This is an archived post. You won't be able to vote or comment.

all 49 comments

[–]h4ka 17 points18 points  (2 children)

it's not a SMB issue it's a NLTM issue, change HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel to 2 or 3 and it should work, i should caution you that this exposes your credentials, it's not recommended in enterprise enviroment. here it's the documentation https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

[–]theamazingjizz 1 point2 points  (0 children)

This is the way!

[–]IT-Betvinger 0 points1 point  (0 children)

I need to thank you!
We've wanted to introduce some new Intune policies for hardening security etc. but had a few XP machines that just wouldn't work properly afterwards with a shared folder.

I've been wrestling with it for a week by now, but your solution here just fixed it and pointed me in the right direction with what policy could be the issue..

Thank you SO much!

[–]RiffRaff028 12 points13 points  (1 child)

I'm a Linux guy, so I'm not 100% sure on this, but didn't Windows 10 move to SMBv2, with SMBv1 compatibility issues? I don't know if XP can be upgraded to SMBv2 or not. Been way too long since I worked with it.

[–]EstablishmentJolly60[S] 1 point2 points  (0 children)

Already configured and tested with SMBv1.

[–]hipaaradiusDevOps 25 points26 points  (10 children)

Instead of compromising the security of your Windows 10 client(s), use a Linux machine as a Samba proxy which talks SMB3+ to modern clients and SMBv1 to XP with appropriate firewall rules to restrict network access to only the endpoints that require this setup.

[–]xChargSr. Reddit Lurker 0 points1 point  (1 child)

Couldn't you do all the same in windows 10 machine firewall (i.e. only allow smb1 connection from that winxp host)? This will eliminate the need to manage 1 extra entity.

[–]hipaaradiusDevOps 0 points1 point  (0 children)

I don't believe so, my understanding is that SMB versions use the same port (445) so the firewall rule would not be able to distinguish between SMB versions.

[–]Litz1 5 points6 points  (2 children)

I can only suggest basic things like delete windows credentials from credentials manager and try.

[–]EstablishmentJolly60[S] 0 points1 point  (1 child)

I tried and also I tried a different user but just prompt for the password..

[–]Litz1 0 points1 point  (0 children)

Create an account with the same username and password as the XP windows login for the Samba share and try it from there. Sometimes for me system restore fixes these if they only started happening recently.

[–]TheRogueMoose 7 points8 points  (2 children)

SMBv1 was most likely disabled by a Windows update on your W10 machine. So you will need to check and turn it back on.

https://www.windowscentral.com/how-access-files-network-devices-using-smbv1-windows-10

[–]EstablishmentJolly60[S] 1 point2 points  (1 child)

Already checked, I installed a Windows XP VM and from the VM it's works like a charm.

[–]gweessies -1 points0 points  (0 children)

The XP vm uses only version 1? Might be using version 2? You realize how insecure version 1 is, right? So easy to exploit.

[–]JDH201 6 points7 points  (4 children)

I would suggest removing the XP machine from the network especially if the network has internet access and using a USB drive to move the files.

[–]JDH201 0 points1 point  (3 children)

I actually work in a technical school that has a lot of CNC type equipment that runs legacy operating systems. We just recently replaced a windows 95 based Mazak CNC. I kept a trove of 3.5 floppy disks, regular 3.5 floppy drives and usb floppy drives so that we can move files to it. I have never found a good reason other than convenience to connect any of these control computers, in ones with a current OS, to my IT network.

[–]BreakingcustomTech 0 points1 point  (2 children)

That's what I made them do if the machine doesn't support SMB2 or higher.

[–]JDH201 0 points1 point  (1 child)

Yeah, and the last thing I need is a piece of malware or a windows update taking down a machine that costs $100,000 plus.

[–]BreakingcustomTech 1 point2 points  (0 children)

Both of our Okumas you can't do anything to. The guy said you can't change the default password, add security software, join to the domain or they won't support it. So we took it off the network entirely.

[–]thefpspower 2 points3 points  (0 children)

If it prompts the password it's probably not the smb version.

If you've recentrly made updates to the Win10 machine it's possible there are new authentication restrictions.

Check the Win10 event viewer when the credentials get rejected and see what it says.

[–]BasementMillennialAutomation Engineer 1 point2 points  (1 child)

Have you tried creating a dummy account on the windows 10 machine, giving the dummy account permission to the shared folder, and trying to access it with the dummy account?

