Windows – Can’t reach Qnap NAS from Windows 7

nasnetwork-sharessambawindows 7

I have a Qnap 219P NAS, one MacBook Pro, one Windows XP machine and one Windows 7 machine connected to the same network.

I've enabled both AFP and SMB networks services on the NAS.

Connecting to the NAS from my MacBook Pro or Windows XP machine works fine but I can't connect to it from the Windows 7 machine.

I get successful replies when executing ping <nas-local-ip>, but I can't reach the NAS's web administration page nor the Samba share. It seems like the NAS is totally hidden for Windows 7 but no other computer within the network.

I've tried other Windows 7 machines with the same result.

Does anyone have any ideas?

Best Answer

First of all it puzzles me a bit too that you say you cannot reach the web interface (HTTP) of the NAS via the browser.

But regarding SMB shares this might be related to some Windows 7 settings in combination to older SAMBA versions (don't know which version is run by your Qnap NAS).

First of all you should open the Network and Sharing Center of Windows 7. Then make sure your network is listed to be a "Home network" - and not a "Work network or "Public network".

If this is correctly set and it still does not work you might have to check your network policies. On Windows 7 Pro just launch Local Security Policy from your start menu and check the following values:

  • Local Policies -> Security Options -> Microsoft network client: Digitally sign communication (always)

    • This should be set to disabled as most Samba servers in NAS devices to not work with signed communication.
  • Local Policies -> Security Options -> Microsoft network client: Digitally sign communications (if server agrees)

    • This can be set to "Enabled" as Widnows will still fall back to unsigned communication if the server does not support it.
  • Local Policies -> Security Options -> Microsoft network client: Send unencrypted password to third-party SMB servers

    • In general this option shall be set to "Disabled". However some pretty old Samba versions used in older NAS devices do require the password to be sent in plain for authentication. So if you still cannot access the NAS shares you might try setting this policy to "Enabled". Do only enable this if your NAS really does not support encrypted passwords or for testing purposes. It can and it will expose your password to network intruders.

Regarding the web interface. You said you can ping your NAS IP. What is the IP? Is it possible there is some IP conflict in your network? If no, then you might try telnet to test whether your NAS web-server answers:

telnet <NAS-IP> 80

Caution: The telnet client is not installed by default on Windows 7. So either install it or use alternative telnet clients like PuTTY.

To install the Windows 7 telnet client you might either do this via control panel/Programs or via elevated command line prompt:

pkgmgr /iu:"TelnetClient"

Edit 1: Registry values

Before I did not have time for a research on the registry values. If you would like to enable plain text passwords sent to 3rd party SMB servers or change the other policies I was referring to you can of course do this on Windows 7 home too. But you need to edit registry values since the security policy editor is not available in home premium or basic version of Windows 7 (according to my knowledge).

So here are the values which I've described above. Just copy the contents of this file to a *.reg file (e.g. call it SMB-security.reg and then import it with elevated permissions.

Windows Registry Editor Version 5.00

; Microsoft network client: Send unencrypted password to third-party SMB servers
; If this option is enabled then passwords are sent in plain over the network
; Only disable if you're running a really really old SMB server (e.g. old NAS)
; which does not support encrypted passwords:
; Default Value:
; Enable sending of unencrypted passwords over the network
; "EnablePlainTextPassword"=dword:00000001

; Microsoft network client: Digitally sign communications (if server agrees)
; This enables digitally signed communication between SMB/CIFS clients and
; servers if the server supports it. If the server does not support it, then
; unsigned communication might still be established.
; Default:
; Disable digitally signed communication (even if server would allow it)
; "EnableSecuritySignature"=dword:00000000

; Microsoft network client: Digitally sign communication (always)
; This enables the requirement for digitally signed communication between
; SMB/CFS clients and servers. If the server does not support digitally signed
; communication, then connection will fail in case this option is enabled.
; Default:
; Enable required signature - communication will fail if server does not support
; signed communication
; "RequireSecuritySignature"=dword:00000001

; Disable requirement for DNS name resolution:
; Setting this option to 0 might be required if you use Samba as a domain
; controller
; Default:
; "DNSNameResolutionRequired"=dword:00000001
; Disable requirement for DNS resolution for server communication
; "DNSNameResolutionRequired"=dword:00000000
Related Question