We had a problem where a Windows 2012 R2 Domain Controller would not browse the shares of another Windows 2012 R2 WorkGroup Server. We kept getting error 1208 and then we tried to force a mapping to share and received System error 2148073478
This problem is caused by the “Secure Negotiate” feature that was added to SMB 3.0 for Windows Server 2012 and Windows 8. This feature depends upon the correct signing of error responses by all SMBv2 servers, including servers that support only protocol versions 2.0 and 2.1. Some third-party file servers and other Windows Systems not on a domain may not not return a signed error response. Therefore, the connection fails.
We had this issue with a Windows 2012 R2 Domain Controller trying to connect to a Windows 2012 workgroup server share.
The Domain Controller had the local network set to Public and not Private, We had to change this by running a few PoSh commands.
Get-NetConnectionProfile
This gives us the index numbers for each interface then we find the interface marked public and change it to Private by running the PoSh command
Set-NetConnectionProfile -InterfaceIndex 10 -NetworkCategory Private
Change the InterfaceIndex number to the number of your interface.
Next we need to low the security level for SMB so that we can allow the connection to complete.
To do this we Edit the registry and change the value of RequireSecureNegotiate to zero
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force
Once that has completed you will now be able to access your network shares on other NAS servers or Windows systems.
Hope this helps someone out there, Enjoy!
Cubert
- Remove From My Forums
Can’t connect to Azure File Storage using «net use» command — System error 2148073478
-
Question
-
After the update of Azure File storage sept. 28/29 2015 I am no longer able to connect to my Azure File Storage, from my Azure Windows Server 2012R2 virtual machine.
I try to connect and map the File storage as network drives using the «net use» command.
cmdkey /add:<storage-account-name>.file.core.windows.net /user:<storage-account-name> /pass:<storage-account-key> net use <drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name>
But i get the error message:
CMDKEY: Credential added successfully. net : System error 2148073478 has occurred. At C:\BackupScripts\Map networkdrives.ps1:5 char:1 + net use Y: \\<storage-account-name>.file.core.windows.net\<share-name> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (System error 2148073478 has occurred.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandErrorHowever I am perfectly able to connect to the File storage using the exact same command from my on-premises Windows 10 machine.
I have already tried the ‘Disable «Secure Negotiate» on the client’ workaround described in https://support.microsoft.com/en-us/kb/2686098 But that didn’t solve the problem.
UPDATE (FIXED)
I have resolved the problem by rebooting the machine, even though it wasn’t nice to reboot the production environment, it solved the
problem.-
Edited by
Wednesday, September 30, 2015 8:13 PM
-
Edited by
Answers
-
Hi Girish Prajwal
Now when it’s evening I took the freedom to reboot the virtual machines, even though it wasn’t nice to reboot the
production environment. However it did solve the problem. And I was able to connect the network drive.I have tried to turn on «Secure
Negotiate» again be running the commandSet-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters"
RequireSecureNegotiate -Value 1 -ForceCan you verify that it’s correct to turn it on, by setting the value to 1?
Kim Knutzen
-
Proposed as answer by
Robin ShahanMicrosoft employee
Thursday, October 1, 2015 5:56 AM -
Marked as answer by
KimKnutzen
Thursday, October 1, 2015 8:19 AM -
Edited by
KimKnutzen
Thursday, October 1, 2015 8:19 AM
-
Proposed as answer by
- Remove From My Forums
Can’t connect to Azure File Storage using «net use» command — System error 2148073478
-
Question
-
After the update of Azure File storage sept. 28/29 2015 I am no longer able to connect to my Azure File Storage, from my Azure Windows Server 2012R2 virtual machine.
I try to connect and map the File storage as network drives using the «net use» command.
cmdkey /add:<storage-account-name>.file.core.windows.net /user:<storage-account-name> /pass:<storage-account-key> net use <drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name>
But i get the error message:
CMDKEY: Credential added successfully. net : System error 2148073478 has occurred. At C:\BackupScripts\Map networkdrives.ps1:5 char:1 + net use Y: \\<storage-account-name>.file.core.windows.net\<share-name> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (System error 2148073478 has occurred.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandErrorHowever I am perfectly able to connect to the File storage using the exact same command from my on-premises Windows 10 machine.
I have already tried the ‘Disable «Secure Negotiate» on the client’ workaround described in https://support.microsoft.com/en-us/kb/2686098 But that didn’t solve the problem.
UPDATE (FIXED)
I have resolved the problem by rebooting the machine, even though it wasn’t nice to reboot the production environment, it solved the
problem.-
Edited by
Wednesday, September 30, 2015 8:13 PM
-
Edited by
Answers
-
Hi Girish Prajwal
Now when it’s evening I took the freedom to reboot the virtual machines, even though it wasn’t nice to reboot the
production environment. However it did solve the problem. And I was able to connect the network drive.I have tried to turn on «Secure
Negotiate» again be running the commandSet-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters"
RequireSecureNegotiate -Value 1 -ForceCan you verify that it’s correct to turn it on, by setting the value to 1?
