Accessing File Shares Over NAT

Hello,
I am working with a client that set up a new sub net that uses hide NAT. When I try to access a file share on a server in a different sub net, I can only browse for a few seconds and then an error such as "Server service not started" or "network
name no longer available" appears, and I can't browse folders on that server anymore (it has Server 2003 SP2). Netmon found that the connection was constantly being reset. If I reconfigure the same client (XP SP3) with it's original unNATed IP address,
everything works fine, and the Windows firewall is disabled on both the server and client. Is there a trick to get CIFS or SMB or whatever to work over hide NAT?
Thanks!

Hi,
SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through
NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.
We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:
1. Disabling SMB on the server or on all the client machines by setting the registry:
Name: SMBDeviceEnabled
Type: REG_DWORD
Value: 0
The location of the registry key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.
2. Block TCP port 445 for the segment accessing shares through NAT
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

Similar Messages

  • Accessing file shares from JSP

    Hi,
    I need to be able to access file shares from a JSP page. Here's the JSP code:
    <%@ page language="java" %>
    <%@ page import="java.io.*" %>
    <%@ page errorPage="errorPage.jsp" %>
    <%
    String fileSystemPath = "\\\\130.26.1.199\\MeetingManager30\\test.txt";
    File f = new File(fileSystemPath);
    f.createNewFile();
    %>The above code resides in a server with IP 130.9.68.6 and is deployed onto the Tomcat on the server.
    When I tried to run the above code, I got this error
    java.io.IOException: Access is denied at java.io.WinNTFileSystem.createFileExclusively(Native Method) at java.io.File.createNewFile(File.java:827) at org.apache.jsp.test_jsp._jspService
    (test_jsp.java:55) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service
    (JspServletWrapper.java:210) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at
    javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at
    org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke
    (StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
    org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke
    (StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
    org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422) at
    org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
    eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at
    org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163)
    at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at
    org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke
    (StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
    org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199) at
    org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processCon
    nection(Http11Protocol.java:711) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
    (ThreadPool.java:687) at java.lang.Thread.run(Thread.java:536) Seems like I'm having a system level security setting problem here.
    I know it's a security issue, because I've encountered the equivalent problem in ASP/IIS, and I had to give a domain user rights to both the IIS Virtual Directory, and the file share to be able to access.
    Any ideas how to set up Tomcat to be able to access the file share successfully?
    Thanks in advance!

    Hello Veer,
    From what you have posted it looks like while logging your error another problem occurred. Did you get any output from your System.out calls? If not can you try adding a few in order to home in the problem area.
    Hussein Badakhchani
    www.orbism.com

  • Accessing file shares on Vista

    No matter what I do I cannot access an administrative share that is located on Vista from my Mac. I can explicitly share a folder and it works just fine but admin shares just give me the generic "Could not connect to server...".
    Anyone else notice this issue? Know of a fix??

    Hi,
    SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through
    NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.
    We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:
    1. Disabling SMB on the server or on all the client machines by setting the registry:
    Name: SMBDeviceEnabled
    Type: REG_DWORD
    Value: 0
    The location of the registry key is:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.
    2. Block TCP port 445 for the segment accessing shares through NAT
    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

  • Asa 8.2 access files share on outside network from VPN Client.

