+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29
Windows 7 Thread, map network drive to NAS but get error 64 or 58 in Technical; Hi, thanks for the info which is very interesting. Unfortunately it doesn't fix my issue. I get the same error ...
  1. #16
    mrstrong's Avatar
    Join Date
    Nov 2010
    Location
    England
    Posts
    62
    Thank Post
    23
    Thanked 4 Times in 4 Posts
    Rep Power
    9
    Hi,

    thanks for the info which is very interesting.

    Unfortunately it doesn't fix my issue.

    I get the same error with \\name and \\IP

    Plus already tried send LM and send LM & NTLM only

    Was thinking of re-installing "client for microsoft networks" but on a netbook
    so no drive for windows dvd.

  2. #17

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377
    Image via the network ( WDS / PXE boot / WinPE bootable usb and imagex to apply a wim ) or something along those lines ?

  3. #18
    mrstrong's Avatar
    Join Date
    Nov 2010
    Location
    England
    Posts
    62
    Thank Post
    23
    Thanked 4 Times in 4 Posts
    Rep Power
    9
    Think I've found it

    manually changed all "local policies -> security options" via secpol.msc on a bad client to match those on a good client and what do you know ?
    net view \\NAS
    now working like a good 'un! MS son of a ...
    About 10 diffs and needed a reboot to pick up so not sure which one(s) did the trick.
    Will investigate some more and post back

  4. Thanks to mrstrong from:

    mac_shinobi (13th May 2013)

  5. #19

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377
    Quote Originally Posted by mrstrong View Post
    Think I've found it

    manually changed all "local policies -> security options" via secpol.msc on a bad client to match those on a good client and what do you know ?
    net view \\NAS
    now working like a good 'un! MS son of a ...
    About 10 diffs and needed a reboot to pick up so not sure which one(s) did the trick.
    Will investigate some more and post back
    That is good to know although with ref to the NTLM setting I'm sure it was suggested to use the below setting

    Change it to 'Send LM & NTLM - use NTLMv2 session security if negotiated'


    Quote Originally Posted by Duke5A View Post
    Hmm, might be an NTLMv1 vs NTLMv2 issue. You can try changing the negotiation policy using gpedit.msc on the Windows 7 box.

    Computer Configuration > Windwos Settings > Security Settings > Local Policies >Security Options > "Network Security: LAN Manager authentication level

    Change it to 'Send LM & NTLM - use NTLMv2 session security if negotiated' and restart the system.

  6. #20
    mrstrong's Avatar
    Join Date
    Nov 2010
    Location
    England
    Posts
    62
    Thank Post
    23
    Thanked 4 Times in 4 Posts
    Rep Power
    9
    Hi,

    yes
    'Send LM & NTLM - use NTLMv2 session security if negotiated' and restart the system
    was one of the first things I tried but it was not enough on it's own.

    Actually on a working client I had
    Code:
    Network security: LAN Manager authentication level	Not Defined
    I.e. no registry key
    Code:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
    Looks like the security options on the bad client have been changed from the defaults (though not sure how?!)
    as the bad client was imaged from a working client.

    Found this article on how to reset them
    How to reset all Windows 7 or Vista Security settings to its default values
    But then read
    How do I restore security settings to a known working state?
    which says that method is not supported on vista upwards:
    may even result in the operating system becoming unstable
    so decided to just change manually to match a working client

    Made changes one at a time with a reboot after each change:

    Code:
    Network security: Minimum session security for NTLM SSP based (including secure RPC) clients	Require 128-bit encryption
    Network security: Minimum session security for NTLM SSP based (including secure RPC) servers	Require 128-bit encryption
    Network access: Do not allow anonymous enumeration of SAM accounts and shares	Disabled
    Then after this change everything starts working:
    Code:
    Microsoft network client: Digitally sign communications (always)	Disabled
    Some other differences e.g. Microsoft network server: Digitally sign communications (always) was Enabled
    when default says should be disabled but not relevant in this client scenario.

    Annoying the MS net command didn't give me a good error message but at least I've learnt a bit and got it working
    in the end

    Thanks

  7. Thanks to mrstrong from:

    mac_shinobi (14th May 2013)

  8. #21

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377
    What were you using to change the settings on the bad non working client. Local security policy editor or you using and creating the reg keys or importing the reg keys from a working pc or what exactly. Also thanks for the update !!

