Scott Seifert

Q: Windows 10 can't connect to OS X server 10.10.3

Running OS X server 10.10.3 (will be updating to 10.10.4 and server 4.1.3 tonight after hours)   

Open Directory working just fine.    

Macs on the network all connecting    

Windows 7 and win XP clients connecting fine   

We have 3 windows 7 clients -- all have been able to connect for months without an issue to OS X server. I did have to do the security policy "tweaks" to get win7 to connect at first but they have been stable since first setup. Here is a link to the smb "tweaks" I have done in the past for windows 7 that have always worked just fine http://www.macwindows.com/OSXServer.html#050310c

 

The NEW Issue.

One of the windows 7 clients got upgraded to windows 10 and now it can not connect to the server using (the users) normal network account (OD). if I use the OS X server's Local administrator account from the win10 client it connects to the shaire without an issue. I created a new Local account for the user and that account can connect but word and excel say the files are read only. I have made sure the new local account is in all the groups on the server and even added the account with read and wright directly to the share point. T

o be clear the network accounts (OD) can not connect at all from windows 10 error is you do not have permission to access the server, but local accounts on the server connect to the network shares and allow files to be seen. Anyone have any ideas?

 

I have a feeling that security setting on the windows 10 client seeds to be lowered like the past tweaks I have done but win10 is so new maybe no one has really troubleshooter this issue.

 

If you have any questions just ask, will try an provide any info that is not clear.

Thanks Scott Seifert

Posted on Aug 12, 2015 10:26 AM

Close

Q: Windows 10 can't connect to OS X server 10.10.3

  • All replies
  • Helpful answers

Page 1 Next
  • by Tom Moreno,

    Tom Moreno Tom Moreno Aug 24, 2015 9:25 AM in response to Scott Seifert
    Level 1 (0 points)
    Aug 24, 2015 9:25 AM in response to Scott Seifert

    I've run into this issue as well.  Hopefully someone else can add a little insight.

     

    PS- I opened the Local Security Policy editor...  (Control Panel > System and Security > Administrative Tools > Local Security Policy) ...and the "tweaks" listed in your article were already set at the setting the article suggests.

  • by Tom Moreno,

    Tom Moreno Tom Moreno Aug 27, 2015 2:26 PM in response to Scott Seifert
    Level 1 (0 points)
    Aug 27, 2015 2:26 PM in response to Scott Seifert

    I found a fix for my problem machine.  I think the Win 10 box in question had the tweaks Scott linked to set on a previous version of Windows and had been upgraded.  By resetting Network Security: LAN Manager Authentication Level back to Send NTLMv2 response only I got the machine to authenticate with OD User Accounts successfully.

     

    I've gone through it all on my blog.

     

    I hope this might help some of you out there having the same troubles.

  • by Scott Seifert,

    Scott Seifert Scott Seifert Aug 28, 2015 4:59 AM in response to Tom Moreno
    Level 1 (0 points)
    Aug 28, 2015 4:59 AM in response to Tom Moreno

    Will test this as soon as I can on the problem PC. Thank you for looking into this Tom.

    Scott

  • by Steven Fahnestock,

    Steven Fahnestock Steven Fahnestock Sep 10, 2015 11:21 AM in response to Tom Moreno
    Level 1 (0 points)
    Sep 10, 2015 11:21 AM in response to Tom Moreno

    Does this fix apply only to Widows 10 Professional?  I tried searching for secpol.msc on a Windows 10 Home upgraded machine that would not connect to our Mavericks server except to a local user account, but the search returned no results and I could not find the settings you refer to in your blog by browsing either.

     

    THanks

  • by Peter Goldman1,

    Peter Goldman1 Peter Goldman1 Sep 22, 2015 3:11 PM in response to Scott Seifert
    Level 1 (24 points)
    Sep 22, 2015 3:11 PM in response to Scott Seifert

    This is great - thanks for the scoop.

     

    However!  When making these changes to the local security policy, these CONFLICT with the required changes I had to make to get a Windows 10 box connected to a VPN running on OS X Server.... as listed here:

     

    OS X Server: How to connect to VPN service from Windows - Apple Support

     

    A bit chicken and egg here.  Not sure where to go with this now. This Windows 10 must be able to connect to the VPN to be able to then subsequently connect to that same server for file sharing.

     

    Anyone have any insights?

  • by Tom Moreno,

    Tom Moreno Tom Moreno Sep 22, 2015 3:29 PM in response to Peter Goldman1
    Level 1 (0 points)
    Sep 22, 2015 3:29 PM in response to Peter Goldman1

    You only need those settings to use L2TP over IPSec vpn. If you connect via PPTP then you can connect fine both ways.

  • by Peter Goldman1,Helpful

    Peter Goldman1 Peter Goldman1 Sep 22, 2015 3:37 PM in response to Peter Goldman1
    Level 1 (24 points)
    Sep 22, 2015 3:37 PM in response to Peter Goldman1

    I worked around this.