    please help me
    I have cisco asa 5505 with 8.2
    outside is 111.22.200.51
    inside is 192.168.1.0/24 dhcp
    vpnpool is 192.168.10.1-192.168.10.30
    configured split tunnel to vpn client to access web
    I was able to connect from outside via vpn.
    Goal is access fileserver(on window) on 111.22.200.21 from vpn clients.
    internal client can access the share folder
    vpn client cannot access ther share on 111.22.200.21
    ============================
    names
    name 192.168.1.1 ciscogw
    name 111.21.200.1 umgw
    interface Ethernet0/0
     switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
     switchport access vlan 5
    interface Ethernet0/4
    interface Ethernet0/5
     switchport access vlan 5
    interface Ethernet0/6
     switchport access vlan 5
    interface Ethernet0/7
     switchport access vlan 5
    interface Vlan1
     nameif inside
     security-level 100
     ip address ciscogw 255.255.255.0
    interface Vlan2
     nameif outside
     security-level 0
     ip address 111.22.200.51 255.255.255.0
    interface Vlan5
     no nameif
     security-level 50
     ip address dhcp setroute
    ftp mode passive
    clock timezone MST -7
    clock summer-time MDT recurring
    dns server-group DefaultDNS
     domain-name vpn.nmecsc.org
    access-list RAteam_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.192
    pager lines 24
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool vpnpool 192.168.10.1-192.168.10.30 mask 255.255.255.224
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
      quit
    crypto isakmp enable outside
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    dhcpd address 192.168.1.5-192.168.1.50 inside
    dhcpd dns 8.8.8.8 8.8.4.4 interface inside
    dhcpd wins 111.22.210.65 111.22.210.61 interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl trust-point ASDM_TrustPoint0 outside
    webvpn
     enable outside
    group-policy DfltGrpPolicy attributes
     banner value WARNING: Unauthorized access to this system is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be monitored if unauthorized usage is suspected.
    group-policy RA_SSLVPN internal
    group-policy RA_SSLVPN attributes
     vpn-tunnel-protocol webvpn
     webvpn
      url-list value team
    group-policy RAteam internal
    group-policy RAteam attributes
     wins-server value 111.22.210.65
     dns-server value  8.8.8.8 8.8.4.4
     vpn-tunnel-protocol IPSec
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value RAteam_splitTunnelAcl
     default-domain value vpn.nmecsc.org
    username teamssl2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
    username teamssl2 attributes
     vpn-group-policy RA_SSLVPN
    username team2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
    username team2 attributes
     vpn-group-policy RAteam
    username teamssl1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
    username teamssl1 attributes
     vpn-group-policy RA_SSLVPN
    username team1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
    username team1 attributes
     vpn-group-policy RAteam
    tunnel-group team type remote-access
    tunnel-group team general-attributes
     default-group-policy RA_SSLVPN
    tunnel-group team webvpn-attributes
     group-alias team enable
     group-url https://111.22.200.51/team enable
    tunnel-group RAteam type remote-access
    tunnel-group RAteam general-attributes
     address-pool vpnpool
     default-group-policy RAteam
    tunnel-group RAteam ipsec-attributes
     pre-shared-key *
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
    service-policy global_policy global
    prompt hostname context
    call-home reporting anonymous
    Cryptochecksum:680b9059ca6ca6610857bab04d855031

    I just upgrade asa to 9.3
    add access-list but still no luck. I attached the diagram.
    name 192.168.1.1 ciscogw
    ip local pool vpnpool 192.168.10.1-192.168.10.50 mask 255.255.255.0
    interface Ethernet0/0
     switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/7
    interface Vlan1
     nameif inside
     security-level 100
     ip address ciscogw 255.255.255.0
    interface Vlan2
     nameif outside
     security-level 0
     ip address 111.22.200.51 255.255.255.0
    boot system disk0:/asa923-k8.bin
    ftp mode passive
    object network obj_any
     subnet 0.0.0.0 0.0.0.0
    object network NETWORK_OBJ_192.168.1.0_24
     subnet 192.168.1.0 255.255.255.0
    object network NETWORK_OBJ_192.168.10.0_26
     subnet 192.168.10.0 255.255.255.192
    access-list ipsec_group_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
    access-list ipsec_group_splitTunnelAcl standard permit host 111.22.200.21
    access-list ipsec_group_splitTunnelAcl standard permit 111.22.200.0 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-731-101.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.10.0_26 NETWORK_OBJ_192.168.10.0_26 no-proxy-arp route-lookup
    object network obj_any
     nat (inside,outside) dynamic interface
    route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ssl trust-point ASDM_TrustPoint0 outside
    webvpn
     enable outside
     tunnel-group-list enable
    group-policy ssl_vpn internal
    group-policy ssl_vpn attributes
     vpn-tunnel-protocol ssl-clientless
     webvpn
      url-list value carino
    group-policy DfltGrpPolicy attributes
    group-policy ipsec_group internal
    group-policy ipsec_group attributes
     dns-server value 8.8.8.8 8.8.4.4
     vpn-tunnel-protocol ikev1
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value ipsec_group_splitTunnelAcl

  • Access Denied trying to access file shares with correct credentials

    I am getting the Access Denied message when trying to connect to network shares from Windows 10 (9926)
    When trying to access a network share, I get the username and password prompt, and it always fails.
    Using the same credentials on a Windows 8.1 machine to connect to the same shares and it will work.
    Shares can be hosted on Windows Server 2012 R2, Windows 8.1, Linux Samba, NAS, or even \\127.0.0.1 and all will fail with the same message.
    But you can access the shares hosted on the the windows 10 machine from other remote machines.
    Credentials have been entered in the format of: domain\username,
    machinename\username, and just username
    All machines are on the same workgroup\domain
    NOTE: Typing in an invalid machine name will also bring up the credential prompt.
    I.e. entering \\QWERTY will still ask you for your username and password and fail immediately.
    The same shares worked in the version before 9926
    Peter Taylor
    Red Planet Programming Ltd

    I have the same problem, and I figured out that my windows is installed in french, and every users groups are created in french also, groups like Everyone don't exists and i can't change by console.
    Regards, Roberto Borges please remember to mark the replies as answers if they help and unmark them if they provide no help.

  • NFC File share over WiFi problem between camera - Q10

    Hello Folks, I just got myself a Olympus camera with a WiFi NFC photoshare feature. I cannot get it to work with the Q10. Camera Side: WiFi enabled - the display shows a NFC Tag and also provides instructions for manual connexion.When I scan the tag with smarttag I get this string "OIS1,CP1%1H1UOP+++Y//,%*Z-+-X$" and the Q10 wants to search it in google (LoL)So I established the WiFi connexion manually as instructed by the Camera. The Q10 establish the connexion but warns about Internet not available with it. The camera instructions says the files are at http://oishare/ No matter how I try to enter this http://oishare/  link, the Q10 keeps sending it to Google where it get lost in translation. Does anyone has figure out that one out? Thanks folks

    Thread update Network / Mobile Network must be turned off (at least data) in order to be able to access http://oishare/Then I managed to see the directory structure but I couldn't find any pictures on the camera. Later on, I found some instructions in other forums to Sideload the Snap Google Play client.With a Google Play account in hand via Snap, I downloaded and install the Olympus Photoshare app. The app installed properly and has its own NFC scan function compatible with the Camera NFC tag. I was then able to export the pictures to the Q10 and even remote control the Camera. Pretty cool.

  • Windows 2003 R2 Enterprise SP2- File Share suddently no one can access. After reboot, it is back normal. Why?

    We have file server, which is using windows 2003 R2 Enterprise Edition, Service Pack 2. Today suddently no one can access its file share. I try to login to the server and open services, but it is so slow to respond. I have to reboot the machine. After the
    server reboot, it is back normal. Any one know why?
    Here are the system errors shown before the machine rebooted. First question, I am not sure which error really causes the problem. The machine is set to use WSUS to get windows update.  On the automatic updates, it is set to "Download updates
    for me, but let me choose when to install them." Second question, why the machine is still trying to install update without permission? Please help. Thanks.
    Event Type: Error
    Event Source: Windows Update Agent
    Event Category: Installation
    Event ID: 20
    Date:  12/13/2013
    Time:  12:55:58 PM
    User:  N/A
    Computer: CHCDSSRV1
    Description:
    Installation Failure: Windows failed to install the following update with error 0xfffffbf8: Automatic Updates.
    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 57 69 6e 33 32 48 52 65   Win32HRe
    0008: 73 75 6c 74 3d 30 78 66   sult=0xf
    0010: 66 66 66 66 62 66 38 20   ffffbf8
    0018: 55 70 64 61 74 65 49 44   UpdateID
    0020: 3d 7b 44 36 37 36 36 31   ={D67661
    0028: 45 42 2d 32 34 32 33 2d   EB-2423-
    0030: 34 35 31 44 2d 42 46 35   451D-BF5
    0038: 44 2d 31 33 31 39 39 45   D-13199E
    0040: 33 37 44 46 32 38 7d 20   37DF28}
    0048: 52 65 76 69 73 69 6f 6e   Revision
    0050: 4e 75 6d 62 65 72 3d 30   Number=0
    0058: 20 00                      .     
    Event Type: Error
    Event Source: W32Time
    Event Category: None
    Event ID: 46
    Date:  12/13/2013
    Time:  1:23:58 PM
    User:  N/A
    Computer: CHCDSSRV1
    Description:
    The time service encountered an error and was forced to shut down.  The error was: 0x800706BB: The RPC server is too busy to complete this operation.

    Hi,
    As you mentioned, users suddenly cannot access file share, the issue most likely caused by third party software, such as antivirus software. Please refer to the thread below to troubleshoot the issue:
    File share become inaccessible
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/19205ea0-3efe-4c9c-a625-8ccf93744948/file-share-become-inaccessible?forum=winserverDS
    For your second question, you can Configure Automatic Updates group policy and choose
    Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates
    For more detailed information, please refer to the article below:
    Configure Automatic Updates by Using Group Policy
    http://technet.microsoft.com/en-us/library/cc720539(ws.10).aspx#WUS_ConfigureAutomaticUpdates
    Please also refer to the article below to troubleshoot the error message:
    The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1
    http://social.technet.microsoft.com/Forums/en-US/a86b4b3f-044a-499d-ba2f-d817931de6a0/windows-2003-r2-enterprise-sp2-file-share-suddently-no-one-can-access-after-reboot-it-is-back?forum=winserverfiles
    Regards,
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Unable to restrict file share access

    I've got a weird issue with file share and firewall settings that has had me stumped for a couple of days. Hopefully someone can explain what I'm doing wrong or overlooking.
    I've got a single dedicated box running Server Essentials 2012 hosted in a datacenter. The server is using a single NIC with a single static public IP address - no local routing or NAT.
    I've also setup VPN access via RAS. Using NAT, VPN clients are assigned an IP from a static range of completely different IPs.
    I'd like to ensure that file sharing services are only available to VPN clients, not over the public IP address to anyone connected to the internet.
    I've tried setting the local and remote address scope on the default firewall rules for ports 138, 137, 139, 445 and even RPC rules, but shares remain accessible to everyone.
    So far the only way I've been able to block access is to create new rules explicitly preventing traffic on the aforementioned ports, but that obviously blocks sharing for VPN clients as well.
    Any insight is welcome. Sincere thanks in advance.

    Firstly id look at getting something more powerful in front of the server instead of having a public ip assigned to it.
    Second, you can use Windows Firewall to Block all traffic from external sources, except VPN traffic. Then setup a new rule to allow all traffic from your VPN subnet to the server.
    Ill be honest and say i dont really understand your setup, based on your description it seems very odd indeed.
    Robert Pearman SBS MVP
    itauthority.co.uk |
    Title(Required)
    Facebook |
    Twitter |
    Linked in |
    Google+

  • Macbook pro can no longer access windows file share.  'This file server is available on your computer'

    Hi all,
    We have a consultant who uses a macbook pro to access the internet and a windows share within our network.  He has been accessing the internet and the windows share fine for over 4 weeks and overnight he can no longer access the internet or this windows share.  I have got the error down to a specific windows share which is actually a share on a DC hence the loss of internet.  When this user plugs in via ethernet he can view all network locations as expected and can access everyone succesfully bar this specific one.  Everytime he tries to access this share he gets the following error: 'This file server is available on your computer. Access the volumes and files locally'.  I have another macbook pro that can successfully access this share.
    I have tried renewing leases, browsing the network in finder, using 'cmd + k' all produce the same message.
    The user is running Mountain Lion
    Any ideas?
    Adam

    Find and delete the ~/Library/Preferences/com.apple.sidebarlists.plist file.  This is what keeps track of all your current server share mounts.  Maybe the file is corrupt or something.  Once you delete it, reboot the machine and then try again.  Don't empty the trash until you're sure everything works after the reboot.

  • Using robocopy to copy files from a network share over a WinRS command line session

