Accessing File Shares Over NAT
Hello,
I am working with a client that set up a new sub net that uses hide NAT. When I try to access a file share on a server in a different sub net, I can only browse for a few seconds and then an error such as "Server service not started" or "network
name no longer available" appears, and I can't browse folders on that server anymore (it has Server 2003 SP2). Netmon found that the connection was constantly being reset. If I reconfigure the same client (XP SP3) with it's original unNATed IP address,
everything works fine, and the Windows firewall is disabled on both the server and client. Is there a trick to get CIFS or SMB or whatever to work over hide NAT?
Thanks!
Hi,
SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through
NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.
We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:
1. Disabling SMB on the server or on all the client machines by setting the registry:
Name: SMBDeviceEnabled
Type: REG_DWORD
Value: 0
The location of the registry key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.
2. Block TCP port 445 for the segment accessing shares through NAT
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]
Similar Messages
-
Accessing file shares from JSP
Hi,
I need to be able to access file shares from a JSP page. Here's the JSP code:
<%@ page language="java" %>
<%@ page import="java.io.*" %>
<%@ page errorPage="errorPage.jsp" %>
<%
String fileSystemPath = "\\\\130.26.1.199\\MeetingManager30\\test.txt";
File f = new File(fileSystemPath);
f.createNewFile();
%>The above code resides in a server with IP 130.9.68.6 and is deployed onto the Tomcat on the server.
When I tried to run the above code, I got this error
java.io.IOException: Access is denied at java.io.WinNTFileSystem.createFileExclusively(Native Method) at java.io.File.createNewFile(File.java:827) at org.apache.jsp.test_jsp._jspService
(test_jsp.java:55) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service
(JspServletWrapper.java:210) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422) at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199) at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processCon
nection(Http11Protocol.java:711) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
(ThreadPool.java:687) at java.lang.Thread.run(Thread.java:536) Seems like I'm having a system level security setting problem here.
I know it's a security issue, because I've encountered the equivalent problem in ASP/IIS, and I had to give a domain user rights to both the IIS Virtual Directory, and the file share to be able to access.
Any ideas how to set up Tomcat to be able to access the file share successfully?
Thanks in advance!Hello Veer,
From what you have posted it looks like while logging your error another problem occurred. Did you get any output from your System.out calls? If not can you try adding a few in order to home in the problem area.
Hussein Badakhchani
www.orbism.com -
Accessing file shares on Vista
No matter what I do I cannot access an administrative share that is located on Vista from my Mac. I can explicitly share a folder and it works just fine but admin shares just give me the generic "Could not connect to server...".
Anyone else notice this issue? Know of a fix??Hi,
SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through
NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.
We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:
1. Disabling SMB on the server or on all the client machines by setting the registry:
Name: SMBDeviceEnabled
Type: REG_DWORD
Value: 0
The location of the registry key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.
2. Block TCP port 445 for the segment accessing shares through NAT
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected] -
Asa 8.2 access files share on outside network from VPN Client.
please help me
I have cisco asa 5505 with 8.2
outside is 111.22.200.51
inside is 192.168.1.0/24 dhcp
vpnpool is 192.168.10.1-192.168.10.30
configured split tunnel to vpn client to access web
I was able to connect from outside via vpn.
Goal is access fileserver(on window) on 111.22.200.21 from vpn clients.
internal client can access the share folder
vpn client cannot access ther share on 111.22.200.21
============================
names
name 192.168.1.1 ciscogw
name 111.21.200.1 umgw
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
switchport access vlan 5
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 5
interface Ethernet0/6
switchport access vlan 5
interface Ethernet0/7
switchport access vlan 5
interface Vlan1
nameif inside
security-level 100
ip address ciscogw 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 111.22.200.51 255.255.255.0
interface Vlan5
no nameif
security-level 50
ip address dhcp setroute
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
domain-name vpn.nmecsc.org
access-list RAteam_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.10.1-192.168.10.30 mask 255.255.255.224
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
quit
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.5-192.168.1.50 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd wins 111.22.210.65 111.22.210.61 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
group-policy DfltGrpPolicy attributes
banner value WARNING: Unauthorized access to this system is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be monitored if unauthorized usage is suspected.
group-policy RA_SSLVPN internal
group-policy RA_SSLVPN attributes
vpn-tunnel-protocol webvpn
webvpn
url-list value team
group-policy RAteam internal
group-policy RAteam attributes
wins-server value 111.22.210.65
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RAteam_splitTunnelAcl
default-domain value vpn.nmecsc.org
username teamssl2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username teamssl2 attributes
vpn-group-policy RA_SSLVPN
username team2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username team2 attributes
vpn-group-policy RAteam
username teamssl1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username teamssl1 attributes
vpn-group-policy RA_SSLVPN
username team1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
username team1 attributes
vpn-group-policy RAteam
tunnel-group team type remote-access
tunnel-group team general-attributes
default-group-policy RA_SSLVPN
tunnel-group team webvpn-attributes
group-alias team enable
group-url https://111.22.200.51/team enable
tunnel-group RAteam type remote-access
tunnel-group RAteam general-attributes
address-pool vpnpool
default-group-policy RAteam
tunnel-group RAteam ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
Cryptochecksum:680b9059ca6ca6610857bab04d855031I just upgrade asa to 9.3
add access-list but still no luck. I attached the diagram.
name 192.168.1.1 ciscogw
ip local pool vpnpool 192.168.10.1-192.168.10.50 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address ciscogw 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 111.22.200.51 255.255.255.0
boot system disk0:/asa923-k8.bin
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_26
subnet 192.168.10.0 255.255.255.192
access-list ipsec_group_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list ipsec_group_splitTunnelAcl standard permit host 111.22.200.21
access-list ipsec_group_splitTunnelAcl standard permit 111.22.200.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.10.0_26 NETWORK_OBJ_192.168.10.0_26 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
tunnel-group-list enable
group-policy ssl_vpn internal
group-policy ssl_vpn attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list value carino
group-policy DfltGrpPolicy attributes
group-policy ipsec_group internal
group-policy ipsec_group attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value ipsec_group_splitTunnelAcl -
Access Denied trying to access file shares with correct credentials
I am getting the Access Denied message when trying to connect to network shares from Windows 10 (9926)
When trying to access a network share, I get the username and password prompt, and it always fails.
Using the same credentials on a Windows 8.1 machine to connect to the same shares and it will work.
Shares can be hosted on Windows Server 2012 R2, Windows 8.1, Linux Samba, NAS, or even \\127.0.0.1 and all will fail with the same message.
But you can access the shares hosted on the the windows 10 machine from other remote machines.
Credentials have been entered in the format of: domain\username,
machinename\username, and just username
All machines are on the same workgroup\domain
NOTE: Typing in an invalid machine name will also bring up the credential prompt.
I.e. entering \\QWERTY will still ask you for your username and password and fail immediately.
The same shares worked in the version before 9926
Peter Taylor
Red Planet Programming LtdI have the same problem, and I figured out that my windows is installed in french, and every users groups are created in french also, groups like Everyone don't exists and i can't change by console.
Regards, Roberto Borges please remember to mark the replies as answers if they help and unmark them if they provide no help. -
NFC File share over WiFi problem between camera - Q10
Hello Folks, I just got myself a Olympus camera with a WiFi NFC photoshare feature. I cannot get it to work with the Q10. Camera Side: WiFi enabled - the display shows a NFC Tag and also provides instructions for manual connexion.When I scan the tag with smarttag I get this string "OIS1,CP1%1H1UOP+++Y//,%*Z-+-X$" and the Q10 wants to search it in google (LoL)So I established the WiFi connexion manually as instructed by the Camera. The Q10 establish the connexion but warns about Internet not available with it. The camera instructions says the files are at http://oishare/ No matter how I try to enter this http://oishare/ link, the Q10 keeps sending it to Google where it get lost in translation. Does anyone has figure out that one out? Thanks folks
Thread update Network / Mobile Network must be turned off (at least data) in order to be able to access http://oishare/Then I managed to see the directory structure but I couldn't find any pictures on the camera. Later on, I found some instructions in other forums to Sideload the Snap Google Play client.With a Google Play account in hand via Snap, I downloaded and install the Olympus Photoshare app. The app installed properly and has its own NFC scan function compatible with the Camera NFC tag. I was then able to export the pictures to the Q10 and even remote control the Camera. Pretty cool.