     

    I didn't do any of the steps listed above to get the Win10 box connected via file sharing.

     

    I changed the value of the the registry key LmCompatibilityLevel in HKLM\System\CurrentControlSet\Control\lsa which was set to "1"... to "3".

     

    This doesn't conflict with the VPN settings.

     

    Can now connect to the VPN and then file sharing A-OK.

  • by RevolutionShirts,

    RevolutionShirts RevolutionShirts Sep 27, 2015 7:48 AM in response to Scott Seifert
    Level 1 (0 points)
    Sep 27, 2015 7:48 AM in response to Scott Seifert

    Hi Scott

     

    have you resolved the problem? I have the same issue even after setting the W10 secpol settings to those recommended. I now have 2 PCs running windows 10 refusing to connect to the OS X server. No problem connecting to another Mac.

     

    Jan

  • by MaartenP,

    MaartenP MaartenP Nov 25, 2015 6:46 AM in response to Scott Seifert
    Level 1 (0 points)
    Nov 25, 2015 6:46 AM in response to Scott Seifert

    I'm experiencing exactly the same problem. There seem to be no difference between Windows 10 Home of Professional. I have tried to set the NTLMv2 response, but there is no difference. Local accounts can log in. OD users can't.

    Curiously the passwordserver log gives a "Authentication succeeded" using the NTLMv2 method.

     

    Has anyone find a solution to this problem?

  • by chaef,

    chaef chaef Nov 26, 2015 12:22 PM in response to MaartenP
    Level 1 (0 points)
    Nov 26, 2015 12:22 PM in response to MaartenP

    I have the same problem. I update two system from WIN 7 to WIN 10 (32bit) 4 weeks ago. EVerything's fine. Yesterday I updated another WIN 7 to WIN 10 but 64 bit. Now I have the problem described above:

     

    Local users can log in, OD users not.

     

    Strangely OD authentication is ok NTLMv2 fails. Tried LSA settings and security policies from above nothing helps.

     

    Password server logs:

     

    Nov 26 2015 21:14:16 488165us    AUTH2: {0xf1fa9ae0bf2411e49910d49a20c270dc, SERVERNAME$} DIGEST-MD5 authentication succeeded.

    Nov 26 2015 21:14:16 491236us    GETNTLM2SESSKEY: requested

    Nov 26 2015 21:14:16 517130us    DoAuth: {0x72705b24bf5711e4895bd49a20c270dc, USERNAME} SMB-NTLMv2 authentication failed, SASL error -13 (password incorrect).

  • by MacPro_de,

    MacPro_de MacPro_de Dec 1, 2015 5:41 AM in response to Scott Seifert
    Level 1 (51 points)
    Servers Enterprise
    Dec 1, 2015 5:41 AM in response to Scott Seifert

    I had the same problem here and I found out, that it might have to do with the workgroup or Windows domain. It seems, that you must enter this in Windows 10 together with the username. Since Windows 10 in my case instead of username (this worked fine in Windows 7) I had to use workgroup\username as username for Windows 10 clients. Then it worked immediately.

     

    Hope, this helps.

  • by chaef,

    chaef chaef Dec 1, 2015 6:03 AM in response to MacPro_de
    Level 1 (0 points)
    Dec 1, 2015 6:03 AM in response to MacPro_de

    I tried this already. Didn't worked for me.

  • by äppel.de,

    äppel.de äppel.de Dec 13, 2015 1:47 PM in response to Tom Moreno
    Level 1 (10 points)
    Dec 13, 2015 1:47 PM in response to Tom Moreno

    Hi Tom,

     

    I think the post in your blog pointed into the right direction - setting NTLMv2 response only. But then, it still didn't work for me. So I tried to enter the username to connect to in the format \\WORKGROUP\username, and voilá! it worked now.

     

    I use the El Capitan server offering shares via SMB to Windows machines running on Parallels Desktop. The one Win7 has been working the whole time OK, but now the new Windows 10 machine just didn't want to connect to my network shares on the Mac Server.

     

    Thanks again for the hints given here!

     

    Regards,

    OJ.

  • by sazzad_kabir,

    sazzad_kabir sazzad_kabir Jan 7, 2016 2:38 AM in response to äppel.de
    Level 1 (0 points)
    Jan 7, 2016 2:38 AM in response to äppel.de

    Hi

    I have applied this procedure in two windows 10 computer but it does not help.

    - LAN Manager Authentication Level NTLMv2 response only

    - Network Security: Minimum session security for NTLM SSP Based (including secure RPC) Clients is set to Require 128-bit encryption.

    - \\WORKGROUP\username


    Please give us some clue what we can do now.

    Thanks.


    Regards

    Sazzad kabir


     

Page 1 Next