[HOW-TO] Connect to OMV SMB shares with Windows 10 - **Update - Loss of SMB Guest Shares** 11/26/18

    • [HOW-TO] Connect to OMV SMB shares with Windows 10 - **Update Loss of SMB Guest Shares 11/26/18

      - Update 11/26/18: For users who recently lost access to SMB shares, scroll to the section titled Loss of SMB shares with Guest access near the bottom.


      - For users of OMV3, using Remote Mount to connect to Windows 10 client shares, scroll to the bottom.

      __________________________________________________________

      Since this How-To was originally posted, Microsoft has made changes that simplify connecting Windows 10 clients to OMV. One change was abandoning the "homegroup", as of version 1803, in favor of the time tested "workgroup". However, “browsing” for non-Windows servers under Windows Explorer, Network, is still problematic. While this may be somewhat inconvenient, after the appropriate network settings are made, there's a work around that's easy to use.

      ________________________________________________________



      Set Private Network
      Make the selections shown.

      systemsecurity.PNG

      Click “Next”.
      A reboot is required.
      __________________________________________________________________________________________

      Set WORKGROUP name
      (In the same location as above:)

      wrkgrpname.PNG

      Click "OK".
      A reboot is required.

      (For more information, see Note 3.)
      __________________________________________________________________________________________

      Set WORKGROUP name in OMV

      - Setting the identical workgroup name in OMV is required.

      OMV-wrkgrp.png


      __________________________________________________________________________________________

      Advanced Sharing Settings

      Make the following changes to the Private Profile. Leave the Guest or Public and All Networks as they are.

      AdvancedSharingSettings.PNG

      Save Changes

      A reboot is required.
      __________________________________________________________________________________________

      For most cases, the network setting changes made above should allow OMV's shares to be mapped as network drives, and for the creation of a Server short cut as follows.

      ____________________________________________________________

      Create an OMV Server Shortcut
      The previous steps will ensure that mapped network drives will work. However, Windows 10 may not recognize non-Windows hosts under Windows Explorer, Network. To get past this Windows 10 specific issue, create a Shortcut for your OMV server on the Desktop

      Right click on the Windows 10 Desktop. Select New, Shortcut. The location will be \\OMVSERVERIPADDR (substitute in your servers IP address similar to this -> \\192.168.1.50). Click Next.
      Name the Shortcut. (I used the server's name for this shortcut name).

      When finished, the properties of the short cut should be similar to the following (with your server's IP address in the Target: field).

      W10shortcut.PNG

      ** For convenience, right click the completed Shortcut icon and pin it to Quick Access and Start. **

      ____________________________________________________________

      For Windows 10 Clients on closed networks or that are not fully up-to-date for other reasons, the following may help with OMV - Windows 10 connectivity.
      ____________________________________________________________________________________________

      Windows 10 Client: Enable SMB2 - DisableSMB3

      **Adding items to the Windows registry entails some risk from “Fat Finger” errors. Use caution.**

      Run Windows Power Shell as Administrator (Right click to run as administrator)
      Copy and paste the following lines into the Power Shell window.
      (Do this CLEANLY, ensuring that the entire line is copied and pasted in before hitting Enter.)

      Source Code

      1. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
      2. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB2 -Type DWORD -Value 1 –Force
      3. Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB3 -Type DWORD -Value 0 –Force
      These commands create 3 registry keys and set SMB2 as the operational SMB protocol. With these items added to the registry users can, selectively, turn SMB levels on or off with the registry editor.

      Optional:
      To verify the Power Shell cmdlet made the additions to the Registry, regedit.exe can be used. Browse to the location shown below and check the parameters for SMB1 through 3.



      For more information see Note 2
      ___________________________________________________________________________________________

      Edit Windows 10 hosts file


      Prerequisite:
      This change requires that the OMV server has a static IP address or a permanent/static DHCP lease.
      __________________________

      -Right click on Notepad and run it as administrator.
      -Set the Text Documents (*.txt) drop down to All Files (*.*)
      -Navigate to C:\Windows\System32\drivers\etc. Open the file “hosts”.

      The following is an excerpt from the default file.
      Add the two lines of text to the hosts file, according to the example below, shown in bold black.
      Enter the IP address of your OMV server. The host name will be the OMV Hostname as it appears in OMV under System, Network, the General tab, in the Hostname field.

      #
      # 102.54.94.97 rhino.acme.com # source server
      # 38.25.63.10 x.acme.com # x client host
      #
      # --Server IP---- Hostname
      192.168.1.50 OMV-SERVER
      #
      # localhost name resolution is handled within DNS itself.
      # 127.0.0.1 localhost
      # ::1 localhost


      **If the hosts file is busy with another process, saving the file may fail. Use Windows 10 safe mode, as explained here, to be able to save the file.**


      See Note 4.
      ___________________________________________________________________________________________________________________________________


      ** Update 11/26/18 - SMB Guest access **

      Microsoft recently pushed out a change to a Windows 10 security policy setting that stops "Guest" access to SMB shares, due to their determination that unsecured Guest access is a security risk. Since Guest access makes sense in some Home LAN use cases and is easy to configure; for those affected, the following fix should restore access to lost SMB Guest shares.

