Can’t Access Old SMB Share After Upgrading Domain Controllers

By
Paul Asanka
-
0
5
Asked By CuriousCabbage37 On

I recently upgraded my Domain Controllers from Server 2022 to 2025 and also updated the Domain and Forest Functional Levels to 2025. Now, we've got this old Dell Celerra SAN that's running an SMB share for some users, and it seems like after the upgrade, they can't connect to it anymore. Here's what I've done so far:

- Enabled SMBv1 on both Domain Controllers and rebooted them.
- DNS resolution works fine; DCDIAG tests report everything is clean.
- I can ping and resolve the file share by its hostname without issues.
- NTP is matching across both DCs and the SAN.
- Temporarily allowed all Kerberos encryption versions on DC.
- Verified that the DCs don't have duplicate SIDs.
- Everything else in the domain works fine, and LDAP between the SAN and DCs is good, it's just the SMB connection that's broken.

Interestingly, clients who haven't rebooted after the upgrade can still access the share and make changes to their documents. I'm really stuck on what else I can do to get this share back up and running.

4 Answers

Answered By GadgetGuru77 On

Could it be a Group Policy blocking SMBv1 on the client machines? Sometimes those settings can mess things up after big upgrades. It might be worth checking that out!

Answered By TechieTim On

Have you thought about Credential Guard interfering with it? Just a thought, but make sure it's not enabled because that could definitely be causing issues.

Answered By OldSchoolTechie On

It sounds like the issue might be due to the legacy authentication mechanisms used by your SAN. Since Windows Server 2025 removed support for NTLMv1 and RC4 encryption in Kerberos, that could definitely cause connectivity problems. Honestly, you might want to consider replacing the SAN. You've sort of locked yourself out by upgrading the domain level, and jumping back to a previous Active Directory version isn't straightforward without a backup, which could be quite a hassle.

Answered By SecuritySavvy On

You should also check if NTLM that's compatible is enabled because you're right, allowing weak protocols can create serious security holes. Just be cautious while making those adjustments!

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.