Windows 10 Creators failure to locate CIFS/SMB shares

  • There is much discussion about OMV shares not being visible to Windows 10 computers. This is not a problem of OMV. This is an issue created by Microsoft with the latest Creators edition. Below is probably the best explanation I found at social.technet.microsoft.com This is just a cut-n-paste.


    Begin


    The Computer Browser service is broken in Windows 10 1703 and is gone from future releases of Windows. The below really applies for workgroups you may find info that helps with your issue, you should be able to remove all trace of SMB v1.0 from your network.Yes, that's right folks, after 25 years of being able to browse our networks Microsoft have decided Workgroup users don't need this functionality any more. This article from Microsoft explains:




    SMBv1 is not installed by default in Windows 10 Fall Creators Update 2017 and Windows Server, Semi-annual Channel



    They are getting rid of SMB v1.0, which is fair enough, it has real security issues. The Computer Browser service relies on SMB v1.0, rather than upgrade the Computer Browser service so Workgroup users are still able to browse their networks they are simply removing it. From the linked article:


    For home and small business users who use Network Neighborhood to locate Windows computers, you shoud map drives to the computers so that you no longer have to browse for them.


    Not even spell checked and suggesting we only do it to access data we could map drives to, indicating a total lack of understanding as to why we need network browsing. Network browsing is an essential tool for doing a visual check of which computing resources are available in a Workgroup. The command "net view" allows us to quickly report which computers are available in the Workgroup and thereby use the information to run system reports and perform various tasks. Locating and enabling printers becomes far more difficult without Computer Browsing.


    This does not affect AD users, those businesses which need to or have the luxury of being able to invest in server hardware and software. Users who's data is in the cloud, on the internet have less issue, it may only affect attaching printer resources which can be worked around. Of course all Microsoft staff fit into these groups so the lack of browsing functionality in Workgroups is probably insignificant to them.


    So what we need now is either a great little tool to browse our networks that doesn't rely on SMB 1.0 or an upgraded Computer Browser service.


    The service is broken in Windows 10 Creators 1703. If a 1703 PC is the Master Browser only that computer has Computer Browsing, if a non-1703 is the Master Browser all the non-1703 PCs have Computer Browsing. This is the reason why browsing appears to work sometimes and not others, rebooting PCs forces a Master Browser election, which will change which PC is the Master Browser and can introduce the issue.


    To work around the issue involves setting one computer to be the Master Browser. Some people have third party devices on their network they can set to be the Master Browser, all non-1703 can browse. To identify which computer is the Master Browser you can run the command


    nbtstat -a ComputerName


    for each computer in the Workgroup. The computer that is the Master Browser is the only one that has the value


    __MSBROWSE__


    in the list.


    To set which computer is the Master Browser you need to make registry modifications on that computer. Browse to the registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters


    Change the value of MaintainServerList from Auto toYes


    If it is not there, add a new String Value IsDomainMaster and set it toTrue


    You may need to reboot to activate this. If you want to be absolutely positive no other PC takes the Master Browser role you can set the value ofMaintainServerList from Auto to No on all other PCs in the Workgroup.


    You may even find that a non Microsoft third party device on the network attempts to take over the Master Browser role.


    I re-iterate that this is just a short term workaround, Computer Browsing for workgroups is history for Windows 10. If you know of any great tools for browsing Workgroups that don't rely on the older protocols I'd be happy to hear from you.


