You may encounter an issue where Windows 10 cannot access file shares, but earlier versions such as Windows 7 can. In many cases this is due to incorrect firewall settings, together with the fact that Windows 10 has an issue with negotiating SMB1.
Cause
The issue can be caused by firewall settings which have TCP 139 opened, but TCP 445 is not open. This could be either Windows Firewall settings, or another firewall in between the client and server.
Background
SMB can run either directly over TCP, in which case it users TCP port 445, or it uses the older NetBIOS API and NetBIOS over TCP 139. If 445 is not open, then Windows clients (prior to Windows 10) will drop back to SMB1 and NetBIOS over TCP, this using a protocol that is almost 30 years old.
You can test this by viewing the port that a working (Win7) client is using to connect to a server:
netstat -an | find “172.4.24.101”
TCP 172.4.102.218:56871 172.4.24.101:445 ESTABLISHED
#Using SMB over TCP
TCP 172.4.102.218:56710 172.4.2.19:139 ESTABLISHED
#Using SMB on top of NetBIOS over TCP
Workaround
A workaround is to force Windows 10 to use SMB1. This is not recommended since performance is worse, and the protocol is deprecated.
“https://support.microsoft.com/en-us/kb/2696547“
•To disable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled
•To enable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto
Solution
The simple solution is to open up TCP 445 on your hardware or Windows firewalls. If group policy is enabling the Windows Firewall, you could add exceptions for Windows File and Printer sharing as follows:
– Navigate to Computer Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security
– Create a new Inbound Rule: Predefined, File and Printer Sharing
– Leave all predefined rules selected
You could also do this using custom rules if you just wanted to apply to one profile, only 445 is required.
Run a gpupdate on your print servers and you should find that your Windows 10 clients can now print.