One network disabling SMB on another?

Question

I have a Windows 10 Pro computer on a corporate AD network. It has a USB-connected Panini check scanner. The check scanner driver creates a virtual network between the computer and the device across the USB connection. The check scanner at 192.168.4.1 acts as DHCP server and provides a dynamic address on the 192.168.4.0 subnet. It does NOT provide a gateway, so I know that the problem below is not a multiple gateway problem.

This worked perfectly for years, and then last week, the user called indicating that although she could log on and get to the internet (i.e. DNS is working), she could not get to her Home folder or (login-script-connected) shared folders. I tried as domain admin and found the same. I also found that I could not see the shares--administrative (e.g. C$) or not--on any other computers, including \MyDC\NetLogon, and no computers appear in the Network in Windows Explorer. I logged on as a local administrator to eliminate any AD-related issues, but to no avail; it cannot even see network shares when the UNC path is provided explicitly, so it never prompts for credentials.

As a guess, I disabled the Panini virtual LAN adapter (displayed as Ethernet3, type Unidentified Network). That made no difference after logoff/logon, but after a reboot, everything worked correctly, except that we cannot scan checks now because the computer cannot communicate with the scanner. Re-enabling the Panini adapter is similar; the network drives remain available but the scanner unavailable until after a reboot. So, for the moment, I am stuck disabling that and rebooting so the user can access network shares while working, then having the user log off, re-enabling the Panini-generated LAN adapter, and rebooting again so the user can scan checks, but without access to network shares. I am not about to make the end user an administrator to toggle this on their own. I need to fix the problem.

DNS works perfectly in that I can continue to ping the server and other workstations by name even when I cannot access network shares. Is it possible that SMB or port 139/145 is being disabled or blocked? I am not sure how those work on the client side. If so, did something change in Windows? Because we have done no updates to the scanner software/drivers for months, and end users cannot install any of that anyway.

I am trying to contact the bank and Panini, but in the meantime, any detailed information on how to determine and test the service or ports involved is much appreciated.

Answer 1

In the end, Panini & the bank sent us a new scanner of a later series for the same based model. The device driver installed automatically from the existing drivers, but when it loaded its LAN across USB, it did not interfere with SMB on the corporate network. So the problem is resolved, but I still have no idea how I could have dug deeply enough into SMB within the OS to definitively trace the problem to its root.

Answer 2

Hi,

Thanks for posting in Q&A platform.

Before we go further, I would like to confirm the following questions:

My understanding is the check scanner is played as DHCP server in your environment, when disabled the check scanner, the user can access the shared folders. Please correct me if my understanding is wrong. If my understanding was correct, I would like to know once the check scanner was disabled, how did the Windows 10 client obtain IP address? By assigning a static IP address to the windows 10 client? And may I know when the check scanner was disabled, can SMB client ping SMB server successfully?

How did you access to the SMB server? By \IP address\shared or \hostname\shared?

What's the OS version of the SMB server?

Regarding of checking whether the port 139/445 was listening from client side, please open a CMD window and insert the following command to check:
Netstat -a

Hope my answer will help you!

---Please Accept as answer if the reply is helpful---

Best Regards,
Sunny

Answer 3

First note: with this exact configuration, this system has worked flawlessly for years. This problem just began last week when nobody made any changes to the Panini software and no manual Windows 10 update. I am not sure if there was any automatic Windows 10 update.

The device has two IP addresses when the Panini USB network adapter is enabled:

• 192.168.27.113 on the corporate LAN with gateway 192.168.27.1
• 192.168.4.123 on the USB LAN with no gateway.

The only network resource on the USB LAN is the check scanner at 192.168.4.1. I can ping that and connect via its internal web server.

I can ping all resources, such as my domain controller, the file (SMB) server, google.com, etc. So I know this is not a DNS problem.

When I enable the USB/Ethernet adapter, I cannot reach any network share, either \MyServer\Sharename or \ServerIPAddress\ShareName, and whether I am trying to see a share on the server or on another computer. This includes \MyDomainController\NetLogon--which is why the login scripts do not run. Even an attempt to map a drive manually fails, because with the USB adapter enabled, "net use" commands fail.

But when I disable the USB/Ethernet adapter (192.168.4.0 subnet) and reboot, I can get to \MyServer\Sharename on the corporate (192.168.27.0) network. This includes \MyDomainController\NetLogon, so login scripts run and correctly map drives. But then I cannot scan checks because the USB network is disabled.

Answer 4

The check scanner is DHCP server only for its function as check scanner. There is a regular network adapter in the computer, and it has always gotten its IP address from the DHCP server running on the domain controller. It has a DHCP reservation for 192.168.27.113, and that is not the problem. This works perfectly, whether the check scanner's virtual/USB Ethernet connection is enabled or not. This subnet is 192.168.27.0 with gateway 192.168.27.1 that is my router.

When the check scanner's virtual USB/Ethernet connection is enabled, the computer correctly gets a second IP address (currently 192.168.4.123) on the 192.168.4.0 subnet from the DHCP server at 192.168.4.1 on the check scanner, but with no gateway, from the check scanner DHCP server. This is only to communicate between the computer and check scanner across the USB connection. This is also correct and has been working correctly for many months.

Until last week, home folder and network drives would correctly map at logon time per ActiveDirectory home folder definition and login script net use drive mappings. But as of last week, this is not true unless I disable the check scanner's USB/Ethernet network adapter. When it is enabled, I cannot reach any network shares (thus I assume SMB) This is via \MyServerName\Netlogon (or \MyServerName\AnyOtherShareName) or \IPAddressOfServer\ShareName. Since it fails both via DNS name & IP, I have already eliminated DNS as an issue.

At the moment, with the Panini check scanner's USB LAN adapter enabled, here is how it stands:

1. Computer's LAN address is 192.168.27.113.
2. I can log on locally or remotely via RDP.
3. I can ping the domain controller at 192.168.27.3 (or any other computer, internal or exteneral, by IP or name)
4. Computer's address on check scanner LAN is 192.168.4.123
5. netstat -a shows 139 listening on both LANs:

TCP 192.168.4.123:139 MyComputerName:0 LISTENING [this line does not exist when I disable the Panini adapter
TCP 192.168.27.113:139 MyComputerName:0 LISTENING
TCP [::]:445 MyComputerName:0 LISTENING

When I run netstat -ano, both of the 139 port entries are on PID 4 (System).

When I then disable the Panini check scanner adapter, the scanner no longer has an address on the 192.168.4.0 subnet and therefore no longer listens on that subnet.

Maybe it is not SMB, though. It is whatever port allows me to find & see other computers via UNC paths.

Whether the Panini adapter is connected or not, I can access the shares on this computer from other computers.