cannot access default share \\IP\c$ error 0x80070043

Gustavo Bonasso 101

hi. this was working just fine until yesterday that i realized i wasn't able to access any share resource over the network, not for my hyper-v VMs or via VPN to some customer site.

basically i don't get the prompt for credentials. and if i telnet IP 445, i can access the service.

my OS is 10.0.19042

SMB1 is enabled

i'm pretty sure this behavior started after some updates applied recently.

Firewall profiles are OFF for my local and remote machines

any tip?

thanks.

Accepted answer

Gustavo Bonasso 101 Reputation points

2021-05-09T11:10:58.997+00:00

OK, so issue was solved after doing this:

1- remove WSL feature
2- Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
DependOnService it was bad.. (didn't took a screenshot, so I can't remember exactly the previous config, I THINK IT WAS P9NP and nothing else)
I've delete the MultiSZ value, restarted machine.
LanmanWorkstation Service wasn't starting.
I took the example of one of my VMs and set the DependOnService like this:

restarted localmachine
voilá
i get the prompt, enter creds

and i'm in

I will try later enabling WSL again.. if i encounter the same issue, I will use a Debian VM instead of WSL.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

10 additional answers

Gustavo Bonasso 101

@Anonymous after these KBs i had a list of all the credentials saved and the issue remained. at some point i've tried removing them and set them again.
this doesn't work. instead of rolling back some KBs, i will create a W10 1709 VM on the same virtual network and let u know how it goes.

@MotoX80 i've tried the script and i get:

PS C:\Windows\system32> C:\Users\gbonasso\Desktop\testSMB.ps1  
SmbTest.ps1 Version 1.5 (15-Apr-2020)  
Running on DLT-PAR-GBONASS as user dalet\gbonasso  
You are running Powershell in administrator mode.  
You are a member of the administrators group.  
Please enter the name of the target machine.: 192.168.37.159  
FQDN = DLT-PAR-GBONASS.  
Analyzing network adapters  
 Found - vEthernet (Default Switch) - Hyper-V Virtual Ethernet Adapter  
 Found - Ethernet - Intel(R) Ethernet Connection (4) I219-V  
 Ethernet status is Disconnected  
 Found - Ethernet 2 - Fortinet Virtual Ethernet Adapter (NDIS 6.30)  
 Ethernet 2 status is Disconnected  
 Found - Wi-Fi - Intel(R) Dual Band Wireless-AC 8265  
  IP Address is 192.168.1.42, Gateway is 192.168.1.1  
  Gateway Ping successful  
 Found - Ethernet 4 - PANGP Virtual Ethernet Adapter  
 Ethernet 4 status is Disconnected  
 Found - Bluetooth Network Connection - Bluetooth Device (Personal Area Network)  
 Bluetooth Network Connection status is Disconnected  
 Found - Local Area Connection 2 - PPPoP WAN Adapter  
 Local Area Connection 2 status is Disconnected  
 Found - vEthernet (DALET) - Hyper-V Virtual Ethernet Adapter #2  
 vEthernet (DALET) status is Not Present  
 Found - Local Area Connection - TAP-Windows Adapter V9  
 Local Area Connection status is Disconnected  
 Found - OpenVPN Wintun - Wintun Userspace Tunnel  
 OpenVPN Wintun status is Disconnected  
 Found - Ethernet 3 - Fortinet SSL VPN Virtual Ethernet Adapter  
 Ethernet 3 status is Disconnected  
This computer's DNS domain is dalet.local  
Doing name lookup on target system 192.168.37.159  
Found IPV6 address   
Now lets look at the target IP.  
Lookup failed for   
This is a problem!!!!!  
I will attempt to continue using the IP address in place of the computer name.  
Testing port 135...  
Resolve-DnsName : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Test-NetConnection.psm1:313 char:74  
+ ... ctionResult.DNSOnlyRecords = @( Resolve-DnsName $ComputerName -DnsOnl ...  
+                                                     ~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Resolve-DnsName], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.DnsClient.Commands.ResolveDnsName  
   