Kim Knutzen
-
Proposed as answer by
Robin ShahanMicrosoft employee
Thursday, October 1, 2015 5:56 AM -
Marked as answer by
KimKnutzen
Thursday, October 1, 2015 8:19 AM -
Edited by
KimKnutzen
Thursday, October 1, 2015 8:19 AM
-
Proposed as answer by
Hi,
Came across this issue recently and thought it was worth sharing. From a Windows 8 machine, trying to map drives to either Windows Server 2003 or Windows Server 2008 and failing. It was just the generic ‘Windows cannot access *blah*” but the details had ‘System error 2148073478’. Some googling found this Microsoft Support article: http://support.microsoft.com/kb/2686098
First, this only talks about 3rd party SMB v2 file servers which is a bit strange, but applying this client fix fixed it on an individual basis:
- Disable “Secure Negotiate” on the client.
You can do this using PowerShell on a Windows Server 2012 or Windows 8 client, using the command:Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters” RequireSecureNegotiate -Value 0 -Force
- Note: If you get a long access denied error, try running Windows PowerShell as an Administrator.
Fixes it, but not ideal. A better solution may be to disable SMB signing on the particular server you’re connecting to. The next set of instructions are fromExinda: http://support.exinda.com/topic/how-to-disable-smb-signing-on-windows-servers-to-improve-smb-performance
To disable SMB signing on the Windows Server 2000 and 2003 perform the following:
- Start the Registry Editor (regedit.exe).
- Move to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters.
- From the Edit menu select New – DWORD value.
- Add the following two values EnableSecuritySignature and RequireSecuritySignature if they do not exist.
- You should set to 0 for disable (the default) or 1 to enable. Enabling EnableSecuritySignature means if the client also has SMB signing enabled then that is the preferred communication method, but setting RequireSecuritySignature to enabled means SMB signing MUST be used and so if the client is not SMB signature enabled then communication will fail.
- Close the registry editor.
- Shut down and restart Windows NT.
In addition, default Domain Controller Security Policies may also force these values to “enabled” on Windows Servers.
On Windows 2003 Servers, open Domain Controller Security Policy under Administritive Tools. Expand the Local Policies tree, then expand the Security Options tree and look for:Set both of these values to “Disabled”.
- – Microsoft network server: Digitally sign communications (always)
- – Microsoft network server: Digitally sign communications (if client agrees)
To disable SMB signing on the Windows Server 2008 and 2008 R2 perform the following:
Changes need to be applied in the Group Policy management console.
Start –> Administrative Tools –> Group Policy Management
Configure the Default Domain and Default Domain Controller Policies. The settings you are looking for are under:
Computer Configuration –> Policies –> Windows Settings –> Security Settings –> LocalPolicies –> Security
Turning off SMB signing isn’t a best practise security thing to do, but if you need to get out of trouble and it’s only on your internal network then the risk of someone modifying SMB packets in transit is rather low, plus you’ll get a 15% boost due to losing the overhead of SMB signing. This is still a preferred option to just completely disabling it on the client, because at least the client can still do secure SMB to other servers.
Update: Trying this from Windows 8 PC to a Windows 7 PC had a similar issue, but the error code was 0x80004005. Another workaround is running the powershell command Set-SmbClientConfiguration -RequireSecuritySignature $true on the Windows 8 client. This may break other stuff again, if you try to connect to something that doesn’t have a Security Signature. Investigate this for yourself 
All of the above should apply to Windows Server 2012 too.
После обновления Azure сентябрь Хранилища файлов 28/29 2015 я больше не могу соединиться со своей Azure Хранилище файлов от моей виртуальной машины Windows Server 2012R2 Azure.
Я пытаюсь соединить и отобразить Хранилище файлов как сетевые диски с помощью «сетевого использования» команда.
cmdkey /add:<storage-account-name>.file.core.windows.net /user:<storage-account-name> /pass:<storage-account-key>
net use <drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name>
Но я получаю сообщение об ошибке:
CMDKEY: Credential added successfully.
net : System error 2148073478 has occurred.
At C:\BackupScripts\Map networkdrives.ps1:5 char:1
+ net use Y: \\<storage-account-name>.file.core.windows.net\<share-name>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (System error 2148073478 has occurred.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Однако я отлично могу соединиться с Хранилищем файлов с помощью той же самой команды от моей собственной машины Windows 10.
Я уже попробовал, ‘Отключают «Безопасный, Согласовывают» на клиенте’ обходное решение, описанное в https://support.microsoft.com/en-us/kb/2686098, Но это не решило проблему.
задан
30 September 2015 в 13:15
Ссылка