NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R7900P ReadyShare - Windows cannot access
Hi Experts,
I really appreciate if someone can shed light on below problem.
All of a sudden this morning, I lost connection to USB storage connected to my R7900P router.
I disconnected network ...
capilano wrote:
5. Result: "The Windows Defender Firewall rule SMB Block Outbound is blocking your connection"
Is that controlled by Group Policy? I've read some post saying a user was able to convince his Admin to adjust GP so he can use ReadyShare again...
That is interesting, and probably the problem for you. I don't use Windows Defender for the Fireware, I have Norton ISS installed with does it.
Wonder if you ran some 'WannaCry" program that 'protected you against it and it made changes for you?
What you will need to do is open Settings for Windows Defender and see what rule is blocking port 445, and there could be others as well.
Some reading:
https://support.symantec.com/en_US/article.TECH106142.html
https://www.tomshardware.com/news/how-to-open-firewall-ports-in-windows-10,36451.html
https://www.online-tech-tips.com/windows-10/adjust-windows-10-firewall-settings/
A lot of those are duplicate info mostly, but worth looking at them.
Better yet, before venturing down that path, why not just TEST with the Defender Firewall turned off and see if that is actually the problem?
You are running the Fall Creator version of W10. Windows will shutoff SMB1 if you are not using it.
Check if SMB1 is running, open a CMD prompt and enter sc query mrxsmb10
Should look like this:
=========
C:\>sc query mrxsmb10
SERVICE_NAME: mrxsmb10
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
======
If the STATE is NOT running, that is the problem.
Entering NEW VIEW in the CMD prompt should also produce an error. Note that the problem could be caused by other Windows 10 PC having the problem. One PC without SMB1 running will 'kill' sharing by name.
In order to enable SMB1 one there are a few ways... easiest is to go to the Control Panel, Programs and Features, Turn on Windows Features, scroll down to SMB 1 and just click on the CLIENT. You will need to reboot for that to be started, should cure the problem (unless other PC need this done too).
Hi IrvSp,
Thank you for offering help.
SMB1: MS strongly recommend that you do not reinstall SMBv1. This is because this older protocol has known security issues regarding ransomware and other malware.
However, I run sc.exe query lanmanworkstation and see SMB2 is enabled. Could you suggest further resolution?
SERVICE_NAME: lanmanworkstation
TYPE : 30 WIN32
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Thanks in advance,
capilano wrote:
Hi IrvSp,
Thank you for offering help.
SMB1: MS strongly recommend that you do not reinstall SMBv1. This is because this older protocol has known security issues regarding ransomware and other malware.
Beleive me, I KNOW all about this... I have an OPEN CASE with NETGEAR on this since 3/31/2018.
Catch-22... what to use NETBIOS basic sharing, until Netgear gets it in gear (pun intended) you are FORCED to use the SMB 1 client to do that. That means things like NET USE, NET VIEW, and Windows Explorer. And if ANY PC isn't running SMB 1 (usually a W10 PC) it will not work either.
That is because the MASTER BROWSER function as well as the COMPUTER BROWSER require that if SMB 3 is not active. NG had put SMB 3 into the Firmware, but that alone doesn't make it work. Other featutes, like WSD is required, and I can't get Support to understand it.
In a nutshell, suppose all computers are off overnight. Then the Router becomes the Master Browser which means IT holds the list of shares... that works. Now if you turn on a W7 PC which always has SMB 1 installed unless turned off by the user, it becomes the Master Browser... OK, now turn on a W10 PC with SMB 1 running. Since it too is set to become the Master Browser if asks the present one to send them the list an it becomes it. Now a W10 PC without SMB 1 will ask for the list and either can't get it or when asked for a list of shares, it can't send it out.
Might want to look at this LINK for a long discussion on this.
Maybe you missed this part in the link you provided?
-------------------------------------------
Explorer Network Browsing
The Computer Browser service relies on the SMBv1 protocol to populate the Windows Explorer Network node (also known as "Network Neighborhood"). This legacy protocol is long deprecated, doesn't route, and has limited security. Because the service cannot function without SMBv1, it is removed at the same time.
