Issues with SMB on second interface

Question

I have a Windows 2019 stardard server with 2 networks.

One is the domain network and is 1GB.
One is a 10GB network and doesnt have a Gateway.

I can access the admin shares on the 1GB by simply using a UNC path (\servername\c$) and this works fine. However if i try and access the admin shares over the 10GB from another machine on the same 10GB subnet (\10GBip\c$) It does not connect.

In the event viewer of the target machine I have this:


Error: The transport connection attempt was refused by the remote system.

Server name: 172.20.11.25
Server address: 172.20.11.25:445
Instance name: \Device\LanmanRedirector
Connection type: Wsk

Guidance:
This indicates a problem with the underlying network or transport, such as with TCP/IP, and not with SMB. A firewall that blocks TCP port 445, or TCP port 5445 when using an iWARP RDMA adapter, can also cause this issue

To reitterate this is 2 devices on the same network. There no firewalling between these machines and the windows firewall is disabled.

Here is a report of all the SMB settings on the target server

LANMAN SERVER
===============


EnableAuthenticateUserSharing : 0
NullSessionPipes              : {}
ServiceDll                    : C:\Windows\system32\srvsvc.dll
ServiceDllUnloadOnStop        : 1
autodisconnect                : 15
enableforcedlogoff            : 1
enablesecuritysignature       : 1
requiresecuritysignature      : 1
restrictnullsessaccess        : 1
Guid                          : {59, 18, 204, 117...}
PSPath                        : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Pa
                                rameters
PSParentPath                  : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
PSChildName                   : Parameters
PSDrive                       : HKLM
PSProvider                    : Microsoft.PowerShell.Core\Registry

===============
LANMAN WORKSTATION
===============
EnablePlainTextPassword  : 0
EnableSecuritySignature  : 1
RequireSecuritySignature : 0
ServiceDll               : C:\Windows\System32\wkssvc.dll
ServiceDllUnloadOnStop   : 1
AllowInsecureGuestAuth   : 0
PSPath                   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Pa
                           rameters
PSParentPath             : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
PSChildName              : Parameters
PSDrive                  : HKLM
PSProvider               : Microsoft.PowerShell.Core\Registry

===============
TCPIP4 PARAMETERS
===============
DataBasePath                 : C:\Windows\System32\drivers\etc
Domain                       : domain.local
ForwardBroadcasts            : 0
ICSDomain                    : mshome.net
IPEnableRouter               : 0
NameServer                   : 
SyncDomainWithMembership     : 1
NV Hostname                  : DF-PC-NAS01
Hostname                     : DF-PC-NAS01
SearchList                   : 
UseDomainNameDevolution      : 1
EnableICMPRedirect           : 1
DeadGWDetectDefault          : 1
DontAddDefaultGatewayDefault : 0
NV Domain                    : domain.local
ShutDownTimeAtLastDomainJoin : {178, 160, 178, 20...}
PSPath                       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
PSParentPath                 : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip
PSChildName                  : Parameters
PSDrive                      : HKLM
PSProvider                   : Microsoft.PowerShell.Core\Registry

===============
TCPIP6 PARAMETERS
===============
Dhcpv6DUID   : {0, 1, 0, 1...}
PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6
PSChildName  : Parameters
PSDrive      : HKLM
PSProvider   : Microsoft.PowerShell.Core\Registry

