SOLVED Win 10 Cannot Browse SMB Shares

mlpotter

Cadet
Joined
May 12, 2022
Messages
7
I have been through many threads on the forums this morning and tried quite a bit to see what's up with this issue and haven't had any luck. I am currently running
TrueNAS-12.0-U8.1. I cannot browse any SMB shares on Win 10 machines but can from Windows Server 2019 as the same user. When I attempt to connect to the TrueNAS server on Win 10 I get the following error even though the machine shows up when I browse the network. Using the FQDN or IP results in the same.

1652373988576.png

And when I attempt to connect from a Windows Server 2019 machine I am able to browse:

1652374061943.png

The hostname is set properly in Network -> Global Configuration
1652374328531.png
SMB is configured correctly as near as I can figure
1652374433454.png

I am somewhat at wit's end here. The hostname and the netbios name are the same, the hostname pings and resolves to the proper IP. The TrueNAS server is joined to the same domain as the machines I am using. Here is some of the information I've seen requested in other threads just to save some time...

midclt call network.configuration.config
{"id": 1, "hostname": "phoenix", "domain": "seitel.pri", "ipv4gateway": "10.1.8.1", "ipv6gateway": "", "nameserver1": "192.168.0.185", "nameserver2": "", "nameserver3": "", "httpproxy": "", "netwait_enabled": false, "netwait_ip": [], "hosts": "", "domains": ["seitel.linux"], "service_announcement": {"netbios": false, "mdns": true, "wsd": true}, "hostname_local": "phoenix"}

testparm -s (sanitized)
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_DOMAIN_MEMBER

# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
client ldap sasl wrapping = seal
disable spoolss = Yes
dns proxy = No
domain master = No
enable web service discovery = Yes
kerberos method = secrets and keytab
kernel change notify = No
load printers = No
local master = No
logging = file
max log size = 5120
nsupdate command = /usr/local/bin/samba-nsupdate -g
preferred master = No
realm = EXAMPLE.COM
registry shares = Yes
restrict anonymous = 2
security = ADS
server role = member server
server string = Production Data Server
template shell = /bin/sh
unix extensions = No
winbind cache time = 7200
winbind enum groups = Yes
winbind enum users = Yes
winbind max domain connections = 10
winbind use default domain = Yes
workgroup = WORKGROUP
idmap config *: range = 90000001-100000000
idmap config seitelpri: range = 100000001-200000000
idmap config seitelpri: backend = rid
idmap config * : backend = tdb
directory name cache size = 0
dos filemode = Yes


[gcp-sync]
comment = Google Cloud automated sync
ea support = No
level2 oplocks = No
oplocks = No
path = /mnt/pool1/gcp-sync
read only = No
strict locking = Yes
vfs objects = shadow_copy_zfs noacl aio_fbsd
nfs4:chown = true


[backups]
ea support = No
kernel share modes = No
path = /mnt/pool1/backups
posix locking = No
read only = No
vfs objects = streams_xattr shadow_copy_zfs ixnas aio_fbsd
nfs4:chown = true


[test]
comment = Test Samba Share
ea support = No
kernel share modes = No
path = /mnt/pool1/test
posix locking = No
read only = No
vfs objects = streams_xattr shadow_copy_zfs ixnas aio_fbsd
nfs4:chown = true

SMB1 is disabled on the WIN 10 box as well. I am sort of at wit's end and would appreciate any help the community is willing to give.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Try enabling the netbios nameserver. Also make sure you have enabled network browsing on the Windows client (this is non-default setting in modern windows).
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
Also, make sure you set the local network in Windows 10 as Private, not Public (the default). The latter will result in problems like this, as the Windows 10 WS-Discovery services only run on Private networks.
 

mlpotter

Cadet
Joined
May 12, 2022
Messages
7
Windows network is domain as the machine is joined to a domain.

1652379284126.png

The server shows up in the network browser and I can browse other machines:

1652379421421.png

Network discovery is allowed through the firewall on all networks
1652379547909.png

Turning on NetBIOS-NS in Network -> Global Configuration and restarting SMB through Services doesn't seem to have had any affect
1652379745317.png
 

mlpotter

Cadet
Joined
May 12, 2022
Messages
7
The SMB logs show only this on a connection attempt
Code:
[2022/05/12 13:33:20.541920,  2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2022/05/12 13:33:39.489741,  2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2022/05/12 13:34:20.572113,  2] ../../source3/smbd/process.c:2906(deadtime_fn)
  Closing idle connection
[2022/05/12 13:34:39.539111,  2] ../../source3/smbd/process.c:2906(deadtime_fn)
  Closing idle connection

Then the error pops up on the Win 10 box.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
The SMB logs show only this on a connection attempt
Code:
[2022/05/12 13:33:20.541920,  2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2022/05/12 13:33:39.489741,  2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2022/05/12 13:34:20.572113,  2] ../../source3/smbd/process.c:2906(deadtime_fn)
  Closing idle connection
[2022/05/12 13:34:39.539111,  2] ../../source3/smbd/process.c:2906(deadtime_fn)
  Closing idle connection

Then the error pops up on the Win 10 box.
What do you see in authentication log `midclt call smb.status AUTH_LOG | jq`
 

mlpotter

Cadet
Joined
May 12, 2022
Messages
7
There are entries but nothing in the last 1.25 hours so those SMB log messages must be coincidental.The last entry from that command was
Code:
"timestamp": "2022-05-12T12:28:38.785296-0500"[/DATE] and it's 13:47 here and the time on the TrueNAS server is correct.
 

mlpotter

Cadet
Joined
May 12, 2022
Messages
7
To add more information, this is starting to look like it might be some sort of AD coupled with Win 10 issue. When connected via the VPN on a non-domain Win 10 machine I can browse the SMB shares with no issues. Server 2019 works just fine still. I have yet to sort out why domain connected Win 10 machines cannot see the SMB shares.
 

mlpotter

Cadet
Joined
May 12, 2022
Messages
7
Also the server has disappeared from network browsing on Win 10 at the moment. I have Netbios-NS, mDNS, and WS-Discovery all enabled in the control panel.
 

Jessep

Patron
Joined
Aug 19, 2018
Messages
379
GPO networking (sharing) rules applied to domain PCs?
 

mlpotter

Cadet
Joined
May 12, 2022
Messages
7
I have found the solution, it ended up being networking and not SMB or AD config. Here's the networking setup:

1 x GiB ethernet on 10.1.9.0/24 (initially imagined as a backup way to access the web interface)
2 x 40 GiB ethernet LACP with 2 VLANs: 10.1.8.0/24 and 192.168.0.0/24

The Win 10 vs Server 2019 was a red herring, all of the Win 10 machines were on 10.1.9.0/24 and the servers on 10.1.8.0/24.

Even restricting SMB to the 10.1.8.0/24 interface didn't fix the issue. In the end I moved the 10.1.9.0/24 address to the LACP and added a static route to route 10.1.9.0/24 traffic through the default gateway. It is likely if I removed the 10.1.9.0/24 address altogether it would have the same end result.

The epiphany moment was when I worked from home yesterday and could mount the shares, with no issues, over the VPN on my local Win 10 VM that I use to connect to the office. It's not a domain member and it's on a totally different subnet. I started digging through the machines that were working and those that weren't and noticed the subnets. I should have noticed it much sooner and feel a little daft for it taking as long as it did.
 
Top