Network and Storage Protocols

Windows 10 unable to access CIFS

andrew_s
152,188 Views

I am unable to connect a windows 10 enterprise client to our cifs shares

 

We use DFS on our windows server – so normally I would just map to the root of that \\domain\home

 

I have tried adding the reg key as detailed here and elsewhere without success

 

https://techjourney.net/cannot-connect-to-cifs-smb-samba-network-shares-shared-folders-in-windows-10/

 

Typically I normally disable SMB signing on windows 8/server 2012 clients but SMB signing negotiation seems to be optional now, and the reg key I would create gets rejected by windows 10

 

I do not want to start making wide ranging changes to my netapp, but if it improves security I am happy to do so

 

The client is domain joined, and I have an account which is both local admin and domain admin running on it for testing

 

Any advice greatly received – this is a tad inconvenient

1 ACCEPTED SOLUTION

andrew_s
151,496 Views

genius - works great and no netapp changes

top marks, and thanks for replying Smiley Very Happy

 

 

View solution in original post

16 REPLIES 16

ekashpureff
151,937 Views

 

Andrew -

 

Welcome to the NetApp Community, and to the bleeding edge with Windows 10.

 

I'm just updating my forst host to Win 10 right at this moment, so I can't re-create this in my lab yet.

Will do my best to try and duplicate the issue you're having.

 

Can you give us all  a bit more detail - 7-Mode or Cluster, and version of Data ONTAP ?

 

Quickest advice I can give you - Have you opened a ticket with NetApp support on this issue yet ?


I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp
(P.S. I appreciate 'kudos' on any helpful posts.)

andrew_s
151,933 Views

Hi Eugene

 

Thanks for reply

 

We are 8.1.1 RC 7 mode

 

Good luck with your install

 

I would open this with support, which I will do on Tuesday but thought it was a good one to air and share

 

My main thing is to minimise or make sure I make the right change to the netapp

 

Thanks in advance for any insight you can share

 

JXNadmin
151,539 Views

Hi andrew_s,

 

Did you manage to resolve this issue?

 

I have a simular problem with a Windows 10 user.

 

TIA

andrew_s
151,462 Views

Hi

 

No I didn’t get this resolved

 

Here is what I learnt

 

Netapp don’t yet support win10 (hey it’s only been around 12 months in beta, you have to give these guys time)

 

You can’t cripple the SMB3 requirement in win 10, like you can in win8 and server 2012 – that I think is the core issue – the reg value is explicitly rejected by win 10, the reg value I am talking about is below – you can create any other value in that key, for example ‘bacon’ and set it to a value of 1, but not requiresecurenegotiate it gets rejected

 

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 –Force

 

I have posted on windows insider to say hey, thanks guys but give us a choice please

 

I ultimately due to commercial pressure, downgraded the client, something I was not happy about as I hate reversing progress, but have kept a test client on to get to the bottom of it

 

Options are

 

to upgrade our netapp, to the latest and greatest to support smb 3 globally (no bad thing but a significant task)

Wait for something from MS to allow disabling the SMB 3 requirement

 

HTH

 

 

JXNadmin
151,440 Views

Hi,

 

After some more personal digging around (my support ticket was getting nowhere fast) I have managed to successfully browse CIFS shares on my snapmirror filer at our DC.

To do this I had to enable cifs signing and bounce the cifs service.

 

FILER> cifs terminate

CIFS local server is shutting down...

CIFS local server has shut down...
FILER> options cifs.signing.enable on
FILER> cifs restart
CIFS local server is running.
Can't set cifs branchcache server secret.

 

This filer is running 8.1.4P1 7-Mode

 

This weekend we have a full power shutdown at our production site so I will try this on power up. It's so hard to get the users to close down their connections!!!!

 

One thing I did notice though. The filer does not show the W10 client using security signatures - output from cifs sessions -t

 

Using domain authentication. Domain type is Windows 2000.
Root volume language is not set. Use vol lang.
Number of WINS servers: 0
Total CIFS sessions: 1
CIFS open shares: 1
CIFS open files: 0
CIFS locks: 3
CIFS credentials: 1
IPv4 CIFS sessions: 1
IPv6 CIFS sessions: 0
Cumulative IPv4 CIFS sessions: 26383
Cumulative IPv6 CIFS sessions: 0
CIFS sessions using security signatures: 0

 

Will post results from production environment after the weekend

softfolio-de
151,368 Views

Damit geht es mit einer 8.1 7-Mode:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"EnablePlainTextPassword"=dword:00000000
"EnableSecuritySignature"=dword:00000001
"RequireSecuritySignature"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"OtherDomains"=hex(7):00,00
"AllowInsecureGuestAuth"=dword:00000001

JXNadmin
151,356 Views

Hi

 

Just tested this on my W10 VM and it works connecting to CIFS on 8.1P1 7Mode.

 

You are a star, thank you.

 

Steve

andrew_s
151,497 Views

genius - works great and no netapp changes

top marks, and thanks for replying Smiley Very Happy

 

 

sam_wozniak
23,280 Views

Thanks you sir!  The perfect one off fix!

ChristopheBERD
145,885 Views

Bonjour,

Pour rendre accesible votre vfiler CIFS sur declient windows 10

Il faut ouvrire un power shell  en mode administrateur puis rentrez la ligne suivante :

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 –Force

 Puis dans la base de registre, dans :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

 

"EnablePlainTextPassword"=dword:00000000
"EnableSecuritySignature"=dword:00000001
"RequireSecuritySignature"=dword:00000001
"ServiceDllUnloadOnStop"=dword:00000001

 

sinergy_storage
51,248 Views

it works ! Thanks everybody

MMitchell_1
40,138 Views

Note: This a bug in the OnTap 7.37P3 Version. 

RequireSecuritySignature is not required to be On or 00000001 in OnTap 8.1.2 7-Mode

 

With the above on, you cut your speed in 1/2 when writing to the Netapp.

 

Because Version 7 is no longer supported, Netapp has no desire to fix it.  If you are still using the older Filers, namely the FAS2020's, you'll see this problem.

 

Having said that, Netapp is still the best!!!!!!!!!!!

kman2123
44,832 Views

We are running into this with Windows 10 and 8.3.2P6 CIFS Setup. The powershell command for Windows 10 secure negotation no longer works in Windows 10. All our computers are running ver 1511. We did turn on SMB signing on the Netapp CIFS SVM.  We also tried all of the registry settings mentioned earlier.

MISPASKPMGCOM
42,974 Views

same problem here , did you manage to solve the problem ?

MISPASKPMGCOM
42,966 Views

seems to work here with      cifs.audit.enable            on

MMitchell_1
42,871 Views

Hi, by turning signing on my throughput has gone from 84mb/s to 30mb/s on seq read and from 101mb/s to 28mb/s on my filiers.  This is not acceptable.

This happens with the older FAS2020 filers we have on7.3.7P.  On our newer filers, it works without signing.

 

Has anyone gotten it to work without signing?

Public