SMB version 1

Handian Sudianto 4,976 Reputation points
2024-09-27T07:44:00.9266667+00:00

Hello,

I have cctv camera and only can connect to share folder using SMBv1 version. When i try connecting this cctv to standalone windows server, the cctv is able to connect.

When i change the connection to windows server which joined to Active Directory, the cctv is not able to access the share folder even SMBv1 is enabled.

When i try capture using wireshark i got connection reset, anyone know why?

User's image

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,089 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,545 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Hania Lian 15,736 Reputation points Microsoft Vendor
    2024-09-30T06:14:25.2466667+00:00

    Hello,

    If the CCTV camera can connect to a standalone Windows server using SMBv1 but cannot connect to a Windows server that is joined to an Active Directory domain, it suggests that there might be a domain-related configuration or policy that’s affecting the connection.

    1、Check any domain-level policies that might be overriding local security settings. This could include group policies that disable SMBv1 or restrict access to network shares.

    Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options

    Computer Configuration\Policies\Administrative Templates\Network\Lanman Workstation

    2、Local Security Policy: On the domain-joined server, run secpol.msc and check the Local Policies, specifically Security Options, to make sure that SMBv1 is not being restricted or required security settings are not preventing access.

    3、Test SMBv1 Manually: On a separate computer, try to manually map the network share using SMBv1 to ensure that SMBv1 is indeed working as expected on the AD-joined server.

    4、Disabel firewall and network inspection devices.

    5、NTLM Authentication Level: Sometimes, the NTLM authentication level enforced by the domain can prevent SMBv1 connections. You can check this setting within the group policy editor under:

    Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options

    Network security: LAN Manager authentication level

    If the issue still insists, also try to look at the System and Application logs, as well as the Security logs, in the Event Viewer for any events that correspond to the time of the failed connection attempts.

    Best Regards,

    Hania Lian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. Handian Sudianto 4,976 Reputation points
    2024-09-30T06:20:49.4066667+00:00

    Hi..

    The problem already solved by disable the SMB signing on the local policy.

    Microsoft network server: Digitally sign communications (always) set to disable.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.