Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMB access to 2012 Essentials dedicated server


  • Please log in to reply
6 replies to this topic

#1 rlevis

rlevis

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 29 July 2016 - 11:47 PM

Hi,

 

I purchased Windows Server 2012 Essentials as it was half the price of a full Standard edition, to install myself at on a dedicated server hosted at a data center.  This will make it less expensive than leasing Windows from the hosting company.

 

I'm terminating a dedicated server I have elsewhere but I want to transfer a lot of files from the existing server to the new server.  I've previously done this using SMB by opening ports 445 and 1 or 2 others and creating a share to the C: drive for a username with a very long password.

 

I've done this with the existing 2012 Server Standard and I can access it directly using \\ip.add.re.ss\share.  I mapped a network drive and entered the correct username and password.

 

An identical configuration on Essentials Server doesn't work.  It seems the Essentials edition of Windows Server prevents any connections to or from the server using SMB.  I've ensured all relevant ports are open in the Advanced Firewall for Domain and Public but no dice.  A diagnostic says "File and print sharing resource (ip.add.re.ss) is online but isn't responding to connection attempts".

 

I know that Essentials is designed to run a small business with domain access and I assume this is the problem. The Network & Sharing Center says it is a "Domain Network".  All attempts to change this to "Private" don't work.  I've spend 24 hours reading everything on the subject and required tabs are missing in the Local Security Policy.

 

So what I would like to know if there is any method to trick Windows Essentials into allowing SMB access outside of the domain, or should I in fact use the "Connector" software to connect to the server as a domain client, even though it's going over the internet?  Will that even work?

 

Alternatively, some other way to transfer files quickly, preferably not via FTP.

 

I also use SMB to transfer files as a backup using SyncTool and Windows Task Scheduler every 24 hours.  Without a simple drive mapping, I don't see how I can do this any longer.

 

Thank you for any help.

 



BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 31 July 2016 - 12:17 PM

SMB should work on Server 2012, but both the server and the client need to use SMB version 3.0. https://support.microsoft.com/en-us/kb/2709568



#3 rlevis

rlevis
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 31 July 2016 - 07:38 PM

I'm using a Windows 8.0 workstation which apparently includes SMB 3.0, so that's not the issue.  As I mentioned, I can connect to shared folders on a 2012 Standard server but not a 2012 Essentials server.



#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 07 August 2016 - 10:10 AM

What antivirus are you using on the Windows 8 workstation? Check to make sure it's not blocking port 445 or SMB traffic.

 

In re-reading your initial post, I noticed you are attempting to set this up to work over the internet. Windows Firewall will block this when the network is set to Domain. Have you tried creating a VPN connection first and then accessing the share?



#5 rlevis

rlevis
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 07 August 2016 - 08:27 PM

On the Win8 workstation here I can access another Windows Server 2012 via the internet that is not a domain controller, so no problems with firewall on this end.  The 2012 Essentials server is forced to be a domain controller unfortunately.  But I do have Private, Domain, and Public ticked in the Firewall in the server for the relevant ports 445 137,138,139, etc.

 

> Windows Firewall will block this when the network is set to Domain

 

Why would it do that, or give the Domain option if it will be ignored?

 

I even tried using the Windows Essentials Connector to officially connect my computer to the Domain server but even that didn't work with a server not responding message after it asked for a user name and password.

 

I considered the Anywhere Access feature which sets up a VPN, but it mentioned having to purchase a trusted SSL certificate.  I don't want to spend money to simply access the server.

 

All this overly cautious security is getting ridiculous.  I used plain SMB with user/password protection on a public server for 4 years and no one could access it.  I'm sure it helped that the password was 64 characters long.



#6 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:24 PM

Posted 08 August 2016 - 10:02 AM

The Domain firewall doesn't -- or shouldn't -- allow incoming SMB traffic from the Internet, because that's a huge security risk. If it's not encrypted, anyone can sniff that traffic and gain access to whatever information/documents/etc. is being transmitted.

 

It sounds like the computer you are using to try and access isn't joined to the domain? That would be part of the problem. Is the client attempting to join the domain over the Internet? If so, you'll likely need to create a VPN tunnel -- which would require an SSL certificate. There are cheap ones available -- you might even want to check out Let's Encrypt, as their certs are free. https://letsencrypt.org



#7 rlevis

rlevis
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 08 August 2016 - 07:24 PM

Ok, so it is the fact that the computer is a domain controller that is causing SMB to fail.  It would be nice for the user to decide if he wants to risk that, not the operating system developer.  I completely know the risks of opening the SMB ports.

 

However, after spending most of the day on configuring RRAS (Routing and Remote Access) for VPN access in the server, I managed to connect successfully so I can access the files I need for synchronizing to another computer every day as a backup.  






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users