      At the Windows 10 client:
      Start the CMD prompt in Windows 10, as Administrator. (Right click on the CMD prompt icon, and select run as....)
      Type: gpedit.msc to start the policy editor.
      Go to Computer Configuration -> Administrative Templates -> Network -> Lanman Workstation
      Set the value "Enable insecure guest logons".
      **Note set the value to "Enabled" from "Not Configured"
      Reboot

      **If the setting does not save properly make the change again and run gpedit /force from the CMD prompt and Reboot.**

      (Thanks to @Molok for being the first to report this and provide the solution.)
      __________________________________________________________________________________________________________________

      Configuring Remote Mount
      (Applies only to OMV 3.X and earlier versions)
      For users who are using Remote Mount to connect OMV to Windows 10 Shares, add ,vers=2.0 at the end of the Options box as shown. (For more info, see Note 5.)


      ___________________________________________________________________________________________________________

      See Notes in the next post.
      Files
      • Regedit.PNG

        (133.06 kB, downloaded 1,835 times, last: )
      • remotemount.png

        (28.89 kB, downloaded 1,203 times, last: )

      Video Guides :!: New User Guide :!: Docker Guides :!: Pi-hole in Docker
      Good backup takes the "drama" out of computing.
      ____________________________________
      Primary: OMV 3.0.99, ThinkServer TS140, 12GB ECC, 32GB USB boot, 4TB+4TB zmirror, 3TB client backup.
      OMV 4.1.13, Intel Server SC5650HCBRP, 32GB ECC, 16GB USB boot, UnionFS+SNAPRAID
      Backup: OMV 4.1.9, Acer RC-111, 4GB, 32GB USB boot, 3TB+3TB zmirror, 4TB Rsync'ed disk

      The post was edited 47 times, last by flmaxey: minor additions, edits ().

    • [HOW-TO] Connect to OMV SMB shares with Windows 10 - **Update - Loss of SMB Guest Shares** 11/26/18

      **Feedback is welcome by PM or E-mail to omvguide@gmail.com.**
      ____________________________________________________________________________________________


      Notes

      Note 1.
      Add-on client firewalls should be set to “trust” the local network with Medium or Low security settings. Using High security settings, for the local network, can result in clients becoming isolated on the network.

      Note 2. (**For early versions of Windows 10, that have not been updated.**)
      The issues with Windows 10 being able to map OMV SMB network shares seem to be related to Microsoft's version of SMB 3.1.1 and later variants. Setting Windows 10 to SMB2 protocols only, in registry keys, avoids surprises where shares may disappear after a newer version of SMB3 is pushed out or when an update changes Windows settings.

      **It should be noted that these settings already exist. Nothing new is being added. The creation of these registry keys simply make SMB parameters more accessible to users.**

      More information on M$'s implementation of SMB levels is available at:
      https://blogs.technet.microsoft.com/josebda/2015/05/05/whats-new-in-smb-3-1-1-in-the-windows-server-2016-technical-preview-2 ** See Para 4. **

      The change made, turning SMB3 off, can be undone with regedit.exe - Navigate to:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
      Set the data value for SMB3 to "1".
      Value 1 = ON
      Value 0 = OFF

      Due to legitimate security concerns, SMB1 should be off. The Wcry [WannaCry] ransomware virus exploits a weakness in SMB1. This weakness still exists. While Wcry has been functionally neutralized, a day zero virus could be written to exploit SMB1.

      Note 3.
      The default Windows workgroup name is, (drum roll,,,) WORKGROUP. This default name will be in use in the majority of home PC systems. Regardless of the name used, all Windows clients and the OMV server should be set to the same workgroup name. If the workgroup name has been changed and is not configured in Windows 10, network connections to the OMV server may work but network discovery's detection of the OMV server may be significantly delayed.

      Note 4.
      The change to the host file is not required. However, some applications use host names or server names by default. (This is the case with most Web browsers.) Editing the Windows 10 host file, permanently associates the OMV server's IP address with its' hostname and speeds network connections, without reliance on local DNS or extended discovery processes.

      Note 5.
      The Remote Mount change reflects a security update that causes Windows 10 to reject a negotiation for an SMB1 connection, initiated from a remote host. The addition of ,vers-2.0 in Remote Mount Options, forces SMB2.



      Search Keywords: Win10 , shares , shared , access , openmediavault , problem , access control , network share, how to, can't, can not connect, CIF, samba, fix, don't show, unable, SMBv1, SMBv2, SMBv3, linux, debian host is down, exit code, mount error

      Video Guides :!: New User Guide :!: Docker Guides :!: Pi-hole in Docker
      Good backup takes the "drama" out of computing.
      ____________________________________
      Primary: OMV 3.0.99, ThinkServer TS140, 12GB ECC, 32GB USB boot, 4TB+4TB zmirror, 3TB client backup.
      OMV 4.1.13, Intel Server SC5650HCBRP, 32GB ECC, 16GB USB boot, UnionFS+SNAPRAID
      Backup: OMV 4.1.9, Acer RC-111, 4GB, 32GB USB boot, 3TB+3TB zmirror, 4TB Rsync'ed disk

      The post was edited 4 times, last by flmaxey: additional content ().