Shares not accessible by other computers if Windows 10 firewall is ON

5

I am trying to share a folder on my Windows 10 machine. The computer is connected to the network via Ethernet. The problem is that when I try to access this shared folder from another Windows computer, I get an error saying that "Windows cannot access \\xxxxx" with an error code 0x80070035 (Network path was not found).

Now, if on the Windows 10 machine I turn the firewall off, the share can be accessed by the other computers with no problem. So this narrows down the problem to the firewall settings.

What is confusing is all of the "File and Printer Sharing" firewall settings are already enabled (see below).

What am I missing? Is there any other firewall rule to be enabled? Any ideas?

Thanks, AlefSin

(ps, I have only the Windows firewall, no other 3rd party virus protection or firewall programs).

enter image description here

Edit 1: I manually added a rule to the firewall to open TCP port 445. Now the shares are visible. So most probably what @Jacob mentioned is right: somehow the system does not recognize it is indeed connected to a "Private network", though at least parts of system think so:

enter image description here

AlefSin

Posted 2016-04-06T15:36:23.597

Reputation: 201

Your solution should be its own answer. – Ramhound – 2016-04-06T16:42:28.350

Well, it is not a good solution though. Manually opening ports on the firewall is not something I would consider a good practice. At best it is temporary patch. – AlefSin – 2016-04-06T16:44:19.063

Except its the proper solution? That is obviously the port that the service, which is used by this functionality, uses. Opening ports used by services, services you want to use, isn't a security concern. If you are that worried, configure the rule, to only allow intranet traffic. – Ramhound – 2016-04-06T16:46:03.233

You have a point. I'll wait a bit and if nobody comes up with a way to understand the underlying cause, I'll add it as an answer for future reference. – AlefSin – 2016-04-06T16:48:03.427

1Understanding Shared Folders and the Windows Firewall – Ramhound – 2016-04-06T16:50:04.863

Answers

5

I manually added a rule to the firewall to open TCP port 445. This resolves the issue by allowing SMB2 and SMB3 over TCP. However, this solution is less than ideal since it does not answer the problem as to why the system's default firewall were not correctly setup by Windows.

AlefSin

Posted 2016-04-06T15:36:23.597

Reputation: 201

1Windows 10 takes VLANs into consideration. If you're on a different VLAN, shares won't automatically work. – Overmind – 2018-05-31T05:22:36.677

2

I'm assuming your computers are not members of a domain, correct? I would double check your network location settings for your Ethernet connection and verify it is set to private before digging into Firewall settings.

http://www.tenforums.com/tutorials/6815-network-location-set-private-public-windows-10-a.html

Jacob Boykin

Posted 2016-04-06T15:36:23.597

Reputation: 31

1Thanks a lot. Very interesting link. However, the connection is already set to "Private network" according to the network and sharing center. – AlefSin – 2016-04-06T16:29:31.173

2

I had the same problem, and @JacobBoykin's answer made to look in the right direction. But it's not only about being on a private network for a "private network" firewall rule to apply. Note that a few columns further to the right, the scope of many (at least all private) rules is set to "Local subnet", such as here:

enter image description here

In my case, I was connecting to a server on 10.0.0.2 (having subnet mask 255.255.255.0) from a client computer 10.1.0.3 (subnet mask 255.255.255.0); hence, the server's firewall did not recognize my request as coming from the same subnet, and did not apply the "private" rule. Similarly, since my current network was marked "private", the "public" rule was not applied. Regardless of how many rules I activated, no request came through.

The solution, in my (DHCP) case, was to edit rules to extend the scope; basically, I added "10.1.0.0/16" to the scope of the private "File and Printer Sharing (SMB-In)", which opens port 445 to requests from that IP range. That was enough in my use case.

Alternatively, I guess I could have changed my IP configuration to have all computers on the same subnet.

bers

Posted 2016-04-06T15:36:23.597

Reputation: 557

2

I had this same issue but when I looked at the advanced firewall rules I discovered that port 445 was already open. In my case it was because I was on a different VLAN. I fixed it like this:

  1. In the search box, type "firewall," then click on "Windows Firewall."
  2. Click on "Advanced Settings."
  3. Double-click on "Inbound Rules."
  4. Make sure the lines "File and Printer Sharing (NB-Session-In)" and "File and Printer Sharing (SMB-In)" are checked.
  5. Double-click on "File and Printer Sharing (NB-Session-In)" and select the tab that says "Scope" and change the remote address setting to "Any IP Address" then click "OK."
  6. Repeat on the line that reads "File and Printer Sharing (SMB-In)."
  7. I also wanted the server to ping on the net so I did the same with the setting for "File and Printer Sharing (Echo Request - ICMPv4-In).
  8. I also wanted name resolution, so I adjusted the scope for File and Printer Sharing (LLMNR-UDP-In) and (NB-Name-In).

There's a good explanation of these settings here.

user1780242

Posted 2016-04-06T15:36:23.597

Reputation: 173

2

I have the same problems, with folders on 2 Windows 10 computers, and I get it fixed.

  1. Firstly, go to Windows Defender Firewall on Local Computer (that has shared folders) then select Advanced settings Windows Defender Firewall with Advanced Security

  2. In Inbound Rules, double click on File and Printer Sharing (SMB-In) and in the tab Scope add your Remote Computer's IP address here. Click Apply File and Printer Sharing (SMB-In) Properties

  3. Problems resolved!

Nam Nguyễn

Posted 2016-04-06T15:36:23.597

Reputation: 21

1

Well, this worked for me... give it a go.

Go to Start, type Command Prompt (run as admin) in the search bar, at the command prompt enter the following commands. Its easiest to copy and paste from below, and press Enter after each paste:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi

sc.exe config mrxsmb20 start= disabled

Then reboot your Windows 10 machine;

This should do the trick.

zukeemm

Posted 2016-04-06T15:36:23.597

Reputation: 11

3What do these commands do? Where's a reference for them? – Eric J. – 2017-07-05T20:07:13.643

Asked: 2016-04-06T15:36:23.597

Viewed: 35 400 times

Active: 2019-01-17T15:46:19.107