-
We have file server, which is using windows 2003 R2 Enterprise Edition, Service Pack 2. Today suddently no one can access its file share. I try to login to the server and open services, but it is so slow to respond. I have to reboot the machine. After the
server reboot, it is back normal. Any one know why?
Here are the system errors shown before the machine rebooted. First question, I am not sure which error really causes the problem. The machine is set to use WSUS to get windows update. On the automatic updates, it is set to "Download updates
for me, but let me choose when to install them." Second question, why the machine is still trying to install update without permission? Please help. Thanks.
Event Type: Error
Event Source: Windows Update Agent
Event Category: Installation
Event ID: 20
Date: 12/13/2013
Time: 12:55:58 PM
User: N/A
Computer: CHCDSSRV1
Description:
Installation Failure: Windows failed to install the following update with error 0xfffffbf8: Automatic Updates.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 69 6e 33 32 48 52 65 Win32HRe
0008: 73 75 6c 74 3d 30 78 66 sult=0xf
0010: 66 66 66 66 62 66 38 20 ffffbf8
0018: 55 70 64 61 74 65 49 44 UpdateID
0020: 3d 7b 44 36 37 36 36 31 ={D67661
0028: 45 42 2d 32 34 32 33 2d EB-2423-
0030: 34 35 31 44 2d 42 46 35 451D-BF5
0038: 44 2d 31 33 31 39 39 45 D-13199E
0040: 33 37 44 46 32 38 7d 20 37DF28}
0048: 52 65 76 69 73 69 6f 6e Revision
0050: 4e 75 6d 62 65 72 3d 30 Number=0
0058: 20 00 .
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 46
Date: 12/13/2013
Time: 1:23:58 PM
User: N/A
Computer: CHCDSSRV1
Description:
The time service encountered an error and was forced to shut down. The error was: 0x800706BB: The RPC server is too busy to complete this operation.Hi,
As you mentioned, users suddenly cannot access file share, the issue most likely caused by third party software, such as antivirus software. Please refer to the thread below to troubleshoot the issue:
File share become inaccessible
http://social.technet.microsoft.com/Forums/windowsserver/en-US/19205ea0-3efe-4c9c-a625-8ccf93744948/file-share-become-inaccessible?forum=winserverDS
For your second question, you can Configure Automatic Updates group policy and choose
Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user prior to installing the updates
For more detailed information, please refer to the article below:
Configure Automatic Updates by Using Group Policy
http://technet.microsoft.com/en-us/library/cc720539(ws.10).aspx#WUS_ConfigureAutomaticUpdates
Please also refer to the article below to troubleshoot the error message:
The Windows Time service may generate event ID 7023 after you upgrade to Windows Server 2003 Service Pack 1
http://social.technet.microsoft.com/Forums/en-US/a86b4b3f-044a-499d-ba2f-d817931de6a0/windows-2003-r2-enterprise-sp2-file-share-suddently-no-one-can-access-after-reboot-it-is-back?forum=winserverfiles
Regards,
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Unable to restrict file share access
I've got a weird issue with file share and firewall settings that has had me stumped for a couple of days. Hopefully someone can explain what I'm doing wrong or overlooking.
I've got a single dedicated box running Server Essentials 2012 hosted in a datacenter. The server is using a single NIC with a single static public IP address - no local routing or NAT.
I've also setup VPN access via RAS. Using NAT, VPN clients are assigned an IP from a static range of completely different IPs.
I'd like to ensure that file sharing services are only available to VPN clients, not over the public IP address to anyone connected to the internet.
I've tried setting the local and remote address scope on the default firewall rules for ports 138, 137, 139, 445 and even RPC rules, but shares remain accessible to everyone.