  9. #22
    mrstrong's Avatar
    Join Date
    Nov 2010
    Location
    England
    Posts
    62
    Thank Post
    23
    Thanked 4 Times in 4 Posts
    Rep Power
    9
    Nothing clever: just ran secpol.msc locally on a bad client and changed the settings manually.
    Only seen a few bad clients so far so a manual fix won't be too onerous.

    You've got me thinking though, is there a more efficient way to roll this out to all clients, e.g. can it be done via group policy
    or a startup script that loads the registry values? And is there an easy way to identify which registry entries relate to specific secpol.msc settings ?

  10. #23

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377
    Quote Originally Posted by mrstrong View Post
    Nothing clever: just ran secpol.msc locally on a bad client and changed the settings manually.
    Only seen a few bad clients so far so a manual fix won't be too onerous.

    You've got me thinking though, is there a more efficient way to roll this out to all clients, e.g. can it be done via group policy
    or a startup script that loads the registry values? And is there an easy way to identify which registry entries relate to specific secpol.msc settings ?
    Something like regshot :

    regshot | Free System Administration software downloads at SourceForge.net

    Snapshot before changing the settings and then a snapshot afterwards and it should give you a registry file that you could try and push out via GPO or the likes

    regedit.exe \\server\reg\patch.reg /s

    something like the above to apply it silently ( obviously that should be the unc path to the relevant registry file.

  11. Thanks to mac_shinobi from:

    mrstrong (15th May 2013)

  12. #24
    mrstrong's Avatar
    Join Date
    Nov 2010
    Location
    England
    Posts
    62
    Thank Post
    23
    Thanked 4 Times in 4 Posts
    Rep Power
    9
    thanks,

    just fixed another one with only 3 changes so to summarize here's what was changed via secpol.msc under
    Security Settings->Local Policies->Security Options
    Might help some other poor sod

    Code:
    Microsoft network client: Digitally sign communications (always)	Disabled
    Network security: LAN Manager authentication level	Send LM & NTLM - use NTLMv2 session security if negotiated
    Network security: Minimum session security for NTLM SSP based (including secure RPC) clients	Require 128-bit encryption

  13. Thanks to mrstrong from:

    mac_shinobi (15th May 2013)

  14. #25

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377
    Thanks for the update and like you said - will help someone else out at some point hopefully

  15. #26

    Join Date
    Jun 2013
    Location
    Vancouver
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    That is awesome! Thanks for posting this as I was having problems with Windows 7 workstation accessing a Linux share through VPN. When I implemented the 3 changes above I was able to "net use" command to map a drive to it! The Windows 7 computer was imaged with WDS!

    I sincerely thank you for posting this fix!!!

  16. #27

    Join Date
    Mar 2014
    Location
    Seattle
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by mrstrong View Post
    just fixed another one with only 3 changes so to summarize here's what was changed via secpol.msc under
    Security Settings->Local Policies->Security Options

    Code:
    Microsoft network client: Digitally sign communications (always)    Disabled
    We only needed this first bit changed to fix up access to our QNAP. This began to happen only recently to newly deployed workstations after the migration from 2008 (non-R2) WDS to a 2012 WDS server. We brought the WIMs with us, so at a glance it seems as though this is a server setting.


    In any case, thanks for getting to the bottom of this. It was making us all feel quite neurotic to have computers on the same subnet with the same permissions behaving as though they couldn't access the share.


    This should be echoed in the QNAP forums for others.

  17. #28

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377
    Just wanted to add those settings relate to smb signing from what I am aware of on either the client or server os or both - some articles

    http://support.exinda.com/topic/how-...mb-performance

    http://blogs.technet.com/b/josebda/a...-and-smb2.aspx

    http://www.petri.co.il/how-to-disabl...erver-2008.htm

  18. #29

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,047
    Thank Post
    3,579
    Thanked 1,119 Times in 1,024 Posts
    Rep Power
    377
    A quick guide that I made - for windows 7 and scanning from a Ricoh MFD , think this walks through a similar process for the same settings ( I believe ) as mentioned above
    Attached Files Attached Files



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Problem getting 1 mapped network drive to showup
    By Toasterleavins in forum Scripts
    Replies: 1
    Last Post: 19th November 2012, 12:48 PM
  2. Batch file to map network drive
    By googlemad in forum Windows
    Replies: 4
    Last Post: 22nd October 2009, 03:07 PM
  3. Replies: 5
    Last Post: 26th November 2007, 07:40 PM
  4. Replies: 3
    Last Post: 17th October 2007, 10:15 AM
  5. Veritas backup solution to mapped network drive
    By Crackcode in forum How do you do....it?
    Replies: 0
    Last Post: 21st April 2007, 11:03 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •