New install version 1903 and networking

Topic

New Reply

First some background. I have been in charge of and have administered a 4 to 6 workstation P-P network with a dedicated server in various configurations since 1992, starting with DOS and Lantastic. Currently the server is running Windows 7 and the 2 of the workstations are running Win 7 while 2 are running Win 10 – all Pro versions. All are fully patched.

A new, bare metal, install of Win 10 – version 1903 wouldn’t connect to my P-P network (no domain). The network workgroup computers were not shown in the “Map Drive” dialog, just the attached network printers. I could ping them from both ends, workstation to server and vice versa, but not connect to the server from the command line if the share had more than a one-word description, such as “\\server\client database” as opposed to “\\server\data.”

After struggling for an hour or so I learned that the SMB1 File sharing protocol was disabled, apparently by design. (prior to this experience I wouldn’t have known SMB1 from a banana).
I found a PowerShell command sequence on windows.tenforums that solved the issue. My new workgroup computer is now able to map server (and other workstation) shares, like in days of old.

I don’t know if any others have had this experience with new installs of Win 10 version 1903. It’s not ready for prime time in my environment.

Reply | Quote

Replies

SMB1 was turned off for security reasons, but many have had to turn it back on for the very reason you did.

Reply | Quote

[BobbyB]

If you have any Win10 Home Machines on your network errm life isn’t going to be easy seems to be an ongoing Work in Prospect. Definitely go with @pkcano ‘s suggestion above, not exactly secure but for day to day connectivity its a must. Since Home Groups bit the dust with Win10 1709 Home/Workgroup networking has been a pain with the Home versions of Win10.
The simplest way with Win10 Pro and above is basically use both the Wizards in Control panel->System and Security->System->Advanced Settings->Computer name->Network ID and Change.
Even if your not Joining a Domain just enter the Workgroup name and reboot when prompted, works here on a mixed bag of Win’s 7, 8.1, 10 without a problem.
If your all Win10 Pro and above there well you could try some of the other solutions and I too have bare Metal installs in either a partition’s or VHD(X)’s. Its an irritating conundrum for sure with something as simple and an older concept as basic Networking. Hope that works for you.

• This reply was modified 4 years, 5 months ago by BobbyB.
• This reply was modified 4 years, 5 months ago by BobbyB.
• This reply was modified 4 years, 5 months ago by BobbyB.
• This reply was modified 4 years, 5 months ago by BobbyB.

Reply | Quote

Bobby

The simplest way with Win10 Pro and above is basically use both the Wizards in Control panel->System and Security->System->Advanced Settings->Computer name->Network ID and Change.

None of the built in Control Panel or Settings routines worked in this case. All systems are Pro, no Home boxes in the environment. The enabling of SMB1, after I discovered it, was the only solution that worked with my network shares.

Reply | Quote

In my experience this network ‘view’ issue is not limited to the latest 1903 version nor to just Home editions. It just depends on whether SMB v1 (client and server) is turned on as a Windows feature.

For example, in my home network my Win 7 main PC can see all 4 devices currently up and running. My Win 10 Pro 1903 can only see 2, my Win 10 Home 1803 can only see 2 but my Win 10 Pro 1709 can see all 4.

On the Win 10 devices which can only see 2 others, if I turn on SMB v1 (client and server) and restart then they can see all devices.

As I’m within a home network I’m happy to have SMB v1 active.

It’s very easy to check the status using PowerShell in Win 10 (any edition/version):

1. *Right*-click on Start.
2. Choose Windows PowerShell (Admin).
   (for older versions, choose Command Prompt (Admin) then enter powershell to get the same PS prompt)
3. At the PS prompt, enter get-windowsoptionalfeature -online | where featurename -like *smb1*

This will show you the status of SMB1:

To stop any restrictions on network ‘view’ you can also re-enable SMB v1 using PowerShell:

 Enable-WindowsOptionalFeature -Online -FeatureName “SMB1Protocol”

This is the ‘parent’ feature and has to be carried out first. You’ll be asked whether you want to restart. Enter n for No then enter the following:

Enable-WindowsOptionalFeature -Online -FeatureName “SMB1Protocol-Client”

Enter n for No again then enter the following::

Enable-WindowsOptionalFeature -Online -FeatureName “SMB1Protocol-Server”

Now restart the device.

Hope this helps…

2 users thanked author for this post.

woody, WSraysig

Reply | Quote

On the Win 10 devices which can only see 2 others, if I turn on SMB v1 (client and server) and restart then they can see all devices.

That would have saved me an hour or so last weekend.

Nice to know.

Reply | Quote

In the latest versions of 10 if you don’t use SMBv1 in (I think) 15 days there’s a PowerShell script that runs that disables it.  Typically umpteen days later when you can’t use something you forget about this rule.  SMBv1 does up the risk for ransomware.  But show me a home network and I’ll show you something that prob still needs SMBv1.

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

Elly, Rick Corbett, CADesertRat

Reply | Quote

Many thanks for this. I found the script – DisableUnusedSmb1.ps1 – in a sub-folder of C:\Windows\WinSxS. By default, only TrustedInstaller has full control over it so I wasn’t able to just rename it or append _old to it. I also went through Task Scheduler but didn’t spot anything that actually triggers the script.

I did find this MS article SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions which includes:

Automatic removal of SMBv1 after 15 days is a one-time operation. If an administrator re-installs SMBv1, no further attempts will be made to uninstall it.

Reply | Quote

I also went through Task Scheduler but didn’t spot anything that actually triggers the script.

Because I bet the trigger is buried deep in the registry with some sort of timer built into it to have it insert a key in the “Run” or “RunOnce” folder in either the HKLM\Software\Microsoft\Windows\CurrentVersion hive or the corresponding HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ hive.

It may even already be in one of those folders with instructions to only execute after a certain time has passed, specified in a binary value of some sort.

Reply | Quote

[BobbyB]

Rick Corbett wrote:

For example, in my home network my Win 7 main PC can see all 4 devices currently up and running. My Win 10 Pro 1903 can only see 2, my Win 10 Home 1803 can only see 2 but my Win 10 Pro 1709 can see all 4. On the Win 10 devices which can only see 2 others, if I turn on SMB v1 (client and server) and restart then they can see all devices.

You have pretty much a similar network to mine, just here there’s Win8.1 thrown in to the mix (not a problem as is Win7) But Win10’s 1803, 1809 and 1903 Pro Vers. some ethernet some dotted around the place on Wireless (most are dual boot) but I will stick to the same/similar scenario as your self for reference.
The only reliable way to get the odd Home Version tested in a VHD(X) on any of the machines is to either enable SMB as you described above or enter the Generic upgrade Key to Pro and without intervention (settings etc or tweaks) the Network works shows up first time every time in Network explorer on every machine.
Since 1709 and the removal of Home Groups for Home users its been a problem, I devised a batch file with netcfg -d and shutdown /r /t 0 and set it to run with Admin permissions through a shortcut (cant run batch files at shutdown with Win10 home no GPOL alas) to get round it with SMB1.0 disabled and worked on the assumption it was a Driver Issue.
Before the removal of Home Groups if you had a Networking problem with Win10 Home you would enable Home Groups on the Win10 Home machine with Problems, set up “classical file Sharing permissions etc” then back out of Home Groups and Lo and Behold everything worked as it should. Not really have any evidence to suggest that they may have messed up Win10 Home when they removed Home Groups but it was a handy little tool for a reluctant Network. But ever since the sole Machine that runs Win8.1 core never or never will get upgraded to Win10 Home purely because of that. Anyways I like Win8.1 and its always handy to test the latest offering in a VHD(X) just to see if they have fixed the network issue. Hope that clarifies things a little bit 🙂

• This reply was modified 4 years, 5 months ago by BobbyB.

Reply | Quote

@WSraysig

In my ‘home’ network, the main server is a Win7x64 Pro system. I have a bunch of various other ‘workstation’ PC’s, Windows 7 Pro boxes, a couple of Win10x64 Pro test systems, my housemate is using a Win10x64 Home system (that I just ‘upgraded’ from 1709 to 1803 last week…no problems encountered doing that).

I did a bare metal install of Win10x64 Pro, Ver. 1903 the other day. This will be a system for a client in a few weeks. They currently have 6 other Win7x64 Pro workstations that I will wipe and do bare metal installs on each of them in the future. All workstations will be connected to a Windows 7×64 Pro computer acting as a server.

That Win10x64 Pro Ver. 1903 had no problem ‘finding’ my Win7x64 Pro server. My 2 Win10x64 Pro Ver 1809 systems have (had?) no problem finding my Win7 server.

I made no changes to any default networking-type services (see thread mentioned below). It just worked. I was a bit surprised, but, hey, I was just glad it did.

I resolved the ‘not finding a system’ problems last December by following some suggestions I found by doing lots of “Googling” last fall.

Here’s a short thread here on AskWoody.com about networking problems in a couple of versions of Win10:

https://www.askwoody.com/forums/topic/win-1809-win-1803-network-problems/

In this thread, I posted (#242735) about six services that have to be running on the Windows 7 SERVER system to make it more visible to Windows 10 systems.

Right now I can’t remember which ones might not have been running on the Win7 server systems last fall, but as I mentioned in my post, I could make my Win7 server disappear and re-appear to a Win10 system by stopping and starting one of the services on the Win7 server. Again sorry I can’t remember which one and I’m not messing with it right now.

On both the 1809 systems and the 1903 system, 5 of the 6 services are running, the only one that is not running is the “UPnP Device Host” service.

Oh, that Win10 Ver. 1903 system can see my current ‘workstation’ Win10 system running 1809.

SMB1 is NOT enabled on any of the Windows 10 systems. All systems (Win7 and Win10) are in my local “WorkGroup”. Even before I added the new 1903 system to my workgroup, it was still able to see the Win7 server and the other Win10 systems that were turned on.

So, it seemed that getting any of the newer Win10 versions to “see” a Win7 server is to be sure those 6 services are running on the Win7 server, and 5 of them are running on a Win10 system.

Hope this helps you get your network running smoother.

1 user thanked author for this post.

