none
Connecting to multiple shares on a single server with multiple credentials? ( System Error 1219 )

    質問

  •  

    I am running Windows Vista Home Premium SP1 on my laptop.  I have a Fedora Core 7 server running SaMBa.  They share a /28 subnet (with 0, 6, and 7 taken by networking, 1 - 4 on the server, 5 on the laptop).

     

    The server has multiple SaMBa shares (for this example, \\myserver\share1 and \\myserver\share2).  There are two SaMBA users, user1 and user2, each either their own passwords.  user1 can access \\myserver\share1 and user2 can access \\myserver\share2 .  I log on to the Vista laptop using a separate user/pass from either of those two accounts.

     

    When I attempt to connect to these shares, I can do so without a problem if I connect to them singly using "connect using different user name".  However, if I attempt to connect to both simultaneously, I get:

     

    "System error 1219 has occurred.

     

    Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed.  Disconnect all previous connections to the server or shared resource and try again."

     

    I need to be able to connect to both shares simultaneously, but using the different credentials (I don't want user1 creating files in \\myserver\share2 and I don't want user2 creating files in \\myserver\share1).

     

    I have tried manually using NET USE and I get the same error when I try to map the second drive after the first is mounted. I have also messed with regedit and changed \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel from 3 to 1 (a certain site suggested this).  I've also seen some DNS kludges that trick the windows client into thinking its connecting to multiple servers but I haven't the capacity to arrange something like this easily -- nor do I like the idea of using kludges to fix what should be a simple-to-fix scenario.

     

    Is there a 'correct' work-around for this?

    2008年5月13日 5:26

すべての返信

  • Hi,

     

    Please understand that this behavior is by design for security purpose, Windows only allow per user per SMB connect at a machine. To make the connection with the other account, please disconnect the previous connection(s) to the server. You may use the command net use /delete.

     

    Hope it helps.

     

    • 回答の候補に設定 DarienHawk67 2012年1月23日 20:50
    2008年5月15日 3:27
    モデレータ
  • In what way does this really provide any sort of security benefit?  If I can get around this simply by having multiple HOSTS or DNS entries for the one server, then there's really not a one-user/one-SMB limitation, just a minor annoyance.

     

    For example, if I tether 'samba1 192.168.138.1' and 'samba2 192.168.138.1' in my HOSTS file on windows, then connect Y: to \\samba1\myshare1 and Z: to \\samba2\myshare2, the system will gladly connect me to both even using two different user names and two different passwords, forming a rather simple and straight-forward workaround.

     

    So ultimately, the limitation doesn't exist -- only an annoyance exists, and one so easily circumvented that from my point of view, it's no security at all.

     

    Could you provide more detail on exactly how this limitation is a security feature?  What risk does it mitigate?  Why is that risk considered critical enough to create such a severe functional limitation?  I certainly don't see a positive cost-benefit analysis in this detail, but I would be interested in knowing Microsoft's cost-benefit analysis on it.

     

    I have unmarked the previous post as being an Answer because while it raises the security issue, it does not explain in what way this is a security feature and further does not answer the question asked.  However, understanding that information, I will accept an explanation of why the limitation exists in the first place as an answer.

     

    • 回答の候補に設定 i2martin 2013年12月2日 3:27
    2008年5月21日 20:14
  • Hi,

     

    Please refer to the KB 938120.

     

    Error message when you use user credentials to connect to a network share from a computer that is running Windows XP: "The network folder specified is currently mapped using a different user name and password"

    http://support.microsoft.com/kb/938120

     

    This applies to Windows Vista as well. This behavior is by design as one server (uniquely identified by the given name) can only have one user authenticated to it at a given time.

     

    Thank you for your understanding.

     

    2008年5月26日 6:18
    モデレータ
  • I ran across another interesting twist to this.  User on Vista, server running Win2K3.  Server has an MS SQL instance and shared folders.

    User has an ODBC connection to the SQL instance, using an SQL userid and password.  Attempting to map a local drive to a shared folder resulted in the 1219 error above.