Resolve-DnsName : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Test-NetConnection.psm1:314 char:79  
+ ... Result.LLMNRNetbiosRecords = @( Resolve-DnsName $ComputerName -LlmnrN ...  
+                                                     ~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Resolve-DnsName], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.DnsClient.Commands.ResolveDnsName  
   
Resolve-DnsName : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Test-NetConnection.psm1:315 char:78  
+ ... nResult.BasicNameResolution = @(Resolve-DnsName $ComputerName -ErrorA ...  
+                                                     ~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Resolve-DnsName], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.DnsClient.Commands.ResolveDnsName  
   
Port 135 test was successful.  
Testing SMB access...  
Resolve-DnsName : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Test-NetConnection.psm1:313 char:74  
+ ... ctionResult.DNSOnlyRecords = @( Resolve-DnsName $ComputerName -DnsOnl ...  
+                                                     ~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Resolve-DnsName], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.DnsClient.Commands.ResolveDnsName  
   
Resolve-DnsName : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Test-NetConnection.psm1:314 char:79  
+ ... Result.LLMNRNetbiosRecords = @( Resolve-DnsName $ComputerName -LlmnrN ...  
+                                                     ~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Resolve-DnsName], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.DnsClient.Commands.ResolveDnsName  
   
Resolve-DnsName : Cannot validate argument on parameter 'Name'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\NetTCPIP\Test-NetConnection.psm1:315 char:78  
+ ... nResult.BasicNameResolution = @(Resolve-DnsName $ComputerName -ErrorA ...  
+                                                     ~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Resolve-DnsName], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.DnsClient.Commands.ResolveDnsName  
   
SMB test was successful.  
Looking for shares...  
Initial net view failed, trying with credentials...  
A userid that has administrator access works best.  
Please enter a userid that has admin access.: .\administrator  
Please enter the password.: xxxxxxxxx  
net.exe : System error 67 has occurred.  
At C:\Users\gbonasso\Desktop\testSMB.ps1:180 char:5  
+     net.exe use \\$computer\ipc$ "$pswd"  /user:$userid  
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
    + CategoryInfo          : NotSpecified: (System error 67 has occurred.:String) [], RemoteException  
    + FullyQualifiedErrorId : NativeCommandError  
   
The network name cannot be found.  
Checking to see if Server service is running.   
Get-Service : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Users\gbonasso\Desktop\testSMB.ps1:182 char:50  
+     Get-Service -Name LanmanServer -ComputerName $computer  
+                                                  ~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Get-Service], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.GetServiceCommand  
   
net.exe : System error 1702 has occurred.  
At C:\Users\gbonasso\Desktop\testSMB.ps1:184 char:16  
+     $shares = (net.exe view \\$computer)  
+                ~~~~~~~~~~~~~~~~~~~~~~~~  
    + CategoryInfo          : NotSpecified: (System error 1702 has occurred.:String) [], RemoteException  
    + FullyQualifiedErrorId : NativeCommandError  
   
The binding handle is invalid.  
I found these shares.  
Testing admin shares  
Unable to access C$ share.  
get-childitem : Cannot find path '\\\c$' because it does not exist.  
At C:\Users\gbonasso\Desktop\testSMB.ps1:202 char:10  
+ $files = get-childitem \\$computer\c$ -ErrorAction SilentlyContinue - ...  
+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
    + CategoryInfo          : ObjectNotFound: (\\\c$:String) [Get-ChildItem], ItemNotFoundException  
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand  
   
You appear to not have administrator access on the remote system.  
Analyzing share permissions  
Invoke-command failed.  (Did you run "winrm quickconfig" on the remote machine?)  
Trying again using alternate credentials.  
Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.  
At C:\Users\gbonasso\Desktop\testSMB.ps1:223 char:38  
+         Invoke-Command -ComputerName $computer -ScriptBlock {get-smbs ...  
+                                      ~~~~~~~~~  
    + CategoryInfo          : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException  
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand  
   
  
Remote LmCompatibilityLevel is   
Local  LmCompatibilityLevel is 3  
Refer to https://blogs.technet.microsoft.com/miriamxyra/2017/11/07/stop-using-lan-manager-and-ntlmv1/  
  
PS C:\Windows\system32>

i understand your suggestion, but it is not practical. i cannot add a domain account on a remote workgroup machine. the issue here is that i used to get a prompt, where i passed credentials and now i don't get the prompt.
on the script i passed the remote local administrator and it's creds
the nslookup fails because the remote machine is not on my localmachine domain, but a workgroup.