===============
SMB CLIENT CONFIGURATION
===============
ConnectionCountPerRssNetworkInterface : 4
DirectoryCacheEntriesMax              : 16
DirectoryCacheEntrySizeMax            : 65536
DirectoryCacheLifetime                : 10
DormantFileLimit                      : 1023
EnableBandwidthThrottling             : True
EnableByteRangeLockingOnReadOnlyFiles : True
EnableInsecureGuestLogons             : True
EnableLargeMtu                        : True
EnableLoadBalanceScaleOut             : True
EnableMultiChannel                    : True
EnableSecuritySignature               : True
ExtendedSessionTimeout                : 1000
FileInfoCacheEntriesMax               : 64
FileInfoCacheLifetime                 : 10
FileNotFoundCacheEntriesMax           : 128
FileNotFoundCacheLifetime             : 5
KeepConn                              : 600
MaxCmds                               : 50
MaximumConnectionCountPerServer       : 32
OplocksDisabled                       : False
RequireSecuritySignature              : False
SessionTimeout                        : 60
UseOpportunisticLocking               : True
WindowSizeThreshold                   : 1
PSComputerName                        : 

===============
SMB SERVER CONFIGURATION
===============
AnnounceComment                 : 
AnnounceServer                  : False
AsynchronousCredits             : 512
AuditSmb1Access                 : False
AutoDisconnectTimeout           : 15
AutoShareServer                 : True
AutoShareWorkstation            : True
CachedOpenLimit                 : 10
DurableHandleV2TimeoutInSeconds : 180
EnableAuthenticateUserSharing   : False
EnableDownlevelTimewarp         : False
EnableForcedLogoff              : True
EnableLeasing                   : True
EnableMultiChannel              : True
EnableOplocks                   : True
EnableSecuritySignature         : True
EnableSMB1Protocol              : False
EnableSMB2Protocol              : True
EnableStrictNameChecking        : True
EncryptData                     : False
IrpStackSize                    : 15
KeepAliveTime                   : 2
MaxChannelPerSession            : 32
MaxMpxCount                     : 50
MaxSessionPerConnection         : 16384
MaxThreadsPerQueue              : 20
MaxWorkItems                    : 1
NullSessionPipes                : 
NullSessionShares               : 
OplockBreakWait                 : 35
PendingClientTimeoutInSeconds   : 120
RejectUnencryptedAccess         : True
RequireSecuritySignature        : True
ServerHidden                    : True
Smb2CreditsMax                  : 8192
Smb2CreditsMin                  : 512
SmbServerNameHardeningLevel     : 0
TreatHostAsStableStorage        : False
ValidateAliasNotCircular        : True
ValidateShareScope              : True
ValidateShareScopeNotAliased    : True
ValidateTargetName              : True
PSComputerName                  :

You need routing for that to correctly work. Route print and route add are your friends. You may have to use 0.0.0.0 if no actual gateway is present for the target route. You can also use metrics to tune everything in your favor. — Overmind, Jun 09 '20 at 09:23
There is no routing at play here. Both interfaces are on the same subnet and can ping without issue. — FrankU32, Jun 09 '20 at 09:27
You don't need to route layer 2 traffic, is there a specifc reason you think this could be routing? — FrankU32, Jun 09 '20 at 10:14
Yes you do. SMB uses TCP / UDP which are generally commonly categorized as layer-4 protocols within OSI, therefore need functional L3. — Overmind, Jun 09 '20 at 10:44
Im sorry but you are not correct in this instance. This is traffic is over the same subnet, there is never any routing ever. — FrankU32, Jun 09 '20 at 12:14
Did you really just mark my solution down just because you were wrong? — FrankU32, Jun 09 '20 at 18:09
No, I did not. And I am not wrong, if your routing does not work, your file sharing will not work. — Overmind, Jun 10 '20 at 07:02
Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/109145/discussion-between-overmind-and-franku32). — Overmind, Jun 10 '20 at 07:03
I agree if the routes don't work then then SMB wont work, but as i keep saying there is no routing on a layer 2 network, there for it cannot be routing. — FrankU32, Jun 10 '20 at 08:02

score -1 · Answer 1 · answered Jun 09 '20 at 15:35

It looks like the solution was pretty simple

Issue

The 10GB nics of the target are usually used for ISCSI, and for ISCSI its best practice to use the NIC for just that disabling all other services, so file and print services were disabled. Enabled them and it worked straight away.

Issues with SMB on second interface

1 Answers1