So far the only way I've been able to block access is to create new rules explicitly preventing traffic on the aforementioned ports, but that obviously blocks sharing for VPN clients as well.
Any insight is welcome. Sincere thanks in advance.Firstly id look at getting something more powerful in front of the server instead of having a public ip assigned to it.
Second, you can use Windows Firewall to Block all traffic from external sources, except VPN traffic. Then setup a new rule to allow all traffic from your VPN subnet to the server.
Ill be honest and say i dont really understand your setup, based on your description it seems very odd indeed.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+ -
Hi all,
We have a consultant who uses a macbook pro to access the internet and a windows share within our network. He has been accessing the internet and the windows share fine for over 4 weeks and overnight he can no longer access the internet or this windows share. I have got the error down to a specific windows share which is actually a share on a DC hence the loss of internet. When this user plugs in via ethernet he can view all network locations as expected and can access everyone succesfully bar this specific one. Everytime he tries to access this share he gets the following error: 'This file server is available on your computer. Access the volumes and files locally'. I have another macbook pro that can successfully access this share.
I have tried renewing leases, browsing the network in finder, using 'cmd + k' all produce the same message.
The user is running Mountain Lion
Any ideas?
AdamFind and delete the ~/Library/Preferences/com.apple.sidebarlists.plist file. This is what keeps track of all your current server share mounts. Maybe the file is corrupt or something. Once you delete it, reboot the machine and then try again. Don't empty the trash until you're sure everything works after the reboot.
-
Using robocopy to copy files from a network share over a WinRS command line session
Hello,
Preface: Using server 2008 enterprise.
I can't seem to get robocopy to function over WinRS and I'm not sure where the problem actually lies. Running robocopy locally on the computer does work fine, but as soon as I try to run it through a remote command prompt through the WinRS client or directly with the WinRS client I get an access denied message (error 5).
I've tried using runas while logged into the remote command prompt as well, thinking that it could have been some sort of permissions inheritence issue.
I've checked the permissions on the remote file share, I've even given 'Everyone', 'Anonymous Logon' and the computer's active directory account full control over the folder and the file I'm trying to copy, but still get the access denied error.
I've tried using /COPY:DT since I read that usually resolved error 5 issues.
None of these things have worked.
I'm kind of out of ideas, I've read some blogs of people who have written powershell scripts which use winrm/robocopy so I figure I'm missing something stupid. Or maybe I've stumbled upon a bug?
C:\>robocopy \\192.168.100.1\share c:\test example.exe
ROBOCOPY :: Robust File Copy for Windows
Started : Mon Feb 09 17:35:32 2009
2009/02/09 17:35:32 ERROR 5 (0x00000005) Getting File System Type of Source \\192.168.100.1\share\
Access is denied.
Source - \\192.168.100.1\share\
Dest : c:\test\
Files : example.exe
Options : /COPY:DAT /R:1000000 /W:30
2009/02/09 17:35:32 ERROR 5 (0x00000005) Accessing Source Directory \\192.168.100.1\share\
Access is denied.Yep, I verified permissions on them all :(
To maybe complicate the issue, I looked at the environment variables for myself while logged in locally to the computer and through WinRS and they look to be the same.
EDIT: Out of pure frustration I wrote a quick console application which impersonates the currently logged in user and copies a file from the network share I'm trying to access to the local computer. The application properly impersonates the user - but does not copy the files while it's run through WinRM. When you run the application as a locally logged in user it works just fine.
WinRM must be behaving goofy :(
This is the output of the following application:
C:\Windows\System32>test.exe
Name: domain\loggedinuser
IsAuthenticated: True
User: {GUID}
AuthenticationType: Kerberos
Destination directory doesn't exist, creating new directory..
Undoing impersonation..
