I have several domain-joined Windows file servers (Windows Serer 2008R2, 2012 and 2016) that have recently (or inversely, could be the clients) started having issues wherein when pathing to the UNC share only showing files opened, or recently used. As of yet, I've not investigated the end-points but the logs on the Server don't seem to have any authentication of SMB errors.

My early suspicion was that the user had failed to authenticate against the domain, and a reboot would resolve that - which it did. However I then have tested and confirmed that using the IPv4 address of the file server (which the user was able to resolve) also resulted in being able to populate the files; I am yet to confirm if removing the cached credential token yields the same result.

The domain is 2016 Functional and has 2 DCs in the forest. The clients are typically Windows 10 but can be 7, and the file servers are Windows, typically sharing their secondary HDD as shares.

Presently it is GPO mapping the drive via \Server.FQDN\Share. The HelpDesk will be doing \IP Address\Share as a Shortcut (not a mapped drive) to accommodate the issue at the moment.

I have had a quick look for errors based on it, and Access Based Enumeration doesn't seem to fit the bill, and nor does messing with Offline File Caching. My next test will be installing Microsoft Message Analyzer on both the client and server in question to see what transactions I am able to capture (or a port mirror, same result).

Anyone else experienced this issue? A google indicates that it's quite common but yet cannot see any hot-fix for it, and the solutions are here, there and everywhere. The issue only seemed to arrise recently and the changes were enabling NLA on RDP and standard patching.