weirdcrap Posted June 4, 2023 Share Posted June 4, 2023 (edited) I've got a fresh Windows 11 install on a brand new laptop and I cannot access my remote UnRAID server via SMB. I can ping by name/IP and access the web interface for management. I have two servers, one local and one remote but connected to my local LAN by a WireGuard site to site VPN. There is a static route established for the remote subnet in pfsense and other devices (Windows 10, 11, & Linux) can access the remote server shares without issue. I have both server's defined in my host file on the laptop. I get an "unspecified error" 0x80004005 trying to access the remote server by name or IP address. I've been making my way through the Windows issues with UnRAID thread but so far nothing I've tried has helped. I've tried enforcing a minimum SMB setting in the extra config for SMB on the remote server. I've also tried adding my credentials into credential manager for the device. My UnRAID user credentials fully match my laptop credentials (capitalization and all) so I don't think the credential manager thing was necessary but I'm not sure what else to try. All of this works fine from my other Windows computer but it was upgraded from win 10 and its possible I changed other settings to make it work but I don't recall what they are if I did. The linux laptop I have and a bootable copy of ubuntu both can access the server without any mucking about. My wife's Windows laptop also works fine. Now here's the real kicker. thinking maybe something was wrong with my WireGuard tunnel so I connected to my phone hotspot and fired up WireGuard on the laptop and lo and behold it works without changing anything!? So What could be causing this? I checked the network settings on both devices and they match, no additional IP settings specified or anything. Everything is pulling DHCP from my pfsense box. I'm fairly certain this is an SMB issue and not a WireGuard issue but the fact that changing net connections and using the WireGuard for Windows client suggests maybe not? So, why do all my other devices work over the tunnel with no issues and not this one? node-diagnostics-20230604-1551.zip EDIT: I'm going to try and bump the log level in samba once I can find a moment to stop the array. I'm curious if there are requests even hitting the server or if I'm not making it past the router on my side. EDIT2: I forgot to mention I also tried making a public share and setting it public to ensure it wasn't a credential issue. I can't even access public shares. Edited June 5, 2023 by weirdcrap Quote Link to comment
weirdcrap Posted June 5, 2023 Author Share Posted June 5, 2023 (edited) Turning up Samba logging produced absolutely zero log entries when trying to access the server. So the issue is clearly that the laptop's requests for shares are never making it across the tunnel for some bizarre reason. EDIT: I tested again with a bootable copy of linux on the laptop and I can access the shares fine outside of Windows so this is 100% a Windows issue, not an issue with the WireGuard tunnel. Am I missing some network setting in Windows that allows cross subnet traffic to work that gets enabled when I activate the WireGuard for Windows client? Edited June 5, 2023 by weirdcrap Quote Link to comment
Frank1940 Posted June 5, 2023 Share Posted June 5, 2023 Check to see that you have things setup as described here: https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/ 18 hours ago, weirdcrap said: I forgot to mention I also tried making a public share and setting it public to ensure it wasn't a credential issue Normally, this will not be allowed, for details, see here: https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default Quote Link to comment
Frank1940 Posted June 5, 2023 Share Posted June 5, 2023 Also make sure your home network connection is Private, not Public. See here fro details: https://learn.microsoft.com/en-us/answers/questions/73866/how-to-change-network-settings-from-public-to-priv Quote Link to comment
weirdcrap Posted June 5, 2023 Author Share Posted June 5, 2023 1 hour ago, Frank1940 said: Also make sure your home network connection is Private, not Public. See here fro details: https://learn.microsoft.com/en-us/answers/questions/73866/how-to-change-network-settings-from-public-to-priv It is: 1 hour ago, Frank1940 said: Check to see that you have things setup as described here: https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/ Normally, this will not be allowed, for details, see here: https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default That's fine I don't really want or need public shares anyway. I have already read through the document from that thread and my laptop already uses the sane defaults mentioned. SMB1.0 is not installed. I already have my credentials loaded in credential manager and a matching user has existed on the UnRAID box this entire time. I played with the insecure guest login setting under lanman and it made no difference so I've kept it disabled. My home network and sharing settings already use sane security defaults: I did not follow the network neighborhood part of the linked doc because I don't really care if the servers show up in the network window or not. All of my exported shares are set to private so no guest read access is allowed anyway. The issue is that I can't even get a listing of my available shares by going to the server path "\\node" so I don't think this is an authentication issue as I can't even get to the point where I would attempt to open a share. Furthermore trying to access a share path directly results in the same unhelpful error. Quote Link to comment
Frank1940 Posted June 5, 2023 Share Posted June 5, 2023 Try using \\<IP_Address_of_server> (Example \\192.168.1.123 ) Quote Link to comment
weirdcrap Posted June 5, 2023 Author Share Posted June 5, 2023 (edited) 3 minutes ago, Frank1940 said: Try using \\<IP_Address_of_server> (Example \\192.168.1.123 ) It's the same result Edited June 5, 2023 by weirdcrap Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.