Rick Corbett

Reply | Quote

Thanks to @SkipH for the info that SMB1 wasn’t enabled in his home network.

Following the post I switched on a laptop running Win 10  Pro 1809, thus making it the 5th device up and running in my own home network… but I could only see one other Win 10 device and my main Win 7 Pro PC… even though both SMB1 client and server protocols were enabled on the laptop I had just switched on.

I checked the other devices and they could all see each other… and the new laptop. I returned to the laptop to check again and found a weird anomaly… the laptop  was displaying all 5 devices in the left-hand navigation pane but only 3 devices in the right-hand pane. I left it several more minutes and checked again… and now the right-hand pane is showing all devices.

I’ve noticed similar before, i.e. if I start a new Win 10 VM then it sees other Win 10 and Win 7 devices but it will only connect immediately to shares on the Win 10 devices. I have to wait several minutes before I’m also able to connect to shares on my Win 7 PC.

So now I’m wondering why time is important (or is the delay because the laptop is the only device connected via wireless and the rest all use ethernet?).

It will be interesting to hear how the OP gets on. In the meantime I’m going to start checking the services that @SkipH mentions in his other post. 🙂

Reply | Quote

I’ve just carried out a clean install of 1903 (from an MCT-prepared USB stick) and thought I would demonstrate the SMB1 issue graphically.

The Win 10 default of *not* using SMB1 shows my current network as this (names hidden to protect the innocent… 🙂 ):

Compare this with a network view from a Linux Mint device (after Samba’s configured):

Now compare the same 1903 network view *after* SMB1 is re-enabled:

Note that this is *NOT* a 1903 issue… it’s the effect of turning off SMB1 by default due to very legitimate security concerns.

I could be wrong but 1903 appears to have introduced an SMB Direct ‘Feature’ (enabled by default) but this has done little to mitigate the effect of a reduced network view by default.

Hope this helps…

Reply | Quote

FWIW, SMB Direct is present & enabled on my 1809 install.

Zig

1 user thanked author for this post.

Rick Corbett

Reply | Quote

Thanks, @Zig, for the info that SMB Direct is present and enabled in 1809. I didn’t have any 1809 devices available to check.

Reply | Quote

As to services, I got this from a MS Answers thread:

https://answers.microsoft.com/en-us/windows/forum/all/why-in-march-2019-i-cant-see-my-other-network/9b9b8c2d-ec37-4723-b9fa-95d9ecb16756

Method 3: Also, make sure that the below mentioned services have setup the Startup type to Automatic in Services.msc for network sharing –

Function Discovery Provider Host (FDPHost)

Function Discovery Resource Publication (FDResPub)

Network Connections (NetMan

UPnP Device Host (UPnPHost)

Peer Name Resolution Protocol (PNRPSvc)

Peer Networking Grouping (P2PSvc)

Peer Networking Identity Manager (P2PIMSvc)

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Susan Bradley wrote:

In the latest versions of 10 if you don’t use SMBv1 in (I think) 15 days there’s a PowerShell script that runs that disables it.  Typically umpteen days later when you can’t use something you forget about this rule.  SMBv1 does up the risk for ransomware.  But show me a home network and I’ll show you something that prob still needs SMBv1.

I got an update to 1903 as part of the Windows Insider Program back in early April and I still have those settings available in “Turn Windows Features On Or Off”, for whatever that’s worth…

Reply | Quote

Rick Corbett wrote:

I’ve just carried out a clean install of 1903 (from an MCT-prepared USB stick) and thought I would demonstrate the SMB1 issue graphically.

The Win 10 default of *not* using SMB1 shows my current network as this (names hidden to protect the innocent… 🙂 ):

Compare this with a network view from a Linux Mint device (after Samba’s configured):

Now compare the same 1903 network view *after* SMB1 is re-enabled:

Note that this is *NOT* a 1903 issue… it’s the effect of turning off SMB1 by default due to very legitimate security concerns.

I could be wrong but 1903 appears to have introduced an SMB Direct ‘Feature’ (enabled by default) but this has done little to mitigate the effect of a reduced network view by default.

Hope this helps…

Why does enabling those 2 items (necessarily) up the risk for ransomware?  It runs my clients nuts when they can’t access each others’ Win 10 Pro computers on their Peer-to-Peer office networks, like they’ve been doing for years with earlier versions.  Just curious…

Reply | Quote

Travasaurus wrote:

It runs my clients nuts when they can’t access each others’ Win 10 Pro computers on their Peer-to-Peer office networks, like they’ve been doing for years with earlier versions.  Just curious…

SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions

You can’t connect to the file share because it’s not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.
Your system requires SMB2 or higher. For more info on resolving this issue, see: https://go.microsoft.com/fwlink/?linkid=852747

https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows

Reply | Quote

Travasaurus wrote:

Why does enabling those 2 items (necessarily) up the risk for ransomware?

This MalwareBytes article explains it nicely. Basically, if one PC gets malware it can spread it to others on your network if SMB1 is enabled.

cheers, Paul

Reply | Quote

A bit of a conundrum. Use SMBv1 and take a chance or don’t use it and have networking problems 🙂     Personally, I use it with a decent password on my router.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote