Windows issues with unRAID


RobJ

Recommended Posts

On 7/26/2020 at 8:12 AM, DoleWhip said:

 

TL;DR: 

1. If Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons shows "Enabled" but it isn't working, continue

2. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

3. Double-click on AllowInsecureGuestAuth

4. Under "Value data:", change it from 0 to 1 

 

Describing what I did troubleshooting-wise (not that it matters, but maybe it'll help someone):

 

I updated my Windows 10 Education to version 2004 yesterday and was no longer able to access my SMB shares (was working fine before Windows update).

 

I could see them, but double-clicking on my server name in Windows Explorer under Network gave me the generic can't access error. Luckily (because it helped me google my problem) I had pinned some folders in it, and trying to access those gave me the popup pictured in that preview/thread saying:

"You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network."

 

I was confused because my group policy under: 

Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons

showed "Enabled". Toggling this back and forth and restarting my PC didn't fix anything.

 

My unRAID server SMB settings had enabled for workgroup, enable NetBIOS to yes, and enable WSD to yes. My workgroup under those SMB settings matched with my PC, I even retyped them in holding down shift to capitalize just in case. Local master was set to yes, and I also downloaded the Dynamix Local Master plugin to check for me and it verified that yes, my unRAID server was indeed the current local master. Still not working.

 

I added:

log level=2

syslog=3

to SMB Extras and saw in my syslog that my PC was trying to send my local user to access the SMB shares (which are set to public) with errors along the lines of:

FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1

and that I was trying to use SMBv2

 

In the end, I found the solution in the linked thread to do this:

 

1. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

2. Double-click on AllowInsecureGuestAuth

3. Under "Value data:", change it from 0 to 1 

Can confirm doenst work on a newly fresh install Win 10 Pro

Link to comment

I too cannot get \\tower to work, nor does tower appear in 'network' under windows 10

It was working, but since a reboot of the win10 vm, it stopped. 

The tower is visible in explorer ONLY via the IP\share 

I have followed the TL:DR sticky, except i dont have that setting in regedit!

I have also enabled SMB1/CIFs in windows features.  

 

Anyone know what would cause it to work one day the stop after a reboot?

 

Link to comment
55 minutes ago, Frank1940 said:

The reboot probably installed a WIN 10 update.  

You should probably read this thread:

 

       https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/

 

Thanks. 

Now you mention windows update, I do recall that happening when the vm booted back up!!
 

Oddly, after my last post, I realised that sbm1 was turned OFF within unraid, so I disabled that feature within windows anyway. 

 

\\tower, still didn't work, but accessing via IP did ( i already set up windows credentials to match that of unraid user, except I used the IP as the network name instead of Tower)

 

But since I can access via IP, I'm not too fussed that \\tower doesn't work

 

Thanks - I will have a read through the linked doc

Cheers

Link to comment
17 minutes ago, bdydrp said:

\\tower, still didn't work, but accessing via IP did

Read through this paper from MS about how SMB works and pay attention to the times involved in propagating changes through the SMB network.  It is not unusual for it to take several (very long) minutes for things to stabilize.   That is why it is suggested that your Unraid server is setup to be the Master Browser (or Local Master, if you prefer that terminology).

 

       https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc737661(v=ws.10)?redirectedfrom=MSDN

 

By default, any WIN10 computer can become the Master Browser on most Unraid setups.  Things can really get confusing if you have a number of computers being booted up in a short period of time if the Master Browser is not fixed to one server/computer. 

 

(\\tower is resolved by the Master Browser to the IP address of the server.  The IP address does not have to be resolved and thus is always available.)

  • Like 1
Link to comment
  • 2 weeks later...
On 10/30/2020 at 4:22 PM, yogy said:

After 2 hours of searching on the internet I finnaly found 2 solutions. Both worked for me in resolving my issue with unRAID shared folders mapped in Windows 10.

1. If you cannot mount SMB share to windows 10 use NFS share client in Windows. It works great.

  • enable NFS in your unRAID server
  • follow this tutorial on your Windows 10 (only Pro and Enterprise versions) computer

2. I tried and read every single tutorial here and couldn't mount SMB share in my Windows 10 computer. I finnaly realized that I have a special character "€" in my password and that caused SMB shares never worked for me. I change the password in unRAID server and Windows 10 PC and BOOOOOOOOM it worked straight away.

