windows 2003 server, unable to access file share with admin credentials after crash

[lellio1968]

Hello All,
Hope everyone has been having a good year so far, unfortunately my server has decided it wishes to be uncomunicative with my clients. I am currently running an ancient win 2003 server with rampage 7.8 this requires both apple share as well as smb and the administrator credentials to go with. Server crashed the other night and apple share was fine but windows/smb shared lost admin credentials. Have tried deleting and readding share multiple times and also tried enabling guest access, but no joy. Am accessing the server with multiple computers 1 win 10 pc 1win 11 pc, 1 win 7 pc, 1 win 2000 pc, 2 intel macs, 1 g5 mac and an m1 mac. The older pcs as well as the g5 mac seem to connect ok, but everyone else has no joy.

If anyone has run into this before I would appreciate some input, am mainly prepress but by dint of working with computers I am their "it" guy, have gotten it working in the past but she no longer likes me...yes I know it is 2025 and we should be on more modern software/hardware but I do not control the purse strings.

Again thank you for any help you can give!

 

[EdwardB]

I'm stupid rusty on the old Windows Server OSs, so I'm not going to be any help... if you haven't already, I'd try getting support from either a sub-Reddit or StackOverflow Human verification

 

[ReproElectroProspero]

The most likely culprit here is the SMBv1 (Server Message Block version 1) protocol. Your Windows Server 2003 machine uses this older, less secure protocol exclusively. Modern operating systems like Windows 10, Windows 11, and recent versions of macOS have disabled SMBv1 by default because of major security vulnerabilities (it was the entry point for the WannaCry ransomware).

• Go to Programs and Features.
• On the left-hand side, click "Turn Windows features on or off".
• Scroll down and find the entry for "SMB 1.0/CIFS File Sharing Support".

I highly recommend against this though, unless you are SURE your SMB 1.0 share is not accessible to the open internet, which it sounds like it is. Honestly because you're running Server 2003 I'd nuke the whole thing from orbit and set up from scratch, you likely have bad actors in that machine already.

 

[SoggyWinter]

Can you browse to the files using an administrative share, ie

servername.domain/D$/filepath/whatever

where D is the driver letter

If you cannot, you may need to re-set the access control list. You can Google how to use CACL from the command prompt (stands for Change Access Control List).

But like others said, you need to invest in something current both to avoid compatibility issues and to improve your security footprint. Synology and Ubiquiti are good vendors to consider.

 

[lellio1968]

Thank you all for your suggestions, unfortunately with our version of RAMpage we need older g4/5 macs to run rampage 9,4 thus necessitating a machine that can communicate through apple file protocol and the rampage box requires authentification from server. I will research CACL as well as try sub-Reddit and StackOverflow. Thank you for the suggestions.

 

[Magnus]

If you really need to connect with AFP to a Windows server you can use Acronis Files Connect (former ExtremeZ-IP) on the win server. Not sure if this will help your case though.

 

[chriscozi]

Rampage and Win 2003 Server.
Rock solid until it isn't. LOL
Ok. I seem to remember a couple of things that might matter - the Server IP Dance.

First double check the system settings for the Network Port(s) on the server and WRITE THEM DOWN or screenshot/phone picture.
There can/could be multiple ethernet cables as there are also probably multiple ports (most servers) and after a crash they can really garble up the settings - ESPECIALLY if the server can't negotiate with the router quickly.
Restart with no cables - wait a bit to log in and hopefully it goes blind which is easier than zeroing the settings.
Shutdown.
Restart with ONLY one ethernet cable.
(Had to do this in the past on Ricoh's and Xerox's for a while as Fiery lost it's mind when it connected to the wrong port too soon.)

- MIGHT blank the settings which is what we want if they are incorrect or false as this is WinNT underneath.
COPY the CURRENT server IP address in network settings - if you get a 169.x.x.x then it is NOT seeing your router. That might be an issue.
Now before any other changes check from the Win 11 if you can ping the port.
Yeah - try back and forth until they can see each other.
Then reboot everything when it looks ok and cross your fingers.
I usually let the server come up first before starting the workstations.

And yes make sure your PC's and Macs allow SMB1 - if you can get them there.

YMMV.

PS - I never had to do this with Win11 machines. Just Win7 and 10.

 

[lellio1968]

Well the latest on this saga, have been able to get rampage box back up and working, all the pcs are now talking to server, but (there is always a but) the newer macs (High Sierra 10.13.6 and Sequoia 15.6) are refusing to connect. Tried to create a share just for them but still not allowing me to connect.
Thanks again for all the suggestions!

 

[prepressdork]

Hi Lellio, please confirm which network protocol those two Mac’s used to connect to the server prior to the crash.

Best regards,
pd

 

[lellio1968]

The newer macs are using smb, have tried using administrator credentials as well as creating a "typeset" share, but no luck.

 

[bcr]

2003! this is nuts. at some point you have to say it's no longer fit for purpose and needs replacing.

 

[prepressdork]

The newer macs are using smb, have tried using administrator credentials as well as creating a "typeset" share, but no luck.

This may or may not help but given that these Mac’s have recent versions of the macOS, they may not, by default, communicate using the older SMB v1 protocol that the 2003 server probably uses. You may be able to control this behavior by adding an SMB configuration file (nsmb.conf) to your Mac. Here is a link to a website that explains where to put the file, and the various commands that can be configured within it.

man page nsmb.conf section 5

The two lines that are most likely needed are:

[default]
smb_neg=smb1_only (or possibly smb_neg=normal)

Fingers crossed that this helps!
pd

 

[lellio1968]

For all who have followed this saga the solution to connecting was indeed "forcing" the newer macs to use the smb v1 protocol. Thanks to all who chimed in and thanks a bunch prpressdork for that suggestion! Hope all are having a better day, now just need to catch up to work!

 

[ReproElectroProspero]

I'm happy that worked for you but it needs to be reiterated the SMBv1 is old, insecure, and actively exploited by even script-kiddy threat actors. If you need to use smbv1, that machine should under no circumstances be allowed wider internet connectivity. If you allow it to be exposed to the internet, it's a matter of time until you get hit with EternalBlue or a similar exploit. The cost of being ransomwared is likely much greater than the cost of updating your server to something more secure. Food for thought.

 

[prepressdork]

For all who have followed this saga the solution to connecting was indeed "forcing" the newer macs to use the smb v1 protocol. Thanks to all who chimed in and thanks a bunch prpressdork for that suggestion! Hope all are having a better day, now just need to catch up to work!

That is fantastic news! Glad it worked out! However, as @ReproElectroProspero pointed out, take care in the amount of internet/network access you give that server!

Best regards,
pd