MotoX80 36,291 Reputation points

2021-05-07T19:01:57.99+00:00

When the script prompts you for the name, don't enter the IP address. Enter the machine name or just XXXXXX. When DNS lookup fails, it will then prompt you for the IP address.

While you can't add a domain account, I believe that if you create a local account with the same name and password as the domain account, then it will work.

Gustavo Bonasso 101

@Anonymous theory of KB dismissed. i've updated the VM to the 19042 with all updates, i've joined to a test domain, logged in with that user and then accessed the share on the workgroup machine, without even a prompt.
i'm starting to suspect there's a GPO applying on my localmachine that disable guest authentication.

@MotoX80 here the results of the script as u said... much better

SmbTest.ps1 Version 1.5 (15-Apr-2020)  
Running on DLT-PAR-GBONASS as user dalet\gbonasso  
You are running Powershell in administrator mode.  
You are a member of the administrators group.  
Please enter the name of the target machine.: XXXXXXXX  
FQDN = DLT-PAR-GBONASS.  
Analyzing network adapters  
 Found - vEthernet (Default Switch) - Hyper-V Virtual Ethernet Adapter  
 Found - Ethernet - Intel(R) Ethernet Connection (4) I219-V  
 Ethernet status is Disconnected  
 Found - Ethernet 2 - Fortinet Virtual Ethernet Adapter (NDIS 6.30)  
 Ethernet 2 status is Disconnected  
 Found - Wi-Fi - Intel(R) Dual Band Wireless-AC 8265  
  IP Address is 192.168.1.42, Gateway is 192.168.1.1  
  Gateway Ping successful  
 Found - Ethernet 4 - PANGP Virtual Ethernet Adapter  
 Ethernet 4 status is Disconnected  
 Found - Bluetooth Network Connection - Bluetooth Device (Personal Area Network)  
 Bluetooth Network Connection status is Disconnected  
 Found - Local Area Connection 2 - PPPoP WAN Adapter  
 Local Area Connection 2 status is Disconnected  
 Found - vEthernet (DALET) - Hyper-V Virtual Ethernet Adapter #2  
 Found - Local Area Connection - TAP-Windows Adapter V9  
 Local Area Connection status is Disconnected  
 Found - OpenVPN Wintun - Wintun Userspace Tunnel  
 OpenVPN Wintun status is Disconnected  
 Found - Ethernet 3 - Fortinet SSL VPN Virtual Ethernet Adapter  
 Ethernet 3 status is Disconnected  
This computer's DNS domain is dalet.local  
Doing name lookup on target system XXXXXXXX  
Name lookup failed!!!!  
Please enter the IP address of the target system.: 192.168.37.159  
I will attempt to continue using the IP address in place of the computer name.  
Now lets look at the target IP.  
Target computer's DNS domain is mshome.net  
Domain mismatch. This is a potential problem.  
Your DNS Search Suffix list does not contain mshome.net  
This is a problem and should be fixed!!!!!!!   
Testing port 135...  
Port 135 test was successful.  
Testing SMB access...  
SMB test was successful.  
Looking for shares...  
Net view ran.  
I found these shares.  
Shared resources at \\192.168.37.159  
  
  
  
Share name       Type  Used as  Comment              
  
-------------------------------------------------------------------------------  
DALET_INSTALLER  Disk           DIS Shared Folder    
DaletPlus        Disk           DIS Shared Folder    
DaletPlusData    Disk           DIS Shared Folder    
SHARE            Disk                                
sysint           Disk                                
Users            Disk                                
The command completed successfully.  
  
  
Found 32 files/folders in root of \\192.168.37.159\DALET_INSTALLER share.  
  