    Mapping the drive letter using \\ipaddress\share rather than \\servername\share worked around the problem, but what were you guys thinking?  ODBC connections using local SQL credentials should not in any way interfere with connections to shares using domain credentials!

    Greg
    2008年10月21日 18:13
  • Hi,

     

    ... This behavior is by design as one server (uniquely identified by the given name) can only have one user authenticated to it at a given time.

     

    Thank you for your understanding.

     

    I have exactly this issue and I also do not understand why this limit is present.  Clearly the server can have more that one user or else it wouldn't, by definition, be much of a server.  The client is multitasking and the different user shares are being used by different apps.  When I boot Linux I can map the shares to the different user names without problem and works as expected so why when I boot XP do I lose such basic functionality.  It appear to serve no real purpose but to limit how usable the PC is when running XP and to keep up with modern expectations a fix should be rolled out.
    2010年2月15日 10:41
  • Same problem for me.

    In my case we have a private folder for each user and a shared folder with multimedia that we all like to access. These shares are configured on a Lacie nas and since this device also makes parallel FTP users, we can't put our multimedia in a public share (since guest log ins over FTP will have full control over it).

    I agree that the drive is the main problem since it's very limited in configuring folder access but on unix systems it's very easy to manage this sort of thing, so I figured windows 7 -must- have some sort of workaround.
    2010年2月22日 0:10
  • Hi guys. Found a workaround in case anyone will read this post. It's not pretty but it will do the job. Also, it only works for 2 simultanious log ins. In my case that's enough but it won't solve your problem entirely if you are trying to be logged in simultaniously with 3 or more credentials. 

    Anyway, the fix:

    1. browse to your samba server by using \\servername. Access your first share by providing credentials. Now map this share as a networkdrive (right click on share ->map as network drive).

    2. browse to your samba server again, but this time use the ip-address to access the server. So in my case it was: \\192.168.1.111. Windows will not recognize that this is actually the same share so you can go ahead and access your second share with different credentials. Now map this folder with another name. 

    It basically comes to fooling windows into thinking that you are accessing 2 different servers.

    Windows team: please don't see this as a bug and remove it with patches, we beg you :)
    2010年3月2日 21:59
  • Mustafa,

    It works until you log off and on again. Then both mappings are still there (in my case; Q: and R:), but only one of the credentials is used. In my case, Q: was connected to as "johan" and R: as "johan_readonly". But after logging off and on both Q: and R: are read only.

    This is on Windows 7 Ultimate x64, but I guess it's the same on Vista.

    (My use case is multimedia files. I want to be able to alter them using Q:, but I want programs like media players to access the files in a read-only manner using R:.)

    Please, any workarounds? Anyone?

    • 編集済み Johan Franzén 2010年4月29日 20:06 Adding more details
    2010年4月29日 19:58
  • Hi I am having a similar problem. I have a Lacie NAS 2 and everytime I logged in to Windows I had to key in my user name and password for MyShare (which is the password protected one). So I thought perhaps I did not tick the button to remember password and that I will disconnect and reconnect. However, now I cannot reconnect and I get the following message: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. Please help! Thanks in advance. PS I run Windows Vista PPS I tried creating a user with the same user name and password as the drive in Windows and with that I can connect and disconnect multiple times.
    2010年12月30日 10:40
  • OK, I know this is an old thread, but I was searching a solution to this problem and ended up here so figured I would post this for anyone else who finds this thread.

    The way I solved this was to map one drive using this:

    net use Z: \\server\directory1 * /USER:username /PERSISTENT:YES

    then enter your password.

    Now for me, the second directory I want to map is under the same username so I just used this:

    net use X: \\server\directory2 /PERSISTENT:YES

    THis basically mapped two drives under the same username.

     

    • 回答の候補に設定 Viral.Jain 2012年12月13日 4:01
    2011年9月20日 0:31
  • To delete all connections use net use * /DELETE

    C:\Users\Ian>net use * /DELETE
    You have these remote connections:

                        \\Ian-vistapc\f
                        \\Ian-vistapc\y
                        \\IAN-VISTAPC\IPC$
    Continuing will cancel the connections.