No exceptions, no nothing :(
Imports System.IO
Imports System.IO.File
Module Module1
Dim impersonationContext As System.Security.Principal.WindowsImpersonationContext
Dim currentWindowsIdentity As System.Security.Principal.WindowsIdentity
Dim cpr As New copyProgress(AddressOf FileCopyProgress)
Dim destinationDir As DirectoryInfo = New DirectoryInfo("c:\destination\")
Private Delegate Function copyProgress(ByVal totalFileSize As Int64, ByVal totalBytesTransferred As Int64, ByVal streamSize As Int64, ByVal streamBytesTransferred As Int64, ByVal dwStreamNumber As Int32, ByVal dwCallbackReason As Int32, ByVal hSourceFile As Int32, ByVal hDestinationFile As Int32, ByVal lpData As Int32) As Int32
Private Declare Auto Function CopyFile Lib "kernel32.dll" (ByVal lpExistingFileName As String, ByVal lpNewFileName As String, ByVal lpProgressRoutine As copyProgress, ByVal lpData As Int32, ByVal lpBool As Int32, ByVal dwCopyFlags As Int32) As Int32
Private Function FileCopyProgress(ByVal totalFileSize As Int64, ByVal totalBytesTransferred As Int64, ByVal streamSize As Int64, ByVal streamBytesTransferred As Int64, ByVal dwStreamNumber As Int32, ByVal dwCallbackReason As Int32, ByVal hSourceFile As Int32, ByVal hDestinationFile As Int32, ByVal lpData As Int32) As Int32
End Function
Private Function FileCopyProgress2(ByVal totalFileSize As Int64, ByVal totalBytesTransferred As Int64, ByVal streamSize As Int64, ByVal streamBytesTransferred As Int64, ByVal dwStreamNumber As Int32, ByVal dwCallbackReason As Int32, ByVal hSourceFile As Int32, ByVal hDestinationFile As Int32, ByVal lpData As Int32) As Int32
End Function
Sub Main()
Try
currentWindowsIdentity = CType(System.Security.Principal.WindowsIdentity.GetCurrent, System.Security.Principal.WindowsIdentity)
impersonationContext = currentWindowsIdentity.Impersonate()
Console.WriteLine("Name: " & currentWindowsIdentity.Name)
Console.WriteLine("IsAuthenticated: " & currentWindowsIdentity.IsAuthenticated)
Console.WriteLine("User: " & currentWindowsIdentity.User.ToString)
Console.WriteLine("AuthenticationType: " & currentWindowsIdentity.AuthenticationType)
If Not destinationDir.Exists Then
Console.WriteLine("Destination directory doesn't exist, creating new directory..")
destinationDir.Create()
End If
CopyFile(Path.Combine("\\192.168.100.1\share\", "example.exe"), Path.Combine("c:\destination\", "example.exe"), cpr, 0, 0, 0)
Catch ex As Exception
Console.WriteLine(ex.ToString)
Finally
Console.WriteLine("Undoing impersonation..")
impersonationContext.Undo()
End Try
Console.ReadKey()
End Sub
End Module -
"Share over Wan" - passworded but log files say differently?
In a desperate attempt to get backup features to work on my TC, I enabled "Share over Wan". Thinking that I've got more than enough security with disk passwords, I didn't automatically think there'd be a problem.
I then looked at my log files on my TC a day later and saw successful logins from IP's other than mine - but all within the same subdomain.
Does "Share over Wan" supersede the disk passwords? I've tried accessing from other subdomains (my work) and always get prompted for passwords. Should I be worried about these successful logins or ignore them as successful pings (or the like?)
I've, of coarse, now turned off "Share over Wan".awkwood wrote:
Cheers omp!
I have one suggestion: your count_lines method will be quite slow on large log files.
Rather than use readlines you can optimize the read operations like so:
line_count = 0
File.open(identifier.to_cache_path) do |f|
while block = f.read(1024)
line_count += block.count("\n")
end
end
The speed boost makes it comparable to shelling out to wc.
Thanks for the suggestion; I just committed it. -
Slow file listings in Finder AND Terminal on shares over wifi
I have a problem with slow directory listing performance with one client machine that accesses our file server over AFP. Here’s the basic setup.
Client1 (MBA,2013,10.9.2) <~> WAP <-> Switch <-> Server (Mini,10.9.2+Server 3.0.3)
Client2 (MBA,2012,10.8.5) <~> WAP <->
Client3 (iMac,2012,10.9.2) <-------->
This server provides DHCP, local DNS and file services for the network.
