Problem: I updated my PC from 23H2 to Windows Pro 24H2 and can no longer see my Synology NAS or access the pre-mapped network drives. Attempts to remap the drives fail, “Authentication failed because NTLM authentication has been disabled.” This is my third time trying to fix this problem after rolling back to 23H2 on the previous attempts before the 10-day limit expired. Platforms: Dell OptiPlex 7060 MT (refurb), i7-8700, 32GB of DDR4-2666, Samsung EVO 970 Plus M.2 500 GB. Windows 11 Pro 24H2, Build 26100.3037, Windows Feature Experience Pack 1000.26100.48.0, with all current updates as of 02/09/2025. AV/Firewall is Microsoft Security (Defender) only. Synology DS1522+ NAS running current OS (DSM 7.2.2-72806 Update 3) with all current updates as of 02/09/2025. Repair sequence tried (this time): Synology recommended disable “BlockNTLM”. I ran the PowerShell command ”Set-SMbClientConfiguration -BlockNTLM $false”. I used the PowerShell command “Get-SmbClientConfiguration” to verify BlockNTLM is set to false. I looked at the Group Policy and verified “BlockNTLM” is set to “not configured”. I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives. (“This connection has not been restored.”) I rebooted PC. No change. Disable firewalls. I turned off all Windows Security (Defender) firewalls. No change. Microsoft recommended Enable Guest Logon. I implemented PowerShell command “Set-SmbClientConfiguration -EnableInsecureGuestLogons $true” and verified it with the above “Get” command. I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives. I rebooted PC. No change. I tried to remap the NAS drives using IP address, entered my credentials, and again got the familiar “Authentication failed because NTLM authentication has been disabled” response. Look for problems with Synology NAS SMB settings. I have tried every combination I can think of in the Synology SMB advanced settings screen. I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives. [I returned SMB settings best I could to default.] Synology recommended “LAN Manager Authentication” change. I changed Group Policy setting "Network Security: LAN Manager Authentication Level" from “not defined” to "Send LM and NTLM Responses". I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives. Attempts to remap the NAS drives using IP address (entering my credentials) still get the familiar “Authentication failed because NTLM authentication has been disabled” response. I rebooted both the PC & NAS. No change. [I reactivated the firewalls.] I am sooooooo sick of this problem. Please help.

Doug, I did not retain any copies of the Windows Servers 2016 Essentials connector software when I replaced the Windows server with a Synology NAS. However, I downloaded the WSE Client 64-bit version of the 2012 R2 connector. That should be a viable substitute for the 2016 version that I need, if not the same entirely. See the link below for the download center. It will probably be another week before I can re-upgrade to 24H2 and try this fix myself. Too many metaphorical fires that have priority over possible downtime of my primary PC. Good luck. Download Windows Server Essentials Connector for Windows Server 2012 R2 from Official Microsoft Download Center Bill

I had this same issue recently on a client's computer. Upgraded from Win10 to Win11 24H2 ... then BOOM, no connection to Synology device. James Yeates' comment was a God send. This particular client's computer had previously been joined to a Windows 2012 R2 server and the Client Connect software had been installed. It was uninstalled a long time ago when they ditched their in-house domain/server, etc. So I dug into the Windows Download site and found the installer for the Server 2016 client connector. Ran this on the client's computer ... it didn't prompt for anything, but it didn't error out either. Rebooted the client computer, then I was able to connect to the Synology while running Windows 11 24H2. Can I explain this? Heck no! Does it work? As far as I can tell. Best of luck to anyone else struggling with this.

Steps 1-4, 6, & 8 were already done. Step 5 (replacing the NAS) is not a viable option. I tried step 7 (Lanman Workstation, Enable insecure guest logons). No change. Rebooted PC. No change. According to Synology, my client computer says that NTLM is blocked and not blocked simultaneously. I agree with their assessment. Given my problem is relatively unique and all known "fixes" are ineffective, the only explanation is my OS became corrupted (or a hidden setting changed) at some point. For now, I have rolled back to 23H2 for the third time and blocked 24H2 from being installed. This gets my main PC back working. Eventually, the computer will need to be reloaded. I have old Windows Backup system images from one year ago (Windows 11) and 2022 (Windows 10) that I can restore from and then update to 24H2 to see if the problem is then correctable with the provided instructions. If one of them works, then I will be able to keep my added expensive single-install programs (some Microsoft). Failing that, I will have to do a clean install from the original Win 10 Pro source and work my way up to Win 11 Pro 24H2, forgoing those programs. Worst case, I will clean install Windows 11 Home as that version does not have the SMB/NTLM authentication problem, at least not yet, and I no longer require the Pro-exclusive features. It would be nice if Microsoft offered a utility to neuter the related section of Pro, or at least a downgrade option to clean install Home without purchasing a full-price copy of the OS. Hint. Hint.

Hi Bill, I'm Sumit, here to answer your query at the Microsoft Community. Apologies for any inconvenience you are experiencing. I am happy to help you today. This is what Microsoft suggests. https://techcommunity.microsoft.com/blog/fileca... How to solve the issues To solve these issues, we recommend you do the following in this order. It's ordered from the safest to the least safe approach, and our goal is for your data to be protected, not to help third parties sell you unsafe products. Enable SMB signing in your third-party NAS. Your vendor will have steps to do this online if it's possible in the device's management software. Disable guest access in your third-party NAS. Your vendor will have steps to do this online if it's possible in the device's management software. Enable a username and password in your third-party NAS. Your vendor will have steps to do this online if it's possible in the device's management software. Upgrade your NAS if you cannot enable signing, cannot disable guest, or cannot use a username and password. The NAS will usually have an upgrade option in its management software, possibly labeled as "firmware update." Replace your NAS if you cannot upgrade your NAS software to support signing and credentials (you will need to use steps 6 and later to copy your data off of it to your new NAS first) Now we're into the less recommended steps, as they will make your Windows device and your data much less safe. They will, however, let you access this unsafe NAS. Disable the SMB client signing requirement: a. On the Start Menu search, type gpedit and start the Edit Group Policy app (i.e. Local Group Policy Editor). If you are using Home edition, skip to step 8. b. In the console tree, select Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options. c. Double-click Microsoft network client: Digitally sign communications (always). d. Select Disabled > OK. Disable the guest fallback protection: a. On the Start Menu search, type gpedit and start the Edit Group Policy app (i.e. Local Group Policy Editor). If you are using Home edition, skip to step e. b. In the console tree, select Computer Configuration > Administrative Templates> Network > Lanman Workstation. c. Double-click Enable insecure guest logons d. Select Enabled > OK. If you're running Windows 11 Home edition, the guest fallback option is still enabled by default, so you're probably not reading this blog post. But if for some reason it is on, or you need to turn off SMB signing due to some third-party NAS, you will need to use PowerShell to configure your machine because there is no gpedit tool by default. To do this: a. On the Start Menu search, type powershell then under the Windows PowerShell app, click Run as administrator. Accept the elevation prompt. b. To disable SMB signing requirement, type: Set-SmbClientConfiguration -RequireSecuritySignature $false d. Hit enter, then hit Y to accept. c. To disable guest fallback, type: Set-SmbClientConfiguration -EnableInsecureGuestLogons $true e. Hit enter, then hit Y to accept. At this point you will be working if Signing or Guest were your real problems. Hope that helps, and rely on us for any further inquiries. All the best.

This happend to me as well. It happened after I removed Server 2016 essentials client connector from my window 11 home machine. I am getting rid of the server 2016 and replaced it with DS723+. After I remove the server essential client connector from my windows 11 machine my share connection will not work and will not authenticate because they same NTLM is disabled. If reinstall the connector, then it works again. I did this as first step: Navigate to: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Right-click on the registry key and select “New” > “DWORD (32-bit) Value”. Name the value “LmCompatibilityLevel” and set its value to “1”. Restart your computer Then I changed group name. Then, I installed the GPEDIT package and checked to make sure that Local Computer Policy under security options for NA Manager Authentication level was set to LM & NTLM—use NTLMv2 session if negotiated. Restarted after every change. The crazy thing is any computer in the house that had the windows 2016 server client connector installed and I uninstall has this problem and the one that did not have install have not issue. There is a hang over issue with some parameter that I cannot find. Help!

"Authentication failed because NTLM authentication has been disabled" Cannot connect to Synology NAS drives. Multiple fixes attempted.

Anonymous

Problem:

I updated my PC from 23H2 to Windows Pro 24H2 and can no longer see my Synology NAS or access the pre-mapped network drives. Attempts to remap the drives fail, “Authentication failed because NTLM authentication has been disabled.” This is my third time trying to fix this problem after rolling back to 23H2 on the previous attempts before the 10-day limit expired.

Platforms:

Dell OptiPlex 7060 MT (refurb), i7-8700, 32GB of DDR4-2666, Samsung EVO 970 Plus M.2 500 GB.

Windows 11 Pro 24H2, Build 26100.3037, Windows Feature Experience Pack 1000.26100.48.0, with all current updates as of 02/09/2025.

AV/Firewall is Microsoft Security (Defender) only.

Synology DS1522+ NAS running current OS (DSM 7.2.2-72806 Update 3) with all current updates as of 02/09/2025.

Repair sequence tried (this time):

Synology recommended disable “BlockNTLM”.

I ran the PowerShell command ”Set-SMbClientConfiguration -BlockNTLM $false”.

I used the PowerShell command “Get-SmbClientConfiguration” to verify BlockNTLM is set to false.

I looked at the Group Policy and verified “BlockNTLM” is set to “not configured”.

I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives. (“This connection has not been restored.”)

I rebooted PC. No change.

Disable firewalls.

I turned off all Windows Security (Defender) firewalls. No change.

Microsoft recommended Enable Guest Logon.

I implemented PowerShell command “Set-SmbClientConfiguration -EnableInsecureGuestLogons $true” and verified it with the above “Get” command.

I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives.

I rebooted PC. No change.

I tried to remap the NAS drives using IP address, entered my credentials, and again got the familiar “Authentication failed because NTLM authentication has been disabled” response.

Look for problems with Synology NAS SMB settings.

I have tried every combination I can think of in the Synology SMB advanced settings screen.

I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives.

[I returned SMB settings best I could to default.]

Synology recommended “LAN Manager Authentication” change.

I changed Group Policy setting "Network Security: LAN Manager Authentication Level" from “not defined” to "Send LM and NTLM Responses".

I still could not see the NAS in Windows File Explorer or connect to the pre-mapped drives.

Attempts to remap the NAS drives using IP address (entering my credentials) still get the familiar “Authentication failed because NTLM authentication has been disabled” response.

I rebooted both the PC & NAS. No change.

[I reactivated the firewalls.]

I am sooooooo sick of this problem. Please help.

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

14 answers

Anonymous

2025-03-17T15:59:37+00:00

Doug,

I did not retain any copies of the Windows Servers 2016 Essentials connector software when I replaced the Windows server with a Synology NAS. However, I downloaded the WSE Client 64-bit version of the 2012 R2 connector. That should be a viable substitute for the 2016 version that I need, if not the same entirely. See the link below for the download center.

It will probably be another week before I can re-upgrade to 24H2 and try this fix myself. Too many metaphorical fires that have priority over possible downtime of my primary PC. Good luck.

Download Windows Server Essentials Connector for Windows Server 2012 R2 from Official Microsoft Download Center

Bill
Please sign in to rate this answer.

2 people found this answer helpful.

0 comments No comments
Anonymous

2025-03-14T18:54:43+00:00

I had this same issue recently on a client's computer. Upgraded from Win10 to Win11 24H2 ... then BOOM, no connection to Synology device. James Yeates' comment was a God send. This particular client's computer had previously been joined to a Windows 2012 R2 server and the Client Connect software had been installed. It was uninstalled a long time ago when they ditched their in-house domain/server, etc. So I dug into the Windows Download site and found the installer for the Server 2016 client connector. Ran this on the client's computer ... it didn't prompt for anything, but it didn't error out either. Rebooted the client computer, then I was able to connect to the Synology while running Windows 11 24H2.

Can I explain this? Heck no! Does it work? As far as I can tell. Best of luck to anyone else struggling with this.
Please sign in to rate this answer.

4 people found this answer helpful.

0 comments No comments
Anonymous

2025-02-11T03:03:57+00:00

Steps 1-4, 6, & 8 were already done. Step 5 (replacing the NAS) is not a viable option.

I tried step 7 (Lanman Workstation, Enable insecure guest logons). No change.

Rebooted PC. No change.

According to Synology, my client computer says that NTLM is blocked and not blocked simultaneously. I agree with their assessment. Given my problem is relatively unique and all known "fixes" are ineffective, the only explanation is my OS became corrupted (or a hidden setting changed) at some point.

For now, I have rolled back to 23H2 for the third time and blocked 24H2 from being installed. This gets my main PC back working.

Eventually, the computer will need to be reloaded. I have old Windows Backup system images from one year ago (Windows 11) and 2022 (Windows 10) that I can restore from and then update to 24H2 to see if the problem is then correctable with the provided instructions. If one of them works, then I will be able to keep my added expensive single-install programs (some Microsoft).

Failing that, I will have to do a clean install from the original Win 10 Pro source and work my way up to Win 11 Pro 24H2, forgoing those programs.

Worst case, I will clean install Windows 11 Home as that version does not have the SMB/NTLM authentication problem, at least not yet, and I no longer require the Pro-exclusive features.

It would be nice if Microsoft offered a utility to neuter the related section of Pro, or at least a downgrade option to clean install Home without purchasing a full-price copy of the OS. Hint. Hint.
Please sign in to rate this answer.

2 people found this answer helpful.

0 comments No comments
Sumit D - IA 151.2K Reputation points Independent Advisor

2025-02-10T03:22:10+00:00
Hi Bill,

I'm Sumit, here to answer your query at the Microsoft Community.

Apologies for any inconvenience you are experiencing. I am happy to help you today.

This is what Microsoft suggests.

https://techcommunity.microsoft.com/blog/fileca...

How to solve the issues

To solve these issues, we recommend you do the following in this order. It's ordered from the safest to the least safe approach, and our goal is for your data to be protected, not to help third parties sell you unsafe products.

Enable SMB signing in your third-party NAS. Your vendor will have steps to do this online if it's possible in the device's management software.

Disable guest access in your third-party NAS. Your vendor will have steps to do this online if it's possible in the device's management software.

Enable a username and password in your third-party NAS. Your vendor will have steps to do this online if it's possible in the device's management software.

Upgrade your NAS if you cannot enable signing, cannot disable guest, or cannot use a username and password. The NAS will usually have an upgrade option in its management software, possibly labeled as "firmware update."

Replace your NAS if you cannot upgrade your NAS software to support signing and credentials (you will need to use steps 6 and later to copy your data off of it to your new NAS first)

Now we're into the less recommended steps, as they will make your Windows device and your data much less safe. They will, however, let you access this unsafe NAS.

Disable the SMB client signing requirement:

a. On the Start Menu search, type gpedit and start the Edit Group Policy app (i.e. Local Group Policy Editor). If you are using Home edition, skip to step 8.

b. In the console tree, select Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options.

c. Double-click Microsoft network client: Digitally sign communications (always).

d. Select Disabled > OK.

Disable the guest fallback protection:

a. On the Start Menu search, type gpedit and start the Edit Group Policy app (i.e. Local Group Policy Editor). If you are using Home edition, skip to step e.

b. In the console tree, select Computer Configuration > Administrative Templates> Network > Lanman Workstation.

c. Double-click Enable insecure guest logons

d. Select Enabled > OK.

If you're running Windows 11 Home edition, the guest fallback option is still enabled by default, so you're probably not reading this blog post. But if for some reason it is on, or you need to turn off SMB signing due to some third-party NAS, you will need to use PowerShell to configure your machine because there is no gpedit tool by default. To do this:

a. On the Start Menu search, type powershell then under the Windows PowerShell app, click Run as administrator. Accept the elevation prompt.

b. To disable SMB signing requirement, type:

Set-SmbClientConfiguration -RequireSecuritySignature $false

d. Hit enter, then hit Y to accept.

c. To disable guest fallback, type:

Set-SmbClientConfiguration -EnableInsecureGuestLogons $true

e. Hit enter, then hit Y to accept.

At this point you will be working if Signing or Guest were your real problems.

Hope that helps, and rely on us for any further inquiries. All the best.
Please sign in to rate this answer.

0 comments No comments
Anonymous

2025-03-01T18:58:36+00:00
This happend to me as well. It happened after I removed Server 2016 essentials client connector from my window 11 home machine. I am getting rid of the server 2016 and replaced it with DS723+. After I remove the server essential client connector from my windows 11 machine my share connection will not work and will not authenticate because they same NTLM is disabled. If reinstall the connector, then it works again.

I did this as first step:

Navigate to: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Right-click on the registry key and select “New” > “DWORD (32-bit) Value”.

Name the value “LmCompatibilityLevel” and set its value to “1”.

Restart your computer

Then I changed group name.

Then, I installed the GPEDIT package and checked to make sure that Local Computer Policy under security options for NA Manager Authentication level was set to LM & NTLM—use NTLMv2 session if negotiated.

Restarted after every change. The crazy thing is any computer in the house that had the windows 2016 server client connector installed and I uninstall has this problem and the one that did not have install have not issue.

There is a hang over issue with some parameter that I cannot find. Help!
Please sign in to rate this answer.

7 people found this answer helpful.

0 comments No comments

Share via

"Authentication failed because NTLM authentication has been disabled" Cannot connect to Synology NAS drives. Multiple fixes attempted.

14 answers