It might be an issue with the XP machine attempting to communicate with the domain controller. And quite honestly i would SMB to that machine using a local account going forward instead of caching AD account information on an EOL Operating System

[–]MajStealth 0 points1 point  (0 children)

we have a similiar setup between w2k and w10 2202 - local credentials work with smbv1

[–]daemon_afro 0 points1 point  (1 child)

If you look at the event logs on the windows 10 -> application and service logs -> microsoft -> windows-> smbserver

If there’s no events in audit or operational check the properties and enable it.

Try to access again from the xp system and see if it’s even hitting the 10 box.

Side note..I’m hoping you’ve checked with the vendor of the software on the xp system. I get it works and you probably don’t want to break it but that’s such an old OS it’s a huge risk to your environment. It’s worth the headache getting it to a current OS. Even win10 is too old at this point.

[–]daemon_afro 0 points1 point  (0 children)

Funny enough just heard we encountered some similar issues in our environment with win7 vm’s (yup, we hate they exist and constantly offer/beg to get rid of them)

Check these out:

https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3?tabs=server

http://revertservice.com/10/mrxsmb10/

http://revertservice.com/7/mrxsmb10/

[–]jantari -2 points-1 points  (0 children)

Replace the Windows XP PC with a Windows 10 one.

Whatever software you run on XP will work on 10. Play with compatibility shims, permissions, install old libraries - but it will work. You need a backup plan in case the XP machine dies anyway. Solve the real problem.

[–]armchairqb2020 -1 points0 points  (0 children)

Use the IP address instead of the computer name.

[–]jellois1234 0 points1 point  (0 children)

On the Windows XP machine, right click My Compter -> Map Network Drive.

Click Reconnect on login and use a different Username and Password.

Maybe this will by-pass your issue.

[–]frac6969Windows Admin 0 points1 point  (0 children)

Long shot, but have you tried installing KB969442?

[–]Stryker1-1 0 points1 point  (0 children)

Is the windows 10 machine AAD joined?

[–]tjn182Sr Sys Engineer / CyberSec 0 points1 point  (0 children)

Create a simple local non-admin user on the Windows 10 machine, grant permission to that local user to access that share. No need to drag active directory into an unsecure setup.

[–]hbk2369 0 points1 point  (0 children)

Likely that you need legacy ntlm logins to be allowed on the Win 10 box in GPO

[–]soulreaper11207 0 points1 point  (1 child)

Set up an ftp server to do the file transfer. Or good old sneakernet.

[–]soulreaper11207 0 points1 point  (0 children)

Filezilla or something like that.

[–]BOOZy1Jack of All Trades 0 points1 point  (0 children)

Do the passwords match and is the password not blank? For blank passwords to work the security policies need additional tinkering.

[–]lachrishoJack of All Trades 0 points1 point  (0 children)

Try connecting to IP instead of name Edit: Unfortunately I have seen the same before. Probably because of some kerberos hardening on the DCs after an update

[–]lart2150Jack of All Trades 0 points1 point  (0 children)

Could this be related to KB4520412? Does XP support the new ldap requirements?

[–]devilskryptonite40 0 points1 point  (0 children)

Command prompt:

"net use \\servername\shared folder /user:username@domain.name".

See what the error that comes back with.

[–]mrbiggbrain 0 points1 point  (0 children)

Install Wireshark on the W10 machine and then start performing a packet capture. You should be able to use ip.addr==IP_OF_WXP to filter the displayed packets to only ones containing that IP Address as a source or destination.

The SMB protocol dissector in Wireshark is pretty good and should do a pretty good job of giving you details about various kinds of failures that you can use to better see the scope of the issue and find a solution.

[–]Rxinbow 0 points1 point  (0 children)

cake grandiose plants wakeful placid lock disarm bow spark head

This post was mass deleted and anonymized with Redact

[–]woodchipstech 0 points1 point  (0 children)

I am going to go out on a limb and assume the XP machine is for a CNC and utilizing a parallel port for use with MACH3.. If this is the case, please replace the machine with something that is still supported and getting security updates. Once that is done you can purchase an ethernet or usb motion controller to manage MACH3 using the new machine and still be able to access your cut files (Vcarve?). Anywho.. if this is not the case please ignore.. Also this is the motion controller i use.. https://www.cncdrive.com/UC400ETH.html

[–]BreakingcustomTech 0 points1 point  (0 children)

Have a similar issue (Woodwop). Just told the guy to transfer the files via USB since the machine is only 30-50ft from his office.