 

Maybe this will help others.

 

Thank you @trurl and @Frank1940 for trying to provide some help.

 

Thanks a lot @yogy, enabling NFS made it all work again.

(i enabled myServers and tweaking the DNS might have had an impact)

Link to comment
  • 2 months later...
On 7/26/2020 at 8:12 AM, DoleWhip said:

 

TL;DR: 

1. If Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons shows "Enabled" but it isn't working, continue

2. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

3. Double-click on AllowInsecureGuestAuth

4. Under "Value data:", change it from 0 to 1 

 

Describing what I did troubleshooting-wise (not that it matters, but maybe it'll help someone):

 

I updated my Windows 10 Education to version 2004 yesterday and was no longer able to access my SMB shares (was working fine before Windows update).

 

I could see them, but double-clicking on my server name in Windows Explorer under Network gave me the generic can't access error. Luckily (because it helped me google my problem) I had pinned some folders in it, and trying to access those gave me the popup pictured in that preview/thread saying:

"You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network."

 

I was confused because my group policy under: 

Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons

showed "Enabled". Toggling this back and forth and restarting my PC didn't fix anything.

 

My unRAID server SMB settings had enabled for workgroup, enable NetBIOS to yes, and enable WSD to yes. My workgroup under those SMB settings matched with my PC, I even retyped them in holding down shift to capitalize just in case. Local master was set to yes, and I also downloaded the Dynamix Local Master plugin to check for me and it verified that yes, my unRAID server was indeed the current local master. Still not working.

 

I added:

log level=2

syslog=3

to SMB Extras and saw in my syslog that my PC was trying to send my local user to access the SMB shares (which are set to public) with errors along the lines of:

FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1

and that I was trying to use SMBv2

 

In the end, I found the solution in the linked thread to do this:

 

1. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

2. Double-click on AllowInsecureGuestAuth

3. Under "Value data:", change it from 0 to 1 

Tried this doesnt work. Any other tips? Tried looking for solution, they all always shows the same solution(this one) which doesnt work. Tried on fresh windows install.

 

Link to comment

Scouring various internet sources (which I unfortunately I didn't record, but generally Linux and FreeBSD sites) I managed to get Samba working consistently for multiple flavours of Windows 10 and 11 by setting auth and protocol constraints. This is my full Samba extra config - I have unassigned devices plugin installed, you can skip that section if you do not also have the plugin installed.

#unassigned_devices_start
#Unassigned devices share includes
   include = /tmp/unassigned.devices/smb-settings.conf
#unassigned_devices_end

#smb local master configuration
[global]
domain master = yes
preferred master = yes
os level = 255

ntlm auth = yes
client ntlmv2 auth = yes

#Uncomment for per-host logging
#log file = /var/log/samba/%m.log
#max log size = 10000
#log level = 4

#max SMB2 ensures Win10 can connect by preventing upgrade to unsupported SM3.x version
client min protocol = SMB2
client max protocol = SMB2

#exclude_Apple_DS_files
veto files = /._*/.DS_Store/

 

Note that adding "ntlm auth" enables NTLMv1 password authentication. This has a vulnerability and should be avoided, but it does provide a fallback if you have some device that doesnt support NTLMv2. To ensure your Windows machine is using NLTMv2, check for the existence of "LmCompatibilityLevel" under "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" . If it is present, it will force windows to use NTLMv1. You should delete this entry, then reboot, and Windows will then revert to using the default NTLMv2.  

Constraining max protocol to SMB2 prevents Unraid trying to use versions of SMB3 that Windows doesn't support very well - Windows will drop upgrade requests from SMB2 to SMB3.1.1 connections even though it announces them as being supported. 

Link to comment
  • 4 months later...
43 minutes ago, jaisegyi said:

I really think this type of documentation would be very useful but it seems overwhelming (to me) for one person starting from scratch. 

Then start by reading the PDF file in the first post of this thread:

      https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/

It provides step-by-step instructions to get SMB and Windows to work together smoothly.  

Link to comment
  • 3 months later...

Hi,

 

It is a common issue that I am facing, described many times here.

 

I can't see my server in Windows 11 network.

