Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to map a drive

Status
Not open for further replies.
May 15, 2000
245
US
Getting "You can't access this shared folder because your organization's security policies block unauthorized guest access."
I've checked the Local Group Policy settings for LanManWorkstation, checked the LanMan settings in the registry, added smb1, the local firewall is off, user account control is off. The share is on a linux server which has not had any changes made to it. The mapping was working at some point, but then stopped. I'm using an active account, not a guest account. I'm kind of at a dead end. Any assistance would be appreciated.

Domenick Pellegrini




 
I'm guessing it is. On further troubleshooting, I've run both WireShark and Microsoft Network Monitor.

The Event log has this:
A fatal error occurred while creating a TLS client credential. The internal error state is 10011.

Wireshark is showing this:
Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Accurate ECN: Not set
.... 0... .... = Congestion Window Reduced: Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Warning/Sequence): Connection reset (RST)]
[Connection reset (RST)]
[Severity level: Warning]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]

Network Monitor is showing this:
Frame: Number = 2357, Captured Frame Length = 269, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[9C-7B-EF-23-77-34],SourceAddress:[0C-D0-F8-3A-82-CB]
+ Ipv4: Src = 10.132.131.28, Dest = 10.132.132.51, Next Protocol = TCP, Packet ID = 28628, Total IP Length = 255
+ Tcp: Flags=...AP..., SrcPort=Microsoft-DS(445), DstPort=57075, PayloadLen=215, Seq=2101714371 - 2101714586, Ack=2269413295, Win=31 (scale factor 0xa) = 31744
+ SMBOverTCP: Length = 211
- SMB2: R - NT Status: System - Error, Code = (22) STATUS_MORE_PROCESSING_REQUIRED SESSION SETUP (0x1), SessionFlags=0x0
SMBIdentifier: SMB
- SMB2Header: R SESSION SETUP (0x1),TID=0x0000, MID=0x0001, PID=0xFEFF, SID=0x4DD2C4BB
StructureSize: 64 (0x40)
CreditCharge: 1 (0x1)
- Status: 0xC0000016, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_ERROR, Code = (22) STATUS_MORE_PROCESSING_REQUIRED
Code: (................0000000000010110) (22) STATUS_MORE_PROCESSING_REQUIRED
Facility: (....000000000000................) FACILITY_SYSTEM
N: (...0............................)
Customer: (..0.............................) NOT Customer Defined
Severity: (11..............................) STATUS_SEVERITY_ERROR
Command: SESSION SETUP (0x1)
Credits: 1 (0x1)
+ Flags: 0x1
NextCommand: 0 (0x0)
MessageId: 1 (0x1)
ProcessId: 65279 (0xFEFF)
TreeId: 0 (0x0)
SessionId: 1305658555 (0x4DD2C4BB)
Signature: Binary Large Object (16 Bytes)
- RSessionSetup:
StructureSize: 9 (0x9)
+ SessionFlags: 0x0
SecurityBufferOffset: 72 (0x48)
SecurityBufferLength: 139 (0x8B)
+ securityBlob:


I've checked all of the SCHANNEL and SMB settings in the registry. There's no firewall enabled on the Windows workstation. The share is on a linux system and some systems are able to access the share. I've searched the errors form WS, MNM and EV, but haven't found anything in the way of a resolution.



Domenick Pellegrini




 
The share is on a linux server which has not had any changes made to it.

Umm.... maybe it's time to look at at least doing service updates on it. My linux boxes work fine with the latest SMB... if you're running an OLD version of Linux that only does smb1, you really need to update that system.



Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg
 
The Linux system is question is an on-air television broadcast system and cannot have updates applied without risk of going off the air. That said, yes, it probably does need to be updated. The version is Linux version 4.14.131-tabor.

After some research, this issue started after Windows 10 version 1903 and affects all later versions. All of the "fixes" that people have recommended have not resolved the issue.

Domenick Pellegrini




 
This in one of many potential solutions that I tried. It didn't work.

Domenick Pellegrini




 
The thing that changed in the newer Windows release is the default option. So changing the value for AllowInsecureGuestAuth to the old value should resolve the issue.
 
There may be residual junk in the mapping. Consider creating a second mapping as a test, with the Linux share's direct IP address or the name (whichever is not used currently)


My fuzzy memory is recalling having this same issue as well. It was a combination of this and the security issues with SMB1 (and 2) that provoked my move to SSH. Windows has better SSH support in the past couple of years.
 
Yes, I tied all of those suggestions, except a system restore. This was only reported to me recently, I don't know when the share stopped working, so I don't know what restore point to use. All of the other suggestions did not work. I also tested the share on a number of other systems and the share didn't connect. All of our Windows 10 systems are well beyond 1903. Other shares are working just fine, but their Linux versions are fairly new. The broken share is on a system that has not been updated, and can't be updated per the vendor because updates would make their software unusable. This is a common issue in the broadcasting world. We have less than ideal work-arounds. But I thought I'd give Tek-Tips a shot.
Thanks for all the recommendations.

Domenick Pellegrini




 
So, continuing on with this... (it would be a lot faster to troubleshoot first-person, obviously)

Look at your SMB setup. There should be a line in there to allow guest access. Restart the SMB services after verifying that guest access is there.

You not only have to have the chmod permissions on the folder within linux, but SMB has to have the permissions for the share as well.

--Greg


Just my $.02

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top