question

YaroC-2432 avatar image
0 Votes"
YaroC-2432 asked MotoX80 commented

accessing share via netbios vs fqdn

I have a weird situation where when I try accessing a share via fqdn although it doesn't explicitly say I have no access but rather gives unspecified error it doesn't work while when using netbios for the same I can access the share just fine. What's going on here? I wouldn't expect any difference in type of access. How can I get the exact cause of this issue? What's the difference when accessing shares via hostname vs fqdn.
Just for update I also noticed when the share is being accessed there is a log related showing ReadAttributes: Not Granted. This is even more puzzling as I confirmed the share permission is Read and NTFS Effective Permissions are Read/Execute. How do I get to the bottom of this?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered

since when setting up share permissions directly on my_folder I could see in Sharing tab the unc and description saying Shared.

I have no idea what you are doing. Are you setting up one share (shared_folder) or two (my_share) or three (my_folder)?

Now after modifying shared_folder share permission it works

This is what I tried to point out yesterday. You are describing things that you are doing, but not really providing any details. Forum users can only guess as to what permissions are set on any of these folders and any of the shares that you have.

In general share permissions act as a filter to the NTFS permissions, If a user has update access to D:\Data\Shared-folder but the share permissions to \\servername\Shared-folder only have read access then the user will only have read access.

If you have D:\Data\Shared-folder\Sub-folder-1\Sub-sub-folder and wish to allow a user to access Sub-sub-folder through the share on shared-folder, then the user will need to at least have list access on Shared_folder and Sub-folder-1 in order to traverse the file system to get to Sub-sub-folder.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for posting in Q&A platform.

Please try to run this command ipconfig /flushdns in a CMD window with administrator privilege and then access the shared folder via FQDN to see if the issue can be resolved.

If the issue still existed, for further troubleshooting, please help to run the following command in a CMD window with administrator privilege and provide the results.

ipconfig /all

nslookup /FQDN

nslookup /NetBios name

Please kindly note that this is a public forum, everyone could access and view this thread, please remove private information that might leak your privacy.

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YaroC-2432 avatar image
0 Votes"
YaroC-2432 answered SunnyQi-MSFT commented

I tried all the above but neither helped. Still see unspecified error and and Not Granted logs referring to the path trying to access.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for your feedback. Please help to provide screenshots of result of running the following command for further troubleshooting.

ipconfig /all

nslookup /FQDN

nslookup /NetBios name

Please kindly note that this is a public forum, everyone could access and view this thread, please remove private information that might leak your privacy.

Best Regards,
Sunny

0 Votes 0 ·
YaroC-2432 avatar image
0 Votes"
YaroC-2432 answered MotoX80 edited

Thanks but exactly due to what's in your last sentence I can't really provide any screenshots although I can provide detailed description of the situation.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Those are all command line programs so from the cmd window, do a "select all" followed by a copy and paste. Edit out the private information, but be consistent when replacing character strings. I helped one user solve a problem, but it was only after he had posted an image and I saw that he has misspelled something. He didn't see that. I understand the need to protect private info, but if you hide something, we don't know what's "in there", and a detailed description really doesn't help a lot.

You say you still see "unspecified error"... from where? Windows explorer? What about a command line "dir \\server\share" and "dir \\server.mydomain.com\share"?

Does this problem occur from multiple clients? Have you run the Win10 sharing troubleshooter. Does PING and NSLOOKUP for both names return the same IP address?

Do you see logon errors in the security eventlog on the server when you try to access a share?

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered SunnyQi-MSFT edited

Hi,

Thanks for your feedback.

For further troubleshooting, we need to figure out your how do we configure the DNS server on Windows client and if the DNS server can resolve hostname and FQDN successfully.

If your issue is urgent, I would also suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

Also, in this way ,they can have a clear picture about your issue and your environment by phone communication and live share session.

You may find phone number for your region accordingly from the link below:

https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YaroC-2432 avatar image
0 Votes"
YaroC-2432 answered MotoX80 commented

Accessing the share as requested via cmd gives "invalid password" which reminds me this is using smart card. Also we're talking Windows 10 client and Windows 2008R2 server so there was something about secure negotiate but not sure if this applies here.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So is this a file share problem or a smartcard problem? I would suggest that you eliminate the smartcard for now. Can users logon to Win10 clients with their Active Directory account and access network shares? Do you have a second server that has a share that you can have a user test with? Test with multiple Win10 machines and see if the error occurs on all machines or just certain ones.

0 Votes 0 ·
YaroC-2432 avatar image
0 Votes"
YaroC-2432 answered

I tested with smart card to other shares based on NAS and Server 2012 which works fine. I tested access with regular account and that works fine too. So only issue seems to be smart card and 2008 server. Monitoring the traffic I see Status_Access_Denied which I read can be the case If SMB signing is disabled at the client and enabled and required at the server. In this case I have have signing disabled on the server and RequireSecuritySignature set to False on the Windows 10 client.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YaroC-2432 avatar image
0 Votes"
YaroC-2432 answered

I checked what are the share rights on the actual root share rather than the folder within the share. My understanding was that if I have a share like \\servername\shared_folder I can set user to be able to only access \\servername\shared_folder\some_folder\my_share by setting up sharing on the my_folder and granting necessary ntfs rights. It turns up however that I needed to adjust share permissions on \\servername\shared_folder granting the user read right so she's able to access \\servername\shared_folder\some_folder\my_share I don't understand why's that since when setting up share permissions directly on my_folder I could see in Sharing tab the unc and description saying Shared. Now after modifying shared_folder share permission it works but I don't understand why.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YaroC-2432 avatar image
0 Votes"
YaroC-2432 answered MotoX80 commented

then the user will need to at least have list access on Shared_folder and Sub-folder-1 in order to traverse the file system

This is exactly what I was after here. So basically it would be same for my d:\shared_folder\some_folder so the user can get through to my_share. This makes sense now as I was thinking setting up share and ntfs permissions directly on my_share would suffice. Looks like the invalid password message was misleading in this case where the real problem was inability to traverse through the whole path. ... and I thought my understanding of share permissions is fairly good lol many thanks
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Excellent!

0 Votes 0 ·