none
Can't access new 2012 server from 2012 server...!

    Question

  • Hi,

    I have installed the first two 2012 member servers on my domain. Everythings great, they're on the domain except they can't access each other... I can access them from all the other 2003, 2008 servers and vice versa. I intend to use them for DFS but they can't see the namespace. I can't map drives to and from each other either as it prompts me for my credentials then says access denied (the credentials are domain admins). Am I missing something obvious?

    Many thanks in advance.

    Wednesday, February 13, 2013 2:57 PM

Answers

  • Found that disabling SMB2 resolves the issue.

    I then did a network capture between the 2 servers. Looking through th elog could see the error “MB2:R  - NT Status: System - Error, Code = (34) STATUS_ACCESS_DENIED  IOCTL (0xb)“ . The is apparently caused by Secure dialect negotiation, one of the new SMB3 security enhancements in Windows Server 2012 is enabled.

    I created a reg DWORD HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecureNegotiate and set the value to 2. This has resolved the issue.

    Thaks for your responses

    • Marked as answer by Ken_Dod Thursday, February 28, 2013 12:59 PM
    Thursday, February 28, 2013 12:59 PM

All replies

  • Hi, make sure to type the domain name, i.e. Domain\Username before entering the credentials to access or map your drives.

    Good luck. !!!

    Wednesday, February 13, 2013 3:55 PM
  • Same outcome I'm afraid.
    Wednesday, February 13, 2013 4:09 PM
  • It always helps when making a post about networking issues to post the output from ipconfig /all from the machines with the problems.  It is a basic starting point for network troubleshooting.  Without basic information, it is really hard to offer any substantial assistance.

    Other basic tests would include access by IP instead of DNS to see if it is an IP or DNS issue.


    .:|:.:|:. tim

    Wednesday, February 13, 2013 8:04 PM
  • Its joined to the domain and other member servers running previous versions of Windows access file shares\Admin shares\pings response. In turn it can access file shares\Admin shares\pings of the other servers - This implies that DNS is OK. The two servers can manage and install roles on each other. I can also connect to the services consoles from each other - this would imply that the account being used is satisfactory.

    The thing they can't do is access files\folders on each other no matter what account I use even when I give 'everyone' full rights.

    • Marked as answer by Ken_Dod Thursday, February 28, 2013 12:56 PM
    • Unmarked as answer by Ken_Dod Thursday, February 28, 2013 12:57 PM
    Thursday, February 14, 2013 8:58 AM
  • Found that disabling SMB2 resolves the issue.

    I then did a network capture between the 2 servers. Looking through th elog could see the error “MB2:R  - NT Status: System - Error, Code = (34) STATUS_ACCESS_DENIED  IOCTL (0xb)“ . The is apparently caused by Secure dialect negotiation, one of the new SMB3 security enhancements in Windows Server 2012 is enabled.

    I created a reg DWORD HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecureNegotiate and set the value to 2. This has resolved the issue.

    Thaks for your responses

    • Marked as answer by Ken_Dod Thursday, February 28, 2013 12:59 PM
    Thursday, February 28, 2013 12:59 PM
  • You should NOT have to disable SMB2.  SMB is negotiated between client and server every time an SMB connection is set up.  By disabling SMB2 you have relegated all systems prior to Windows 8 and Windows Server 2012 to SMB 1 - not a very desirable configuration.

    Without digging deeper into your particular environment, it is really hard to make a guess on this one.  But, if you are one that regularly edits the registry - it makes it doubly hard to find a solution.  Do you know if any of the previous tattoos may be an issue (hopefully you have kept careful records of each tattoo given)?


    .:|:.:|:. tim

    Thursday, February 28, 2013 5:43 PM
  • Tim, I dont need your help thanks -I've marked the post as answered. But, OK, maybe my last post was unclear. I know I should NOT have to disable SMB2. Disabling it just highlighted the problem. I re-enabled it and then created the reg value. Microsoft are aware of the issue and plan to issue a hotfix.

    Quote of the day: "But, if you are one that regularly edits the registry" Classic! That tickled me!

    Friday, March 01, 2013 8:40 AM
  • I was having the same exact problem. Shares between Windows Server 2012 servers were not working. The reg file has fixed it for me, this blog post gives a little more detail as to what the registry change does.

    http://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx 

     
    Wednesday, March 20, 2013 4:12 PM
  • Hello Ken,

    Has Microsoft come up with a hotfix for this yet?

    We have a different problem (Win8 cannot access a hidden share on Server 2012) but one which results in error:
    SMB2    SMB2:R  - NT Status: System - Error, Code = (34) STATUS_ACCESS_DENIED  IOCTL (0xb)      {NbtSS:3, TCP:2, IPv4:1}

    In our case adding RequireSecureNegotiate = 2 does not solve the problem but I can't help wonder if it still related.

    Rgds,

       Nick

    Thursday, March 28, 2013 9:21 PM