    Hello,
    Preface: Using server 2008 enterprise.
    I can't seem to get robocopy to function over WinRS and I'm not sure where the problem actually lies.  Running robocopy locally on the computer does work fine, but as soon as I try to run it through a remote command prompt through the WinRS client or directly with the WinRS client I get an access denied message (error 5).
    I've tried using runas while logged into the remote command prompt as well, thinking that it could have been some sort of permissions inheritence issue.
    I've checked the permissions on the remote file share, I've even given 'Everyone', 'Anonymous Logon' and the computer's active directory account full control over the folder and the file I'm trying to copy, but still get the access denied error.
    I've tried using /COPY:DT since I read that usually resolved error 5 issues.
    None of these things have worked.
    I'm kind of out of ideas, I've read some blogs of people who have written powershell scripts which use winrm/robocopy so I figure I'm missing something stupid.  Or maybe I've stumbled upon a bug?
    C:\>robocopy \\192.168.100.1\share c:\test example.exe
       ROBOCOPY     ::     Robust File Copy for Windows
      Started : Mon Feb 09 17:35:32 2009
    2009/02/09 17:35:32 ERROR 5 (0x00000005) Getting File System Type of Source \\192.168.100.1\share\
    Access is denied.
       Source - \\192.168.100.1\share\
         Dest : c:\test\
        Files : example.exe
      Options : /COPY:DAT /R:1000000 /W:30
    2009/02/09 17:35:32 ERROR 5 (0x00000005) Accessing Source Directory \\192.168.100.1\share\
    Access is denied.

    Yep, I verified permissions on them all :(
    To maybe complicate the issue, I looked at the environment variables for myself while logged in locally to the computer and through WinRS and they look to be the same.   
    EDIT: Out of pure frustration I wrote a quick console application which impersonates the currently logged in user and copies a file from the network share I'm trying to access to the local computer.  The application properly impersonates the user - but does not copy the files while it's run through WinRM.  When you run the application as a locally logged in user it works just fine.
    WinRM must be behaving goofy :(
     This is the output of the following application:
    C:\Windows\System32>test.exe 
    Name: domain\loggedinuser 
    IsAuthenticated: True 
    User: {GUID} 
    AuthenticationType: Kerberos 
    Destination directory doesn't exist, creating new directory.. 
    Undoing impersonation.. 
    No exceptions, no nothing :(
    Imports System.IO 
    Imports System.IO.File 
    Module Module1 
       Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext 
       Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity 
       Dim cpr As New copyProgress(AddressOf FileCopyProgress) 
       Dim destinationDir As DirectoryInfo = New DirectoryInfo("c:\destination\") 
       Private Delegate Function copyProgress(ByVal totalFileSize As Int64, ByVal totalBytesTransferred As Int64, ByVal streamSize As Int64, ByVal streamBytesTransferred As Int64, ByVal dwStreamNumber As Int32, ByVal dwCallbackReason As Int32, ByVal hSourceFile As Int32, ByVal hDestinationFile As Int32, ByVal lpData As Int32) As Int32 
       Private Declare Auto Function CopyFile Lib "kernel32.dll" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal lpProgressRoutine As copyProgress, ByVal lpData As Int32, ByVal lpBool As Int32, ByVal dwCopyFlags As Int32) As Int32 
       Private Function FileCopyProgress(ByVal totalFileSize As Int64, ByVal totalBytesTransferred As Int64, ByVal streamSize As Int64, ByVal streamBytesTransferred As Int64, ByVal dwStreamNumber As Int32, ByVal dwCallbackReason As Int32, ByVal hSourceFile As Int32, ByVal hDestinationFile As Int32, ByVal lpData As Int32) As Int32 
       End Function 
       Private Function FileCopyProgress2(ByVal totalFileSize As Int64, ByVal totalBytesTransferred As Int64, ByVal streamSize As Int64, ByVal streamBytesTransferred As Int64, ByVal dwStreamNumber As Int32, ByVal dwCallbackReason As Int32, ByVal hSourceFile As Int32, ByVal hDestinationFile As Int32, ByVal lpData As Int32) As Int32 
       End Function 
       Sub Main() 
          Try 
             currentWindowsIdentity = CType(System.Security.Principal.WindowsIdentity.GetCurrent, System.Security.Principal.WindowsIdentity) 
             impersonationContext = currentWindowsIdentity.Impersonate() 
             Console.WriteLine("Name: " & currentWindowsIdentity.Name) 
             Console.WriteLine("IsAuthenticated: " & currentWindowsIdentity.IsAuthenticated) 
             Console.WriteLine("User: " & currentWindowsIdentity.User.ToString) 
             Console.WriteLine("AuthenticationType: " & currentWindowsIdentity.AuthenticationType) 
             If Not destinationDir.Exists Then 
                Console.WriteLine("Destination directory doesn't exist, creating new directory..") 
                destinationDir.Create() 
             End If 
             CopyFile(Path.Combine("\\192.168.100.1\share\", "example.exe"), Path.Combine("c:\destination\", "example.exe"), cpr, 0, 0, 0) 
          Catch ex As Exception 
             Console.WriteLine(ex.ToString) 
          Finally 
             Console.WriteLine("Undoing impersonation..") 
             impersonationContext.Undo() 
          End Try 
          Console.ReadKey() 
       End Sub 
    End Module 

  • "Share over Wan" - passworded but log files say differently?

