Windows 10 can't connect to OS X server 10.10.3

It may actually be because a security setting on the Windows client is set too low. Check your NTLM (LAN manager) setting. OS X blocks anything below level 3. You can change this in the local security policy (Secpol.msc) or edit the registry ( HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Lsa LMCompatibility level. Change the level to 3.

Hey Scott...

New to Mac OS Server. I am trying set up a Mac Mini as a Media Server. I have one Windows 10 computer. The SMMCO-SERVER shows up in the 'Network' list, but a window pops up asking 'Enter network credentials'. What is it asking for? The Administrator account on the Mac Mini?

I've run into this issue as well. Hopefully someone else can add a little insight.

PS- I opened the Local Security Policy editor... (Control Panel > System and Security > Administrative Tools > Local Security Policy) ...and the "tweaks" listed in your article were already set at the setting the article suggests.

I found a fix for my problem machine. I think the Win 10 box in question had the tweaks Scott linked to set on a previous version of Windows and had been upgraded. By resetting Network Security: LAN Manager Authentication Level back to Send NTLMv2 response only I got the machine to authenticate with OD User Accounts successfully.

I've gone through it all on my blog.

I hope this might help some of you out there having the same troubles.

Does this fix apply only to Widows 10 Professional? I tried searching for secpol.msc on a Windows 10 Home upgraded machine that would not connect to our Mavericks server except to a local user account, but the search returned no results and I could not find the settings you refer to in your blog by browsing either.

THanks

This is great - thanks for the scoop.

However! When making these changes to the local security policy, these CONFLICT with the required changes I had to make to get a Windows 10 box connected to a VPN running on OS X Server.... as listed here:

OS X Server: How to connect to VPN service from Windows - Apple Support

A bit chicken and egg here. Not sure where to go with this now. This Windows 10 must be able to connect to the VPN to be able to then subsequently connect to that same server for file sharing.

Anyone have any insights?

You only need those settings to use L2TP over IPSec vpn. If you connect via PPTP then you can connect fine both ways.

I worked around this.

I didn't do any of the steps listed above to get the Win10 box connected via file sharing.

I changed the value of the the registry key LmCompatibilityLevel in HKLM\System\CurrentControlSet\Control\lsa which was set to "1"... to "3".

This doesn't conflict with the VPN settings.

Can now connect to the VPN and then file sharing A-OK.

Hi Scott

have you resolved the problem? I have the same issue even after setting the W10 secpol settings to those recommended. I now have 2 PCs running windows 10 refusing to connect to the OS X server. No problem connecting to another Mac.

Jan

I'm experiencing exactly the same problem. There seem to be no difference between Windows 10 Home of Professional. I have tried to set the NTLMv2 response, but there is no difference. Local accounts can log in. OD users can't.

Curiously the passwordserver log gives a "Authentication succeeded" using the NTLMv2 method.

Has anyone find a solution to this problem?

I have the same problem. I update two system from WIN 7 to WIN 10 (32bit) 4 weeks ago. EVerything's fine. Yesterday I updated another WIN 7 to WIN 10 but 64 bit. Now I have the problem described above:

Local users can log in, OD users not.

Strangely OD authentication is ok NTLMv2 fails. Tried LSA settings and security policies from above nothing helps.

Password server logs:

Nov 26 2015 21:14:16 488165us AUTH2: {0xf1fa9ae0bf2411e49910d49a20c270dc, SERVERNAME$} DIGEST-MD5 authentication succeeded.

Nov 26 2015 21:14:16 491236us GETNTLM2SESSKEY: requested

Nov 26 2015 21:14:16 517130us DoAuth: {0x72705b24bf5711e4895bd49a20c270dc, USERNAME} SMB-NTLMv2 authentication failed, SASL error -13 (password incorrect).

I had the same problem here and I found out, that it might have to do with the workgroup or Windows domain. It seems, that you must enter this in Windows 10 together with the username. Since Windows 10 in my case instead of username (this worked fine in Windows 7) I had to use workgroup\username as username for Windows 10 clients. Then it worked immediately.

Hope, this helps.

I tried this already. Didn't worked for me.

Hi Tom,

I think the post in your blog pointed into the right direction - setting NTLMv2 response only. But then, it still didn't work for me. So I tried to enter the username to connect to in the format \\WORKGROUP\username, and voilá! it worked now.

I use the El Capitan server offering shares via SMB to Windows machines running on Parallels Desktop. The one Win7 has been working the whole time OK, but now the new Windows 10 machine just didn't want to connect to my network shares on the Mac Server.

Thanks again for the hints given here!

Regards,

OJ.