none
Windows 10 1809 not able to join domain. RRS feed

  • Question

  • Hi All, 

    I need help with issue I am facing with Windows 10 1809 during domain join. As we are famaliar that 1809 do not have SMBV1 enabled by default. I am getting following error while trying to connect it to the domain

    Error: "

    However if i enable SMBV1 on windows 10 1809 machine it is able to join domain. 

    I have also checked the Domain controller and it have SMBV1,2,3 enable on it. and as per my understanding windows 10 1809 comes with V2 and V3 of SMB. and status of Get-smbserverconfiguration | Select enablesmb2protocol  is true on windows 10 1809 machine. 

    Can anyone help me with this. 

    Wednesday, April 17, 2019 9:11 AM

Answers

  • Hi All, 

    Thanks for your input. Eventually the issue was with Network device which had only SMB v1 enabled  we have it enabled SMBv2 and V3 down negotiation ON  in network device thereafter it works fine, 

    Regards

    Pawan Kumar

    Monday, May 27, 2019 1:33 PM

All replies

  • The error message is typical, it will appear when you try to connect to devices that support only SMBv1, or if these devices try to connect to you.

    Source:

    https://support.microsoft.com/en-sg/help/4034314/smbv1-is-not-installed-by-default-in-windows

    Yes, your current behavior is correct, regardless of Windows Features or PowerShell method, you need to enable SMBv1 protocol for domain joined because DC enabled SMBv1. If it is possible, please disable SMBv1 on your DC.

    After joined domain, disable/turn off SMBv1 on your PC.

    SMBv1 protocol is now obsolete and that Microsoft strongly advises consumers to use SMB2 or higher protocol. If you really need SMBv1 protocol, enable it only when you are using this network share. When you don’t need to access the share you can disable the SMBv1 protocol.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 17, 2019 9:24 AM
    Moderator
  • Hi Teemo, 

    Many thanks for your response. 

    Disabling smbv1 on DC could be challenging thing our environment because it might be serving other purpose in our environment. 

    Now my question is that if I will enable SMBV1 on client machine only for domain joining and then disable it again, Would it make any issues in machine in further use, like accessing shared drive / printer. etc. 

    Also, Is there mechanisam to set on DC that it serve the domain joining request from client on SMBV2 which is also enabled on DC. 

    Regards

    Pawan Kumar

    Wednesday, April 17, 2019 9:31 AM
  • Hi Pawan,

    >>If I will enable SMBV1 on client machine only for domain joining and then disable it again

    Of course you could, and this is also my idea.

    In general, after you enable network discovery and printer sharing, share folder access and printer share should be ok, the storage device which only supports SMBv1 will be influenced.

    Microsoft Network Client is the machine access the SMB services.

    Microsoft Network Server is the machine provide the SMB services.

    Something related

    https://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy/

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 18, 2019 1:59 AM
    Moderator
  • Hi All, 

    Thanks for your input. Eventually the issue was with Network device which had only SMB v1 enabled  we have it enabled SMBv2 and V3 down negotiation ON  in network device thereafter it works fine, 

    Regards

    Pawan Kumar

    Monday, May 27, 2019 1:33 PM