I'm working with W10 and W11 latest version.
I have in my network a NAS server which shares disk trough an anonymous SMB share (SMB v2 I guess)
Everything was working perfectly until I joined the computer to a Azure Active Directory domain.
Initially, when the computer was out of the domain (logged in using a Microsoft account), I was able to access the share using \\mynas\someshare
directly in the file explorer.
After the computer has been joined to the domain (now logging in using a Microsoft 365 account), I cannot access the share anymore.
When I try to connect, windows asks for credentials. Since the share is anonymous, it shouldn't. Dismissing the credentials, or typing my actual credentials always fails (nothing happens).
In the event viewer, I can see this message:
Smb2DiagReasonISC.
Erreur : Le système ne parvient pas à contacter un contrôleur de domaine pour traiter la demande d’authentification. Recommencez ultérieurement.
État de sécurité : 0xC0000388
Nom de l’utilisateur :
ID d’ouverture de session : 0x1DB1539F
Nom du serveur : \mynas
Nom du principal : cifs/mynas
In english : The system cannot contact a domain controller to service the authentication request. Please try again later.
The NAS server is out of the domain, (actually a feature of the ISP modem where I can plug hard disk).
How to solve that?
What I tried:
- access the server using its IP address and not its name
- Followed Guest access in SMB2 and SMB3 disabled by default in Windows
Still not working.
If I log in using a local account, there's no issue to connect to the server.
gpresult /r
orrsop.msc
, is there any GPO that sounds like it would "disable NTLM"? Many corporations disable it in their devices (and for very good reason), but old-style SMB guest access relies on NTLM.