The issue only affects client1 when connected via wifi, wireless client2 and wired client3 all run full speed. Client1 runs full speed when attached using a wired connection.
The slow directory listing symptoms (5-30sec lag) are noticeable in Finder and Terminal (via ls, find etc) when attached to a share. It only affects file listings, other operations, such as file transfers, server pings, server ssh, as well as general http traffic all operate at full speed. Pings to the sever from client1 are a steady 1-2ms, even during a long lag.
I have read about people having similar problems (slow Finder etc) and I have tried a few suggestions, but I think this issue is a little different because it only occurs when connected over wifi, only for file listings and also affects terminal.
Any ideas?I have a problem with slow directory listing performance with one client machine that accesses our file server over AFP. Here’s the basic setup.
Client1 (MBA,2013,10.9.2) <~> WAP <-> Switch <-> Server (Mini,10.9.2+Server 3.0.3)
Client2 (MBA,2012,10.8.5) <~> WAP <->
Client3 (iMac,2012,10.9.2) <-------->
This server provides DHCP, local DNS and file services for the network.
The issue only affects client1 when connected via wifi, wireless client2 and wired client3 all run full speed. Client1 runs full speed when attached using a wired connection.
The slow directory listing symptoms (5-30sec lag) are noticeable in Finder and Terminal (via ls, find etc) when attached to a share. It only affects file listings, other operations, such as file transfers, server pings, server ssh, as well as general http traffic all operate at full speed. Pings to the sever from client1 are a steady 1-2ms, even during a long lag.
I have read about people having similar problems (slow Finder etc) and I have tried a few suggestions, but I think this issue is a little different because it only occurs when connected over wifi, only for file listings and also affects terminal.
Any ideas? -
SBS 2008 - Windows 8.1+ clients trouble accessing file server shares
I have now upgraded 1 Windows 8 machine to Windows 8.1, and also clean installed another with Win 8.1 update 1 today, and both machines have trouble accessing the SBS2008 file server shares by UNC. If I browse by IP address of the server it seems to work
flawlessly. The odd thing is that it's sporadic. So if I browse in explorer to "\\*netbiosname*\share" the Win8.1 machine will sometimes be able to access the share, and other times it will fail with a "network unable to reach location etc.."
error. When it does work, it can take up to 5-10 minutes while explorer is frozen before the share is accessed. We're running quite a few Windows 8 machines without a problem, but it seems to be a specific problem with 8.1. Any idea?This doesn't seem to fix this specific problem. I had a few days of "luck", but now it's back. I just upgraded another co-workers machine to Win8.1 and he advised me that he's been having the same problem even with the above fix applied. His issue
is when opening an office document that's located on the file server using location "\\servername\filename.xlsx", it takes a very long time (minutes) to open the excel file. This was happening to me as well, and if I tried to browse the network during
this period, Windows Explorer would sometimes give me path not found, and unspecified error. I will try and capture a screen of the error when it occurs. Any ideas??
edit: I have also noticed an unresponsive Windows Explorer for a few seconds to a minute over the last few days, which is a pretty good indicator that it's still happening on my machine.
The odd thing is, if I use the IP address of the file server, everything is fine. I changed all of my links to use the IP since October when Win8.1 was released to combat this problem, and only changed them back to the server name for testing since I want
to start deploying Win8.1 to others in the office. Unless I can fix this bug, they'll have to be stuck on Win8.
Thanks,
kk -
Can not get access files from Windows 7 to Claims-based file authorization share
We have AD level 2012R2, DCs running 2012R2 of course, and we have clustered File Server (3 FSNodes running 2012R2).