 

I have tried a few things described here, which worked for others;

- I have enabled Windows features: SMB 1.0/CIFS File Sharing Support, SMB Direct and Services for NFS.
- I have created from a scratch (as was not existing) a DWORD 32bit register entry named AllowInsecureGuestAuth at:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
- Switched on "Allow Remote Access" in Unraid's Management Access (screenshot attached).
- Switched off ExpressVPN on workstation.
- Switched on IOMMU in bios.
- For the flashdrive did setup SMB User Access as Read/Write (why did I do that?)

 

Nevertheless, the server with correct shares did appear for a while once, before disappeared again. 
Although I still can copy files there using mapped drive to the particular location of the server share.
Right now I don't even see the workstation itself in the windows network.

 

Environment:
Although I am an admin of both computers, I have them in a rented office where internet is being provided.
Therefore I didn't do any router nor switch setup.
It is only my guess at that point to what switch or router are they connected.


I'm far from being a network expert. It may be something basic switched off in Windows 11.
Therefore, attached a bunch of screenshots presenting various internet and network settings spread all over the Microsoft's system.

Any suggestions are highly appreciated!

 

ds-server-001-diagnostics-20220824-1714.zip

More-Win11-Network-Settings.jpg

Network-Details-00.jpg

Network-Details-02.jpg

Network-Details-03.jpg

Network-Details-04.jpg

Network-Details-05.jpg

Network-Details-06.jpg

remote-connection-02.jpg

Windows-Features.jpg

Link to comment
1 hour ago, Digital Shamans said:

I'm far from being a network expert. It may be something basic switched off in Windows 11.
Therefore, attached a bunch of screenshots presenting various internet and network settings spread all over the Microsoft's system.

Any suggestions are highly appreciated!

 

I want to refer you to this:

On 5/16/2022 at 8:12 AM, Frank1940 said:

Then start by reading the PDF file in the first post of this thread:

      https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/

It provides step-by-step instructions to get SMB and Windows to work together smoothly.  

 

Read the section entitled " Fixing the Windows Explorer Issue".   It should fix the problem.  As it says in the paper, this has been a problem for a long time.  And the responsibility for fixing seems to be with MS.  Nothing you can do with Unraid will make Windows work as we think it should!  

 

Now, if you think that I am attempting to deflect the blame from LimeTech to MS, let me tell you the current situation on my network (at this very minute-- it may be behaving differently tomorrow).  I have four servers setup (and running) on my network at the moment.  Two Unraid servers and two Windows 10 PRO clients setup with a peer-to-peer sharing of certain folders on each of those client computers.  (Which turns them into a server as well as being a server client.)  Currently, one of the clients shows both Unraid servers under the 'Network' in left panel of Windows Explorer.  The second client has neither Unraid server showing.  On that client, clicking on the 'Network' in the left panel will display the two Unraid servers but neither of the two Clients (using using peer-to-peer).  Clicking on the 'Network' in the left on the first client, only shows the two Unraid servers.  

 

Now, working from the first client,  I click on the 'Network Neighborhood' folder (setup as described in the paper) under 'This PC'' in the left hand pane, then click on the icon for the second client.  The shares on that client open instantly and that client then instantly appears under 'Network' in the left pane of Windows Explorer!   Now tell me why the behavior is not the fault of MS...

 

Windows and/or Windows Explorer are/is broke and have been for several years.  (Especially after MS turned off SMBv1 a few years back.   This was for security reasons and the security risk was actually the greatest for home users!)  The 'Network Neighborhood' is a kludge but it does fix the problem.  It does involve one more click to get to a server but it works 100% of the time.

Edited by Frank1940
  • Like 1
Link to comment

Thanks! I've read the whole paper. It's pretty cool and kinda interesting.

So most of the issue is just that Windows doesn't do a shortcut with a path to a server in the network folder/window?

It seem to work, we will see. The server keeps disappearing from the Network folder, so seems like I will have to keep recreating the shortcut over and over again? Wonder how it will work with scheduled tasks.
It detects shares correctly, based on provided server name only. Promising.

The rest of the issue, to my understanding, come from variety of options to choose from and necessity to find compatible configuration settings, allowing two systems to see each other on network and there are 3+ ways to make it happen and differences are mostly about privacy and security.

I don't have yours scope of experience with SMB connections. How important is manually adding an entry into Credentials Manager in Windows? Is it just convenience or a necessity?
Cases described in the paper are fascinating and awe evoking. 
 