    NoneAndOne
    840 Points




    End of cut-n-paste


    From my experience, computers that were upgraded to Creators and already had a persistent share are unaffected. But a new user on that computer, or a new Creators computer may not find the share. While I have the setting to allow OMV to become the Master Browser, that has been known to fail if a Windows 7 computer is added to the network-- even though it does not show as the MSBROWSE. Again, In my experience, only a complete shutdown of all Windows computers and booting one-by-one restores the OMV computer as the MSBROWSE. Also, if you plug-in a USB drive into a Netgear router (like a Nighthawk with ReadySHARE), that router will seize control of MSBROWSE from OMV


    If you need to add an existing share, this syntax at the command shell should work:


    net use V: \\OMVCPUNAME\SHARENAME /PERSISTENT:YES


    You will be prompted for the user name and password (which must exist in OMV already)


    V: is drive letter you want to assign
    OMVCPUNAME is the name of the computer as it appears to windows/workgroups
    SHARENAME is the root folder name of that OMV share


    Also more syntax here:
    https://www.lifewire.com/net-use-command-2618096


    Not sure if this posting is a duplicate or will help anyone, but I have never found this issue to be caused by OMV.

    • Offizieller Beitrag

    I'm not precisely sure when it happened but it appears that Windows 7 clients, and up, will no longer connect to SMB1 shares. (It's not just a Windows 10 issue anymore.) With very little doubt, SMB1 access of any kind was removed in a security update in the last 4 to 6 months. Hence, for an updated Windows client, SMB1 is history.


    For Businesses running legacy software, internally:
    While OMV would still work with them, Server 2003, Windows XP, and earlier versions would require custom Samba settings to work. (SMB1 is the highest protocol for Server 2003 and XP.)

  • Microsoft Windows 10 Pro
    Version 1803
    Build 17134.285


    Worked for me with this:
    1. Run secpol.msc from command line.
    2. Security Settings -> Local Policies (Lokale Richtlinien) -> Security Options -> Network Security: LAN Manager Authentification (Netzwerksicherheit: LAN Manager-Authentifizierungsebene)
    -> switch to: "Send only NTLMv2 answers" ("Nur NTLNv2-Antworten senden").


    Same as:
    Regedit: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel (REG_DWORD): 3


    Reference (Ideas :)
    https://answers.microsoft.com/…9c-4b6a-b24c-72f9f7e92f0a

    • Offizieller Beitrag

    Regedit: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel (REG_DWORD): 3

    Can you confirm it is 3? In the linked thread it is 2.


    Edit:
    Levels are defined here:https://docs.microsoft.com/en-…ager-authentication-level


    Values 3 - 5 work for me.

    • Offizieller Beitrag

    Connecting is not a problem

    Well, it was for me and is for others ;)

    but it would be nice if one of these levels solves the network discovery issue.
    It's worth testing to see.

    unfortunately not. Server is still not visible.

    • Offizieller Beitrag

    1. Well, it was for me and is for others ;)

    2. unfortunately not. Server is still not visible.

    1. Are you saying that creating a server short cut, as outlined in this guide, didn't work for you? With the changes made, users should be able to map network shares as drives and access server shares through short cuts. (Setting aside odd events and firewall issues, I don't know of an instance where it didn't work.)


    2. Thanks for checking that out. I didn't get a chance too.
    The discovery issue(s) are unfortunate, but I think they're a direct result of Microsoft's marketing approach. While M$ could fix it, in my opinion, I don't think they will.

    • Offizieller Beitrag

    Having done a clean install of W10 on my laptop not too long ago, the Network form File Explorer did not show OMV all I did was to highlight Network type in \\<host name of server> or ip address and all the shares displayed, then from the Menu>>>Home click Pin to Quick Access no more problems. Prior to that I added my laptop to the workgroup I had set up, and it instantly found any other Windows machines on the network.

    • Offizieller Beitrag

    Having done a clean install of W10 on my laptop not too long ago, the Network form File Explorer did not show OMV all I did was to highlight Network type in \\<host name of server> or ip address and all the shares displayed, then from the Menu>>>Home click Pin to Quick Access no more problems. Prior to that I added my laptop to the workgroup I had set up, and it instantly found any other Windows machines on the network.

    The intent of the guide is to nail down some network and security parameters, to prevent M$ from sending out updates that may make mapped drives disappear. (Like nailing down the SMB2 protocol which works fine for home LAN users.)
    Also, some of those settings bypass network and security tweaks (they would call them "enhancements") that OEM resellers set in Windows 10 installs.