We enabled 2 policies
KDC Support for claim
Kerberos support for claim
We created 1 claim type in ADAC (For example "Division" Source Property). Filled this property to all IT AD Accounts by our value "IT"
On FS made a share folder ITDivision:
- set permissions Domain Users can Modify if User.Division equals "IT"
so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
=\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)Hi,
>>so on Windows 8 IT Users can access files on this share and on Windows 7 they cant
=\ . We know from many presentations about Dynamic Access Control that File Server must enroll user claims if client do not support this claims (Service-for-User-To-Self)
How is it going? Was there any error message? As far as I know, Dynamic Access Control (DAC) should work for downlevel clients. It’s backwards compatible. As Florain explains in the following blog:
For non-Windows 8 and non-Windows Server 2012 boxes accessing DAC-protected file shares, the users do not carry any claims. For them, the Server 2012-based file share will query Active Directory and proxy the claims request to figure out what claims
the user and machine bring. The file server checks in the name of the user, whether they should have claims. With that information, the file server evaluates the access to the file share. So yeah – DAC works for downlevel clients, too. It’s backwards compatible.
And totally transparent to Windows 7.
Questions regarding Dynamic Access Control (FAQ)
http://www.frickelsoft.net/blog/?p=293
In addition, regarding dynamic access control, the following blog can also be referred to for more information.
Dynamic Access Control in Windows Server 2012
http://www.infoq.com/news/2012/10/Dynamic-Access-Control
Please Note: Since the above two website are not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best regards,
Frank Shen -
Help! Trying to access a share disk with file sharing- problems
I have limited knowledge of file sharing, keychain access, and Macs in general.
My school uses the Mac OS 9's for our schoolwide "Accerated Reader" program (a common program for schools accross the US).
I am unable to get the 4th grade class room's Mac computer to access the share disk "AR Folder," which means that the Accerated Reader program won't work in this particular classroom.
I go to "Keychain Access." The infor I get for "kind" is "Apple Share password." I go to "Unlock Keychain: AR Computer," and I type in the correct password. I click "unlock". The next window shows "Keychain: "AR COMPUTER" on disk "MACINTOSH HD" 2 items. My choices are "AR Main Lab" and "AR Main Server." When I click on both (one at a time), and on the next window, when I click "go there" the following error message appears:
:An error has occurred. Unable to go to this item's location. An operating system (-5016) occurred."
What can I do from here on? WHat could be wrong? Help me troubleshoot!
Thanks!Hello sylves,
First..many people may be hesitant to help answer your posts as it deals with a school and security issues and passwords. It is not too good to mispell "accelerated". This could indicate someone trying to get into an area they don't have permission to access.
I offer sevreal ideas.
1. Perhaps you could explain your position in school.
2. - Ask the tech people at school for assistance. I know this can be had at times. I work in a school with all PC's and only a few Macs so they are not quite up to fixing our mac problems.
3. - post more info as to if these computers are able to use internet or are they just going to the school server etc.
I post this as ideas how to get more help and not disrespectfully.....Jim
Maybe you are looking for
-
Help for a JCO rookie: How to feed import parameter into BAPI_USER_CREATE1
Hi, I want to use JCO and BAPI_USER_CREATE1 to create users in SAP systems, following the steps in the JCO tutorial. I have difficulties with suppying the import parameters, for example "PASSWORD" function.getImportParameterList().setValue("XYZ","USE
-
New update may disable RoboForm tool bar and be incompatable with NCP
When I was prompted to install the latest update, I also got a pop up saying it would not be compatible or would disable RoboForm, which is a password manager and form filler and also a problem with National Consumer Panel. I am assuming it would may
-
Microsoft Exchange Server on Mac OS X Server
I am running Mac OS X Leopard Server on my Mac Pro with multiple clients, all using Mac OS X Leopard. Each client also has Microsoft Office 2008 for Mac installed with Entourage. Is it possible to install Microsoft Exchange Server on the Mac Pro and
-
Yahoo Toolbar (added from Firefox Add-ons) stopped working when I updated to Firefox 36 on both my Windows 7 & 8 computers so I RE-Installed Firefox 35 via a 3rd party download site. I didn't have the same problem on My Linux Computers until today wh
-
Problem in Using OLE Container
Sir I have development an ActiveX in VB for urdu in oracle forms. The problems I am facing is that it is storing the input efficiently but when I Query the saved data it is not working, I got an Error that OLE Object not defined for the current recor