    In a desperate attempt to get backup features to work on my TC, I enabled "Share over Wan". Thinking that I've got more than enough security with disk passwords, I didn't automatically think there'd be a problem.
    I then looked at my log files on my TC a day later and saw successful logins from IP's other than mine - but all within the same subdomain.
    Does "Share over Wan" supersede the disk passwords? I've tried accessing from other subdomains (my work) and always get prompted for passwords. Should I be worried about these successful logins or ignore them as successful pings (or the like?)
    I've, of coarse, now turned off "Share over Wan".

    awkwood wrote:
    Cheers omp!
    I have one suggestion: your count_lines method will be quite slow on large log files.
    Rather than use readlines you can optimize the read operations like so:
    line_count = 0
    File.open(identifier.to_cache_path) do |f|
    while block = f.read(1024)
    line_count += block.count("\n")
    end
    end
    The speed boost makes it comparable to shelling out to wc.
    Thanks for the suggestion; I just committed it.

  • Slow file listings in Finder AND Terminal on shares over wifi

    I have a problem with slow directory listing performance with one client machine that accesses our file server over AFP. Here’s the basic setup.
    Client1 (MBA,2013,10.9.2) <~> WAP <-> Switch <-> Server (Mini,10.9.2+Server 3.0.3)
    Client2 (MBA,2012,10.8.5) <~> WAP <->
    Client3 (iMac,2012,10.9.2) <-------->
    This server provides DHCP, local DNS and file services for the network.
    The issue only affects client1 when connected via wifi, wireless client2 and wired client3 all run full speed. Client1 runs full speed when attached using a wired connection.
    The slow directory listing symptoms (5-30sec lag) are noticeable in Finder and Terminal (via ls, find etc) when attached to a share. It only affects file listings, other operations, such as file transfers, server pings, server ssh, as well as general http traffic all operate at full speed. Pings to the sever from client1 are a steady 1-2ms, even during a long lag.
    I have read about people having similar problems (slow Finder etc) and I have tried a few suggestions, but I think this issue is a little different because it only occurs when connected over wifi, only for file listings and also affects terminal.
    Any ideas?

    I have a problem with slow directory listing performance with one client machine that accesses our file server over AFP. Here’s the basic setup.
    Client1 (MBA,2013,10.9.2) <~> WAP <-> Switch <-> Server (Mini,10.9.2+Server 3.0.3)
    Client2 (MBA,2012,10.8.5) <~> WAP <->
    Client3 (iMac,2012,10.9.2) <-------->
    This server provides DHCP, local DNS and file services for the network.
    The issue only affects client1 when connected via wifi, wireless client2 and wired client3 all run full speed. Client1 runs full speed when attached using a wired connection.
    The slow directory listing symptoms (5-30sec lag) are noticeable in Finder and Terminal (via ls, find etc) when attached to a share. It only affects file listings, other operations, such as file transfers, server pings, server ssh, as well as general http traffic all operate at full speed. Pings to the sever from client1 are a steady 1-2ms, even during a long lag.
    I have read about people having similar problems (slow Finder etc) and I have tried a few suggestions, but I think this issue is a little different because it only occurs when connected over wifi, only for file listings and also affects terminal.
    Any ideas?

  • SBS 2008 - Windows 8.1+ clients trouble accessing file server shares

    I have now upgraded 1 Windows 8 machine to Windows 8.1, and also clean installed another with Win 8.1 update 1 today, and both machines have trouble accessing the SBS2008 file server shares by UNC. If I browse by IP address of the server it seems to work
    flawlessly. The odd thing is that it's sporadic. So if I browse in explorer to "\\*netbiosname*\share" the Win8.1 machine will sometimes be able to access the share, and other times it will fail with a "network unable to reach location etc.."
    error. When it does work, it can take up to 5-10 minutes while explorer is frozen before the share is accessed. We're running quite a few Windows 8 machines without a problem, but it seems to be a specific problem with 8.1. Any idea?

