R7900P ReadyShare - Windows cannot access

---

capilano wrote:

Hi IrvSp,

 

Thank you for offering help.

SMB1: MS strongly recommend that you do not reinstall SMBv1. This is because this older protocol has known security issues regarding ransomware and other malware.

---

Beleive me, I KNOW all about this... I have an OPEN CASE with NETGEAR on this since 3/31/2018.

Catch-22... what to use NETBIOS basic sharing, until Netgear gets it in gear (pun intended) you are FORCED to use the SMB 1 client to do that. That means things like NET USE, NET VIEW, and Windows Explorer. And if ANY PC isn't running SMB 1 (usually a W10 PC) it will not work either.

That is because the MASTER BROWSER function as well as the COMPUTER BROWSER require that if SMB 3 is not active. NG had put SMB 3 into the Firmware, but that alone doesn't make it work. Other featutes, like WSD is required, and I can't get Support to understand it.

In a nutshell, suppose all computers are off overnight. Then the Router becomes the Master Browser which means IT holds the list of shares... that works. Now if you turn on a W7 PC which always has SMB 1 installed unless turned off by the user, it becomes the Master Browser... OK, now turn on a W10 PC with SMB 1 running. Since it too is set to become the Master Browser if asks the present one to send them the list an it becomes it. Now a W10 PC without SMB 1 will ask for the list and either can't get it or when asked for a list of shares, it can't send it out.

Might want to look at this LINK for a long discussion on this.

Maybe you missed this part in the link you provided?

-------------------------------------------

Explorer Network Browsing

The Computer Browser service relies on the SMBv1 protocol to populate the Windows Explorer Network node (also known as "Network Neighborhood"). This legacy protocol is long deprecated, doesn't route, and has limited security. Because the service cannot function without SMBv1, it is removed at the same time.

However, if you still have to use the Explorer Network in home and small business workgroup environments to locate Windows-based computers, you can follow these steps on your Windows-based computers that no longer use SMBv1:

1. Start the "Function Discovery Provider Host" and "Function Discovery Resource Publication" services, and then set them to Automatic (Delayed Start).
2. When you open Explorer Network, enable network discovery when you are prompted.

All Windows devices within that subnet that have these settings will now appear in Network for browsing. This uses the WS-DISCOVERY protocol. Contact your other vendors and manufacturers if their devices still don't appear in this browse list after the Windows devices appear. It is possible they have this protocol disabled or that they support only SMBv1.

Note We recommend that you map drives and printers instead of enabling this feature, which still requires searching and browsing for their devices. Mapped resources are easier to locate, require less training, and are safer to use. This is especially true if these resources are provided automatically through Group Policy. An administrator can configure printers for location by methods other than the legacy Computer Browser service by using IP addresses, Active Directory Domain Services (AD DS), Bonjour, mDNS, uPnP, and so on.

If you cannot use any of these workarounds, or if the application manufacturer cannot provide supported versions of SMB, you can re-enable SMBv1 manually by following the steps in KB 2696547.

--------------

Note that NG already KNOWS about this problem OVER a year ago and said they were working on it, see https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R6700-ReadyShare-drive-not-accessible-after-Win10-Wanna-Cry-SMB1/m-p/1298585#M59313, message 7 of 32.

Finally, a few of us did a lot of debug on this, even using WireShark to see what the TCP/IP exchanges were, see message 25 of 80 HERE.

Bottom line, until NG gets its act together, it is up to you and how you want to use your network and if you want to enable SMB 1 or not. ONLY the Client is require, and that offers 'limited' "man in the middle" protection.