Can connect to server via RDP but cannot via share files

On a Windows 2012 server I have a network shared folders. The problem is that I can access those resources using remote desktop connection, but when I use \serverIP also asks me username and password, I enter the data requested but responds with the message "access denied". Please help.

This event is logged in the Windows Security logs on the server when I try to connect to the share:

- System 
  - Provider 
   [ Name]  Microsoft-Windows-Security-Auditing 
   [ Guid]  {54849625-5478-4994-A5BA-3E3B0328C30D} 

   EventID 4625 
   Version 0 
   Level 0 
   Task 12544
   Opcode 0
   Keywords 0x8010000000000000 

  - TimeCreated
   [ SystemTime]  2016-09-29T13:15:42.325867400Z
   EventRecordID 35148404 
   Correlation

  - Execution
   [ ProcessID]  764 
   [ ThreadID]  4188      
   Channel Security
   Computer ZFSERVER.zonafrancapc.co
   Security

- EventData     
  SubjectUserSid S-1-0-0
  SubjectUserName - 
  SubjectDomainName - 
  SubjectLogonId 0x0 
  TargetUserSid S-1-0-0 
  TargetUserName Sistemas 
  TargetDomainName SISTEMAS-ZFPC 
  Status 0xc0000022 
  FailureReason %%2304 
  SubStatus 0x0 
  LogonType 3 
  LogonProcessName NtLmSsp 
  AuthenticationPackageName NTLM 
  WorkstationName SISTEMAS-ZFPC 
  TransmittedServices - 
  LmPackageName - 
  KeyLength 0 
  ProcessId 0x0 
  ProcessName - 
  IpAddress 192.168.250.110 
  IpPort 57825

Best Answer

Per our conversation in the comments on your question it seems like you're client and server are in different subnets.

In that scenario the server and/or client may have been hardened (via a security update) to prevent "SMB over NetBIOS" traffic from flowing outside of the local subnet.

If this is the case, you may be able to workaround your issue by adding/editing the registry value below (as documented in the MS article linked to above).

NETBIOS communication outside of the local subnet is hardened. Therefore, by default, some features that depend on NETBIOS (such as SMB over NETBIOS) will not work outside the local subnet. To change this new default behavior, create the following registry entry:

SUBKEY: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value Name: AllowNBToInternet
Type: Dword
Value: 1
Default value of the flag: 0

It's not clear if you would have to update/add this value on both the client and the server, and I don't have environment stood up to test this in at the moment.

I would just add/update the registry entry on both the client and the server and see if it fixes it (may need to reboot one or both). If it does fix it, then you could experiment with removing it from one or the other (and please let us know what you find out).

NOTE:

If you do end up using this as a permanent solution you should consider disabling WPAD to mitigate the initial vulnerability as documented in the original security bulletin (you'll need to check to make sure internet browsing works as necessary afterwards).

Workarounds

Stop WPAD using a host file entry

Open the host file located at following location as an administrator: %systemdrive%\Windows\System32\Drivers\etc\hosts

Create the following entry for WPAD in the host file: 255.255.255.255 wpad.

Best Answer

Related Solutions

Windows – Cannot share folders in Windows Server 2008 R2

Windows – Can ping by hostname, can RDP by IP, but cannot RDP by hostname

Related Question