the firewall, did it?
 
Redcoat

Redcoat

MVP
Joined
Feb 18, 2014
Messages
2,925
Are your shares set to use Guest account only?
 
okynnor

okynnor

Explorer
Joined
Mar 14, 2019
Messages
71
firsway said:
What was your version/feature of Windows before the upgrade?
AFAIR the ability for insecure guest login was removed by default in Windows 10 full stop, but as you have pointed out, can be re-enabled in the registry.
If you were previously on Win10 under a different feature version, then that would suggest something else in the Windows config is causing the problem perhaps? The feature upgrade didn't do anything daft to the firewall, did it?
Click to expand...
Thanks for your help.
This affects all the computers that are running Windows. Honestly, no one reported anything until version 2004 of Windows 10

I've turned off Windows Firewall and it has no effect on accessibility to SMB shares
 
Last edited:
okynnor

okynnor

Explorer
Joined
Mar 14, 2019
Messages
71
Redcoat said:
Are your shares set to use Guest account only?
Click to expand...
We have guest only accounts like Public, which anyone can access and also user accessible accounts tied to their workstation login id. The public access ones are set to user and group nobody.

as I mentioned before, MacOS have no problem— not sure why it’s only Windows.
Thank you.
 
F

firsway

Dabbler
Joined
Oct 20, 2018
Messages
32
okynnor said:
This affects all the computers that are running Windows. Honestly, no one reported anything until version 2004 of Windows 10
Click to expand...
But were your users already on Win10 prior to upgrade to Feature 2004, or were they on Win7?
 
okynnor

okynnor

Explorer
Joined
Mar 14, 2019
Messages
71
I would like to ask the community, how do I access the SMB logs? I would like to check if the Windows 10 machines are even hitting the SMB server on FreeNAS at all. If they are, what is error that's generated.
 
F

firsway

Dabbler
Joined
Oct 20, 2018
Messages
32
okynnor said:
All were on version 1903 and there were no issues. We have no Windows 7 deployments.
Click to expand...
Interesting.. I've managed to reproduce this situation on a 2004 workstation, and despite me making the registry change.
It's not domain joined so not something that GPO could potentially affect.
For info, SMB browsing appears to be OK on 1909 as well.
I'll stick Wireshark on, and see if I can see anything unusual.
 
F

firsway

Dabbler
Joined
Oct 20, 2018
Messages
32
okynnor said:
I would like to ask the community, how do I access the SMB logs? I would like to check if the Windows 10 machines are even hitting the SMB server on FreeNAS at all. If they are, what is error that's generated.
Click to expand...
OK so it looks like I've found the problem and a potential workaround :)

The problem appears to be in gpedit.msc (Local Group Policy Editor)
Basically, setting the flag value of "Allow insecure guest logon" to "Enabled" in Computer Configuration-Administrative Templates-Network-Lanman Workstation, appears to have no effect on the configuration itself.

To workaround this, use Regedit, and navigate to HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.
In my setup, the value of DWORD AllowInsecureGuestAuth was set to 0x00000000 which is wrong considering what I tried to do in GP Edit.
Set the value to 0x00000001 (Hexadecimal 1)
Machine doesn't need a reboot - everything started working for me!

For a more widespread application of this workaround, perhaps the registry change can be rolled out in a GPO

Disclaimer: I have only reproduced this in my environment, which may be different to yours. Please, firstly back up your registry, and/or the machine, before you try this.
 
Yorick

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
I don’t use guest login and so have never seen your issue :). I mean it works but you have to fiddle with the pc itself. I find it easier to just add a user to FreeNAS and add that user to the “shared” group
 
okynnor

okynnor

Explorer
Joined
Mar 14, 2019
Messages
71
firsway said:
OK so it looks like I've found the problem and a potential workaround :)

The problem appears to be in gpedit.msc (Local Group Policy Editor)
Basically, setting the flag value of "Allow insecure guest logon" to "Enabled" in Computer Configuration-Administrative Templates-Network-Lanman Workstation, appears to have no effect on the configuration itself.

To workaround this, use Regedit, and navigate to HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.
In my setup, the value of DWORD AllowInsecureGuestAuth was set to 0x00000000 which is wrong considering what I tried to do in GP Edit.
Set the value to 0x00000001 (Hexadecimal 1)
Machine doesn't need a reboot - everything started working for me!

For a more widespread application of this workaround, perhaps the registry change can be rolled out in a GPO

Disclaimer: I have only reproduced this in my environment, which may be different to yours. Please, firstly back up your registry, and/or the machine, before you try this.
Click to expand...
That's amazing work!! I tried it. It works!
 
okynnor

okynnor

Explorer
Joined
Mar 14, 2019
Messages
71
This is a good way too. A little bit more time consuming.

Yorick said:
I don’t use guest login and so have never seen your issue :). I mean it works but you have to fiddle with the pc itself. I find it easier to just add a user to FreeNAS and add that user to the “shared” group
Click to expand...
 
F

firsway

Dabbler
Joined
Oct 20, 2018
Messages
32
Fredda said:
Nope, I highly doubt they will fix this. Breaking the guest account is intentional and probably part of the MS Cloud strategy.
See also @anodos post regarding exactly that issue.
Click to expand...
They can't even fix the feedback hub app which is supposedly for reporting bugs. Enter an email address that you think is a Microsoft registered one, but turns out not to be? You get a failure message, but then there is no way to backtrack to change the address, it just keeps inviting you to retry..
Worse still, it looks as though the App stores the info before telling you it's an error. Shutting down and restarting the App has no effect - just takes you back to the same "Please Retry" screen :rolleyes:
That's probably a registry hack as well to get working!
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Fredda said:
Nope, I highly doubt they will fix this. Breaking the guest account is intentional and probably part of the MS Cloud strategy.
See also @anodos post regarding exactly that issue.
Click to expand...
I don't think breaking it is intentional. It's just probably not a high priority. The world has changed and moved on from the days where insecure network shares at a business were okay. Legacy ways of doing things get less attention and eventually they go away.
 
Yorick

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
This. Here, let me shill my "now what's this MS Account thang in FreeNAS" video. Arguably it'd be better (because more standardized) to do username/username for user/group during creation and then add the user to "shared" group - you do you, either way will work.
www.youtube.com

Create Windows shares in FreeNAS 11.3 / TrueNAS 12.0

My preferred way of setting up Windows shares from within FreeNAS 11.3 (this will also work for TrueNAS 12.x). This includes comments on:- Mapping users to M...
www.youtube.com www.youtube.com
 
You must log in or register to reply here.

Similar threads

S
SOLVED windows 10 can't access freenas share
Replies
5
Views
1K
sakn54
S
ethereal
Do you have problems accessing FreeNAS with Windows 10?
2
Replies
33
Views
72K
h|device
H
ethereal
Windows 10 version 1909 broke my guest access again
Replies
1
Views
4K
anodos
anodos
m4biz
Can't access to Windows SMB folder only from a single domain client
Replies
10
Views
2K
m4biz
m4biz
A
Unable to retrieve SMB Shares from ubuntu Mate
Replies
4
Views
2K
Samuel Tai
Samuel Tai
Top