However, if you still have to use the Explorer Network in home and small business workgroup environments to locate Windows-based computers, you can follow these steps on your Windows-based computers that no longer use SMBv1:
- Start the "Function Discovery Provider Host" and "Function Discovery Resource Publication" services, and then set them to Automatic (Delayed Start).
- When you open Explorer Network, enable network discovery when you are prompted.
All Windows devices within that subnet that have these settings will now appear in Network for browsing. This uses the WS-DISCOVERY protocol. Contact your other vendors and manufacturers if their devices still don't appear in this browse list after the Windows devices appear. It is possible they have this protocol disabled or that they support only SMBv1.
Note We recommend that you map drives and printers instead of enabling this feature, which still requires searching and browsing for their devices. Mapped resources are easier to locate, require less training, and are safer to use. This is especially true if these resources are provided automatically through Group Policy. An administrator can configure printers for location by methods other than the legacy Computer Browser service by using IP addresses, Active Directory Domain Services (AD DS), Bonjour, mDNS, uPnP, and so on.
If you cannot use any of these workarounds, or if the application manufacturer cannot provide supported versions of SMB, you can re-enable SMBv1 manually by following the steps in KB 2696547.
--------------
Note that NG already KNOWS about this problem OVER a year ago and said they were working on it, see https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R6700-ReadyShare-drive-not-accessible-after-Win10-Wanna-Cry-SMB1/m-p/1298585#M59313, message 7 of 32.
Finally, a few of us did a lot of debug on this, even using WireShark to see what the TCP/IP exchanges were, see message 25 of 80 HERE.
Bottom line, until NG gets its act together, it is up to you and how you want to use your network and if you want to enable SMB 1 or not. ONLY the Client is require, and that offers 'limited' "man in the middle" protection.
Hi IrvSp,
Thanks for the detailed explanation.
I enabled SMB1 Client. Restarted PC. Still got the same error. Made sure "Function Discovery Provider Host" and "Function Discovery Resource Publication" services are running with Automatic (Delayed Start).
In CMD run as admin, I got error: 'Get-WindowsOptionalFeature' is not recognized as an internal or external command,
operable program or batch file.Anything else, you'd suggest me checking?
Thanks,
You have to enter POWERSHELL in the Administrator CMD prompt. Those are POWERSHELL commands.
To test this, even now, in any command prompt (Adminstrator or not) enter NET VIEW, should see ALL the shares available, like this:
C:\>net view
Server Name Remark
----------------------------------------------
\\IRV8700 Irv's 8700
\\LARAINE-XPS8500 Laraine's XPS8500
\\READYSHARE readyshare
The command completed successfully.
LANMANWORKSTATION is not related to this.
You can check what is running on the router by using NETWORK ATTACH of NET USE of a share by assigning that share a drive letter.
If you open a CMD prompt as ADMINISTRATOR you can also run this, Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol:
===========
PS C:\> Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol
FeatureName : SMB1Protocol
DisplayName : SMB 1.0/CIFS File Sharing Support
Description : Support for the SMB 1.0/CIFS file sharing protocol, and the Computer Browser
protocol.
RestartRequired : Possible
State : Enabled
CustomProperties :
ServerComponent\Description : Support for the SMB 1.0/CIFS file sharing
protocol, and the Computer Browser protocol.
ServerComponent\DisplayName : SMB 1.0/CIFS File Sharing Support
ServerComponent\Id : 487
ServerComponent\Type : Feature
ServerComponent\UniqueName : FS-SMB1
ServerComponent\Deploys\Update\Name : SMB1Protocol======
After doing a NET USE for the drive, it would look like this:
------------
PS C:\> net use
New connections will be remembered.
Status Local Remote Network
---------------------------------------------------------------------------
OK Z: \\READYSHARE\USB_2.0_Storage
Microsoft Windows Network
The command completed successfully.----------
Now switch to the shared network drive (Z:) in my case:
========
PS Z:\> get-smbconnection
ServerName ShareName UserName Credential Dialect NumOpens
---------- --------- -------- ---------- ------- --------
READYSHARE USB_2.0_Storage IRV8700\irvsp MicrosoftAccount\xxx@xxx.com 3.1.1 1=================
That is what is running on the router, 3.1.1 but as I said, that alone is not enough. WSD (https://en.wikipedia.org/wiki/Web_Services_for_Devices is also needed it seems.