IdentityReference                                                            FileSystemRights  
-----------------                                                            ----------------  
NT SERVICE\TrustedInstaller                                                       FullControl  
NT SERVICE\TrustedInstaller                                                         268435456  
NT AUTHORITY\SYSTEM                                                               FullControl  
NT AUTHORITY\SYSTEM                                                                 268435456  
BUILTIN\Administrators                                                            FullControl  
BUILTIN\Administrators                                                              268435456  
BUILTIN\Users                                                     ReadAndExecute, Synchronize  
BUILTIN\Users                                                                     -1610612736  
CREATOR OWNER                                                                       268435456  
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES            ReadAndExecute, Synchronize  
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES                            -1610612736  
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES ReadAndExecute, Synchronize  
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES                 -1610612736  
  
  
  
Found 21 files/folders in root of \\192.168.37.159\DaletPlus share.  
  
IdentityReference                                                            FileSystemRights  
-----------------                                                            ----------------  
NT SERVICE\TrustedInstaller                                                       FullControl  
NT SERVICE\TrustedInstaller                                                         268435456  
NT AUTHORITY\SYSTEM                                                               FullControl  
NT AUTHORITY\SYSTEM                                                                 268435456  
BUILTIN\Administrators                                                            FullControl  
BUILTIN\Administrators                                                              268435456  
BUILTIN\Users                                                     ReadAndExecute, Synchronize  
BUILTIN\Users                                                                     -1610612736  
CREATOR OWNER                                                                       268435456  
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES            ReadAndExecute, Synchronize  
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES                            -1610612736  
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES ReadAndExecute, Synchronize  
APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES                 -1610612736  
  
  
  
Found 42 files/folders in root of \\192.168.37.159\DaletPlusData share.  
  
IdentityReference                 FileSystemRights  
-----------------                 ----------------  
NT AUTHORITY\SYSTEM                    FullControl  
BUILTIN\Administrators                 FullControl  
CREATOR OWNER                            268435456  
BUILTIN\Users          ReadAndExecute, Synchronize  
BUILTIN\Users                                Write  
  
  
  
Found 10 files/folders in root of \\192.168.37.159\SHARE share.  
  
IdentityReference                 FileSystemRights  
-----------------                 ----------------  
NT AUTHORITY\SYSTEM                    FullControl  
BUILTIN\Administrators                 FullControl  
BUILTIN\Users          ReadAndExecute, Synchronize  
BUILTIN\Users                           AppendData  
BUILTIN\Users                          CreateFiles  
CREATOR OWNER                            268435456  
  
  
  
Found 160 files/folders in root of \\192.168.37.159\sysint share.  
  
IdentityReference                 FileSystemRights  
-----------------                 ----------------  
NT AUTHORITY\SYSTEM                    FullControl  
BUILTIN\Administrators                 FullControl  
BUILTIN\Users          ReadAndExecute, Synchronize  
BUILTIN\Users                           AppendData  
BUILTIN\Users                          CreateFiles  
CREATOR OWNER                            268435456  
  
  
  
Found 6 files/folders in root of \\192.168.37.159\Users share.  
  
IdentityReference                 FileSystemRights  
-----------------                 ----------------  
Everyone                               -1610612736  
Everyone               ReadAndExecute, Synchronize  
NT AUTHORITY\SYSTEM                    FullControl  
BUILTIN\Administrators                 FullControl  
BUILTIN\Users          ReadAndExecute, Synchronize  
BUILTIN\Users                          -1610612736  
  
  
Testing admin shares  
Found 7 files/folders in c$ share.  
Found 97 files/folders in admin$ share.  
Analyzing share permissions  
Invoke-command failed.  (Did you run "winrm quickconfig" on the remote machine?)  
  
Remote LmCompatibilityLevel is   
Local  LmCompatibilityLevel is 3  
Refer to https://blogs.technet.microsoft.com/miriamxyra/2017/11/07/stop-using-lan-manager-and-ntlmv1/  
  
PS C:\Windows\system32>

winrm quickconfig was executed on remote machine.
Remote LmCompLevel is 3 (edited manually)
I've tried adding a user on Remote machine, no luck. I don't get no prompt, same error

MotoX80 36,291 Reputation points

2021-05-07T21:34:50.57+00:00
I've tried adding a user on Remote machine, no luck. I don't get no prompt, same error

That's the point of adding the gbonasso user. If the user name and password match, you should authenticate automatically and you won't have to type in anything. If you change your domain password, then you will need to change the local account's password, but that's another problem.

It looks like it is working!!!

Running on DLT-PAR-GBONASS as user dalet\gbonasso Found 160 files/folders in root of \\192.168.37.159\sysint share.

If the script could not access the PC then it would have prompted you for different credentials. Just type in \192.168.37.159\sysint into the Explorer address bar

In an earlier reply I requested that you map a network drive. You did a "Add Network Location" instead. Is that what you are doing? Clicking on a network location? What does the 172.16.30.12 IP address have to do with all of this?
Gustavo Bonasso 101 Reputation points

2021-05-08T08:32:29.68+00:00

172.16.30.12 is an IP on a customer subnet while I'm on their VPN. since I cannot modify their config I've started working on my VMs as remote machines.

this is what i'm doing, still getting errors. still have the local account gbonasso on the remote machine with same pwd as my localmachine domain account gbonasso.
MotoX80 36,291 Reputation points

2021-05-08T12:41:23.2+00:00
If net view works, then SMB should be accessible. Does dir work?

dir \\172.31.54.251\sysint

Did you try my script against that machine?

Do you have RDP access to it? Can you check the system and security eventlogs for entries when that error occurs?

Has that machine been rebooted recently?
Gustavo Bonasso 101 Reputation points

2021-05-08T13:07:30.32+00:00

dir works
script was tested on that machine
i have RDP access to it and i can access to it

yes, the machine has been rebooted recently

there's no System events related to dir but there are Security Events
https://we.tl/t-4KZ7PTvKH6

again, this was working without the need of setting my domain user on the remote machine.
it was enough for the prompt and to set my creds. i've just tried removing the user on the remote machine and dir doesn't work.
MotoX80 36,291 Reputation points

2021-05-08T15:04:52.697+00:00

Have you rebooted your own desktop recently? Reboot it and try again.

If it still fails, then add a new local account to your desktop. Log in with that account and try to access the remote machine. If that works, then you know that the problem has something to do with your domain account. (Something in it's profile on your desktop, saved credentials, saved mapped drives, something somewhere.) If it fails, then you know that there is a problem with the OS.

You can also try enabling linked connections. This allows UAC elevated processes and non-UAC processes to basically share mapped drives.

https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/mapped-drives-not-available-from-elevated-command#detail-to-configure-the-enablelinkedconnections-registry-entry
Gustavo Bonasso 101 Reputation points

2021-05-08T15:52:34.433+00:00

I did rebooted my laptop. ¬¬. :)

I have tried with local .\administrator account. same issue. my domain GPOs already applied, so I think there must be a GPO messing with this, not sure which one.
here's a gpresult
https://we.tl/t-kDyOJSbQ0A

I've enabled linked connections (then rebooted). Tested, no luck.

Monday I'll contact my enterprise AD Admin, but it would be really cool to at least know which GPO I should point to.
MotoX80 36,291 Reputation points

2021-05-08T16:41:21.533+00:00

I have an 80 year old neighbor who calls me up whenever he does something and messes up his PC. After a few minutes of trying to help him, I give up and walk down to his house so that I can sit in front of his PC and see everything that he's done.

I feel like we've reached that point here. The difference is that I don't have, and don't want to have access to your PC.

If you can add the local gbonasso account on the remote machine and can then access the files shares, then do that and move on to the next crisis.

Update: Are you sure that you've checked the Credential Manager in both the Web Credentials and the Windows Credentials sections?
Gustavo Bonasso 101 Reputation points

2021-05-09T08:08:32.177+00:00

Thanks for your attempts to help. This is far from a crisis. Again, it is not a credentials issue. I need to get the prompt to enter credentials, this is the issue.
I will keep investigating what could be.

Share via

cannot access default share \\IP\c$ error 0x80070043

10 additional answers

Your answer