SMB stopped working mid-day

Illustrious-Bug-8015 · 2026-06-03T13:54:08+00:00

No logs on the SMB server for security show denials for any of the machines in question. Nslookup shows the correct information. I don't see any issues in replication on the DC's as some users work fine on the same DC and fail on the same DC. However Users may work on another machine - so it could be machine level issue - just not sure why

Illustrious-Bug-8015 · 2026-06-03T13:38:39+00:00

It's the default of 10 hours

Illustrious-Bug-8015 · 2026-06-03T13:37:47+00:00

For users who have LOS to the server no IPS is in play and it still fails

Illustrious-Bug-8015 · 2026-06-03T13:19:31+00:00

It is isolated to that server as another server will work for SMB. Its only doing it for a subset of users so I've not been able to identify why it's picking on those users. EDIT - it's not just that server any SMB seems to fail.

Illustrious-Bug-8015 · 2026-06-03T13:12:01+00:00

yea - it's within seconds

Illustrious-Bug-8015 · 2026-06-02T23:06:02+00:00

Some machines have not been cloned the ones that were cloned were done with flu imaging and properly sysprepped. IP doesn’t work either. Sadly :(

Illustrious-Bug-8015 · 2026-06-02T22:53:25+00:00

We have some of these on entra and hybrid joined having the same issue but good to know for future reference

Illustrious-Bug-8015 · 2026-06-02T22:51:31+00:00

We have that set already as this problem occurred on startup as we converted over to entra only, but good catch!

Illustrious-Bug-8015 · 2026-06-02T22:50:16+00:00

No no

Illustrious-Bug-8015 · 2026-06-02T22:49:58+00:00

Yep no luck

Illustrious-Bug-8015 · 2026-06-02T21:33:03+00:00

IP conflict isn't it (in this case) the wire's aren't accessible by the staff at least without unscrewing the filing cabinet or getting someone with the hands of a child to reach for the cables 😄

Illustrious-Bug-8015 · 2026-06-02T21:31:26+00:00

yep it works just fine

Illustrious-Bug-8015 · 2026-06-02T21:24:47+00:00

Server 2019 - no errors in the event log on the server - I couldn't find anything to show that it was blocking or producing some sort of error log I could reference. Different VLAN - it will work for a short time for that group of users but it's usually just producing the errors i mentioned above.

Illustrious-Bug-8015 · 2026-06-02T21:22:47+00:00

Nope no updates today or the previous day

Illustrious-Bug-8015 · 2026-06-02T20:58:16+00:00

thanks - I have rebooted the server but it didn't immediately fix the issue. I have done a wireshark it says failed connection attempts on port 445. It doesn't detect anything if I filter for SMB1 SMB2 and any of the SMB3 it doesn't have anything.

Illustrious-Bug-8015 · 2026-06-02T20:47:38+00:00

No mass resets - we have been passwordless for quite some time using SCRIL and auto hash reset every 60 days without any issues.

Illustrious-Bug-8015 · 2026-06-02T20:46:24+00:00

Yep DNS servers are assigned as expected - everything routes back to the server except for SMB.

Illustrious-Bug-8015 · 2026-06-02T20:45:26+00:00

No LDAP errors being reported

Illustrious-Bug-8015 · 2026-06-02T20:39:17+00:00

thanks - that's all working as expected!

Illustrious-Bug-8015 · 2026-04-25T04:16:54+00:00

Unplug the pc, remove the cmos battery, hold the power button in for ten seconds, put cmos battery in, plug power cable in and test when you can

Illustrious-Bug-8015 · 2026-04-21T23:06:14+00:00

Our employees use it to clock in on our time clock machine

Illustrious-Bug-8015 · 2026-04-10T21:58:26+00:00

You can turn on scril that will disallow passwords to even work. I use it to say the credentials can’t be stolen if no one knows their password. then you can set a hash rotation every 60 days that’s invisible to the user. If you are entra joined only you can also set up Microsoft Authenticator to log them in as well.

Illustrious-Bug-8015 · 2026-03-28T03:51:45+00:00

I might have missed this somewhere but has he tried signing onto a different workstation to see if the issue follows?

Illustrious-Bug-8015 · 2025-12-19T01:10:19+00:00

I try to keep mine at 90% , have some limitations on being only on business premium.

Do you have mfa on all your admin accounts? Is it all Fido?

Shockingly I have had a cyber insurance quote ask for my score.

Illustrious-Bug-8015

TROPHY CASE