    Do you want to continue this operation? (Y/N) [N]: Y
    The command completed successfully.

    • 回答の候補に設定 Viral.Jain 2012年12月13日 4:01
    2011年11月4日 8:17
  • OK, I know this is an old thread, but I was searching a solution to this problem and ended up here so figured I would post this for anyone else who finds this thread.

    The way I solved this was to map one drive using this:

    net use Z: \\server\directory1 * /USER:username /PERSISTENT:YES

    then enter your password.

    Now for me, the second directory I want to map is under the same username so I just used this:

    net use X: \\server\directory2 /PERSISTENT:YES

    THis basically mapped two drives under the same username.

     

    Thanks ZEEDMAN.

    That works for me too. Thankfully I came across your answer early into my search. I was scratching my head about this one.

    I am connecting several SAMBA shares on a CentOS Linux Server to Windows machines. It still is limited to 2 shares though.

    I am replacing a Windows Server with the CentOS one. The Windows Server does not have these limits. Probably because of the fact that the user is, in this case, authenticated on it. I am now investigating creating user groups and allowing the group to authenticate the share to see if this will allow more than 2 to be mapped simultaneously.

    Thanks again.

    2012年1月13日 12:39
  • Trying all of the above didn't fix the issue for me (happening with existing shares) but, a simple restart of the 'Workstation' service fixed the issue immediately.
    • 回答の候補に設定 Shem Sargent 2012年4月2日 15:10
    2012年2月26日 12:32
  • Thanks Jos,

    I did a net use * /delete on Windows 7 to Windows 7 HomeGroup configuration, but the new connection still would not take (error 1219) until I restarted the Workstation Service.

    Shem

    2012年4月2日 15:13
  • Hey,

    I agree with you. 

    But, I have one more question.

    ie; if i close the shared folder explorer, is there any way to disconnect the session on the specific time period?

    or there any way to disconnect the session on the same time i quit the session window?

    Thanks 

    2012年6月29日 8:10
  • Yes, same here, and it is ridiculous, so the argument of "Security" is biased, it is just a glitch.

    jlc

    2012年7月30日 16:38
  • Hi Joson, this article says this limitation is by design. It doesn't say why. Also, you have not explained why I should accept this answer and your gratitude for "my understanding". Please help me understand why this decision has been made. It makes Windows unsuitable as a client.
    • 回答の候補に設定 YNOTEROOM 2013年5月8日 19:53
    • 回答の候補の設定解除 YNOTEROOM 2013年5月8日 20:00
    2013年4月1日 22:14
  • I have similar problem with "System Error 1219", even though there are no current mappings ... IE they are all disconnected
    I believe Windows Explorer has a bug in that it wrongly remembers previously used Mapping creds and complains it you try to re-access a resource using different creds
    The only solution i have found is to kill Explorer from Task Mgr and then run a new instance
    Once the new instance of Explorer is running, the "System Error 1219" stops occuring .... Until the Bug occurs again
    bit of a hacking solution, but does not look like anyone going to fix the root cause.

    If anyone know a better fix, please share

    Tony
    • 回答の候補に設定 YNOTEROOM 2013年5月8日 20:00
    2013年5月8日 20:00
  • It helpt for me to do this:

    NET USE * /DELETE

    ipconfig /release
    ipconfig /flushdns
    ipconfig /renew

    And then connect to the new networkshare.

    But it doesn't work always.



    • 回答の候補に設定 Sjoerd66 2013年8月15日 6:29
    • 編集済み Sjoerd66 2013年8月15日 6:30
    2013年8月15日 6:22
  • This!

    I just spent 3 hours troubleshooting permissions on the server side where in fact it was the windows client that had this silly limitation!

    Microsoft needs to fix this 'feature' Now I have to resort to silly DNS/hosts workarounds..

    2013年12月2日 3:26