    This doesn't seem to fix this specific problem. I had a few days of "luck", but now it's back. I just upgraded another co-workers machine to Win8.1 and he advised me that he's been having the same problem even with the above fix applied. His issue
    is when opening an office document that's located on the file server using location "\\servername\filename.xlsx", it takes a very long time (minutes) to open the excel file. This was happening to me as well, and if I tried to browse the network during
    this period, Windows Explorer would sometimes give me path not found, and unspecified error. I will try and capture a screen of the error when it occurs. Any ideas??
    edit: I have also noticed an unresponsive Windows Explorer for a few seconds to a minute over the last few days, which is a pretty good indicator that it's still happening on my machine.
    The odd thing is, if I use the IP address of the file server, everything is fine. I changed all of my links to use the IP since October when Win8.1 was released to combat this problem, and only changed them back to the server name for testing since I want
    to start deploying Win8.1 to others in the office. Unless I can fix this bug, they'll have to be stuck on Win8.
    Thanks,
    kk

  • Can not get access files from Windows 7 to Claims-based file authorization share

    We have AD level 2012R2, DCs running 2012R2 of course, and we have clustered File Server (3 FSNodes running 2012R2).
    We enabled 2 policies 
    KDC Support for claim
    Kerberos support for claim
    We created 1 claim type in ADAC (For example "Division" Source Property). Filled this property to all IT AD Accounts by our value "IT"
    On FS made a share folder ITDivision:
    - set permissions  Domain Users can Modify if User.Division equals "IT"
    so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
    =\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)

    Hi,
    >>so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
    =\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)
    How is it going? Was there any error message? As far as I know, Dynamic Access Control (DAC) should work for downlevel clients. It’s backwards compatible. As Florain explains in the following blog:
    For non-Windows 8 and non-Windows Server 2012 boxes accessing DAC-protected file shares, the users do not carry any claims. For them, the Server 2012-based file share will query Active Directory and proxy the claims request to figure out what claims
    the user and machine bring. The file server checks in the name of the user, whether they should have claims. With that information, the file server evaluates the access to the file share. So yeah – DAC works for downlevel clients, too. It’s backwards compatible.
    And totally transparent to Windows 7.
    Questions regarding Dynamic Access Control (FAQ)
    http://www.frickelsoft.net/blog/?p=293
    In addition, regarding dynamic access control, the following blog can also be referred to for more information.
    Dynamic Access Control in Windows Server 2012
    http://www.infoq.com/news/2012/10/Dynamic-Access-Control
    Please Note: Since the above two website are not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best regards,
    Frank Shen

  • Help!  Trying to access a share disk with file sharing- problems

    I have limited knowledge of file sharing, keychain access, and Macs in general.
    My school uses the Mac OS 9's for our schoolwide "Accerated Reader" program (a common program for schools accross the US).
    I am unable to get the 4th grade class room's Mac computer to access the share disk "AR Folder," which means that the Accerated Reader program won't work in this particular classroom.
    I go to "Keychain Access." The infor I get for "kind" is "Apple Share password." I go to "Unlock Keychain: AR Computer," and I type in the correct password. I click "unlock". The next window shows "Keychain: "AR COMPUTER" on disk "MACINTOSH HD" 2 items. My choices are "AR Main Lab" and "AR Main Server." When I click on both (one at a time), and on the next window, when I click "go there" the following error message appears:
    :An error has occurred. Unable to go to this item's location. An operating system (-5016) occurred."
    What can I do from here on? WHat could be wrong? Help me troubleshoot!
    Thanks!

    Hello sylves,
    First..many people may be hesitant to help answer your posts as it deals with a school and security issues and passwords. It is not too good to mispell "accelerated". This could indicate someone trying to get into an area they don't have permission to access.
    I offer sevreal ideas.
    1. Perhaps you could explain your position in school.
    2. - Ask the tech people at school for assistance. I know this can be had at times. I work in a school with all PC's and only a few Macs so they are not quite up to fixing our mac problems.
    3. - post more info as to if these computers are able to use internet or are they just going to the school server etc.
    I post this as ideas how to get more help and not disrespectfully.....Jim

Maybe you are looking for