Edited by Digital Shamans
Link to comment
15 hours ago, Digital Shamans said:

So most of the issue is just that Windows doesn't do a shortcut with a path to a server in the network folder/window?

 

It is actually a bit worst than that!  If the server does not show up 'Network', a Search from Windows Explorer will (normally) not find it!

 

IF you have setup a folder (I called it 'Network Neighborhood' as a homage to Windows for Workgroups 3.1 where MS first introduced networking) with the shortcuts in it for every server on your network and double-click on the shortcut for any of those servers, I have never had to fail to open up the shares on that server.  And I have not heard of anyone else who has had it fail. 

 

 

Link to comment
18 hours ago, Digital Shamans said:

The server keeps disappearing from the Network folder

You should upgrade to 6.11  An issue with 6.10 (and possibly earlier) was found and fixed where that would happen if (as an example) the docker service or VM service was either stopped or started.  It never however impacted being able to actually navigate to the server if you already had a shortcut present 

Link to comment
On 8/25/2022 at 5:23 PM, Squid said:

You should upgrade to 6.11  An issue with 6.10 (and possibly earlier) was found and fixed where that would happen if (as an example) the docker service or VM service was either stopped or started.  It never however impacted being able to actually navigate to the server if you already had a shortcut present 

Is 6.11 available for Trial?

Link to comment
On 8/25/2022 at 3:20 PM, Frank1940 said:

 

It is actually a bit worst than that!  If the server does not show up 'Network', a Search from Windows Explorer will (normally) not find it!

 

IF you have setup a folder (I called it 'Network Neighborhood' as a homage to Windows for Workgroups 3.1 where MS first introduced networking) with the shortcuts in it for every server on your network and double-click on the shortcut for any of those servers, I have never had to fail to open up the shares on that server.  And I have not heard of anyone else who has had it fail. 

 

 

That's true. When double clicking the shortcut the server appears.

So IT staff click dozens or hundreds of shortcuts multiple times a day then?
I guess it can be easily automated using Python.
Is that the case?

Link to comment
29 minutes ago, Digital Shamans said:

So IT staff click dozens or hundreds of shortcuts multiple times a day then?

 

I not quite sure what the question is here?  The shortcut required should only  be pointing to the server?  (As is shown in the paper, I put all of those shortcuts into a single folder.)  I find it hard to believe that any organization has hundreds of servers.   

 

I also find it hard to believe that any large organization would extensively use (or even permit) peer-to-peer shares.  I am not an expert on the in-and-outs of Microsoft servers, Domain Controllers, and Active Domains, but I would think that these must be able to address these issues. 

 

Plus, the home network setups that most of us Unraid users is a subset of the larger Microsoft networking environment.  (I know I can't afford to buy a Microsoft Server license.)   Furthermore, the number of home environment Windows computers in a networked environment is a small percentage of the total home Windows machines.  (I do not consider that a Windows computer using a network to only connect to the Internet to be a networked computer.) 

 

I have never had a 'mapped' drive not appear when the Windows computer is booted up if the server is running.  But the server that that mapped drive connects to is usually/often missing from the 'Network' listing.  (Go Figure that one out!  I can't...)

 

I have said for years that SMB is a kludge.   It mostly works.  For the parts that don't work the way we want/need them to, we can only hope that someone figures a some work-around that addresses that issue.  The 'Network Neighborhood' is a kludge solution that fixes the problem of servers being MIA. 

 

Link to comment

Thank you for extensive reply. It clarifies a few things.

 

I am still building the big picture of everything server related.

On occasion I ask blunt questions and sometimes their parts have wrong assumptions.

 

True, there aren't as many servers as users.

 

What stops Unraid being considered enterprise ready?

 

 

 

Link to comment
6 minutes ago, Digital Shamans said:

What stops Unraid being considered enterprise ready?

 

I will only list two things but there are probably a couple of dozen more: 

 

1--  A smb 'user' can not change his server password.  Only the Unraid server administrator (the 'root' user) can do that.  And, furthermore, there can be only one 'root' user unless that login is shared to more than one person. 

 

2-- There is no way to have a group of logins associated with a set of common permissions to certain shared assets.   Granted there are ways around this.  One way is set up a set of rules for a user (say, called 'parents') and a second user (say called, 'children') that have different access privileges to each share.  (In case you did not realize, several different client computers can login simultaneously with the same login credentials.  See pg 10 of the paper for why this works.)

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.