Rss

Windows 10 issue accessing file shares

Hal Sclater 0 Comments
Windows 10 logo

You may encounter an issue where Windows 10 cannot access file shares, but earlier versions such as Windows 7 can. In many cases this is due to incorrect firewall settings, together with the fact that Windows 10 has an issue with negotiating SMB1.

Cause

The issue can be caused by firewall settings which have TCP 139 opened, but TCP 445 is not open. This could be either Windows Firewall settings, or another firewall in between the client and server.

Background

SMB can run either directly over TCP, in which case it users TCP port 445, or it uses the older NetBIOS API and NetBIOS over TCP 139. If 445 is not open, then Windows clients (prior to Windows 10) will drop back to SMB1 and NetBIOS over TCP, this using a protocol that is almost 30 years old.

You can test this by viewing the port that a working (Win7) client is using to connect to a server:

netstat -an | find “172.4.24.101”

TCP    172.4.102.218:56871   172.4.24.101:445     ESTABLISHED

#Using SMB over TCP

TCP    172.4.102.218:56710   172.4.2.19:139         ESTABLISHED

#Using SMB on top of NetBIOS over TCP

Workaround

A workaround is to force Windows 10 to use SMB1. This is not recommended since performance is worse, and the protocol is deprecated.

https://support.microsoft.com/en-us/kb/2696547

•To disable SMBv2 and SMBv3 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi

sc.exe config mrxsmb20 start= disabled

•To enable SMBv2 and SMBv3 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi

sc.exe config mrxsmb20 start= auto

Solution

The simple solution is to open up TCP 445 on your hardware or Windows firewalls. If group policy is enabling the Windows Firewall, you could add exceptions for Windows File and Printer sharing as follows:

– Navigate to Computer Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security

– Create a new Inbound Rule: Predefined, File and Printer Sharing

– Leave all predefined rules selected

You could also do this using custom rules if you just wanted to apply to one profile, only 445 is required.

Run a gpupdate on your print servers and you should find that your Windows 10 clients can now print.

Posted in Windows 10

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Ⓒ 2024, Cloudrun Ltd