    • Offizieller Beitrag

    The intent of the guide is to nail down some network and security parameters, to prevent M$ from sending out updates that may make mapped drives disappear. (Like nailing down the SMB2 protocol which works fine for home LAN users.)Also, some of those settings bypass network and security tweaks (they would call them "enhancements") that OEM resellers set in Windows 10 installs.

    Ok I'll go sit in the corner... :S

    • Offizieller Beitrag

    1. Are you saying that creating a server short cut, as outlined in this guide, didn't work for you? With the changes made, users should be able to map network shares as drives and access server shares through short cuts. (Setting aside odd events and firewall issues, I don't know of an instance where it didn't work.)

    No, I am able to connect to my shares. I had problems with the credentials until I added the registry entry,
    And the shares just won't show up in the file explorer in network.

    • Offizieller Beitrag

    1. I had problems with the credentials until I added the registry entry,



    2. And the shares just won't show up in the file explorer in network.

    1. So, just to be clear, the creation of the SMB registry keys is what fixed it for you?


    2. Unfortunately, I don't think anything can be done about that. The only seemingly reliable fix for network discovery is to have a Windows XP machine boot up first, it must also act as the master browser, and there are a couple other details. (Obviously, since this is not viable for all or even some, I haven't tested it.)

    • Offizieller Beitrag

    Ok I'll go sit in the corner... :S


    Man,, I didn't mean it like that!


    I've found that there is no "standard" Windows 10 install. For the most part, a retail Win10, tend to be the least problematic. OEM preinstalled versions from M$ partners?, well,, let's just say there's a lot of "variation".

    • Offizieller Beitrag

    Man,, I didn't mean it like that!

    I know you didn't, but TBH I have found that there is no one solution to fit all, but I have discovered from home use that the 32bit version is less problematic than the 64bit, why? I don't know.
    But I did find that a 64bit upgrade from W7 to W10 was a PITA when applying cumulative updates to W10, but a clean install of W10 64bit was fine.

  • FYI


    I suddenly got cut off from most of my Linux shares at home including OMV SMB full access guest shares after a Windows 10 reset.
    Microsoft have changed a setting to restrict access to "guest" SMB shares since they are considered a security risk.


    Quick fix to allow access is to uses gpedit.msc and change the local policy setting.


    Start CMD prompt in Windows 10 as Administrator:
    Type: gpedit.msc to start the policy editor
    Go to Computer Configuration -> Administrative Templates -> Network -> Lanman Workstation
    Set the value "Enable insecure guest logons" to Enabled.
    Reboot.
    (Run gpedit /force from CMD prompt and reboot if the setting is not saved properly.)


    Note that I had to set the value to "Enabled" from "Not Configured" for this to work although M$ states that it should not be a problem when it is Not Configured...



    Fair warning by Microsoft:
    This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.


    If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.


    If you disable this policy setting, the SMB client will reject insecure guest logons.


    Insecure guest logons are used by file servers to allow unauthenticated access to shared folders.
    While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer
    Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication
    and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security
    features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are
    vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware.
    Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network.
    Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access
    .

    • Offizieller Beitrag

    Note that I had to set the value to "Enabled" from "Not Configured" for this to work although M$ states that it should not be a problem when it is Not Configured...

    That's interesting because mine is set to Not Configured and I can still access my guest SMB shares.

  • That's interesting because mine is set to Not Configured and I can still access my guest SMB shares.


    Weird things can happen. Not sure what my setting was pre reset of Windows but it did work. Unrelated issues forced me to reset the OS and suddenly could not access shares.
    Found the policy setting and changed it to Enabled and could then access the shares again.


    Possibly related to "reset" functionality with Windows 10. Don't know if the same issue would occur after clean install of Windows 10 but Windows 10 patching have not been very successful lately.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!