Issues Connecting to SMB Share After Domain Controller Upgrade

By
Paul Asanka
-
0
3
Asked By TechSavvyNinja93 On

I recently upgraded our Domain Controllers from Server 2022 to 2025 and also updated the Domain Functional Level (DFL) and Forest Functional Level (FFL) to 2025. We're a small organization, and I discovered we still have an old Dell Celerra SAN that hosts a mapped SMB share for some users. After the upgrade, those users can no longer connect to the share.

I've taken a number of troubleshooting steps:
- Enabled SMBv1 on both Domain Controllers and rebooted.
- Confirmed that DNS resolution is working perfectly and that DCDIAG reports clean DNS and replication.
- I can ping the file share by hostname without issue.
- Time synchronization (NTP) is set correctly between the DCs and the SAN.
- Temporarily allowed all Kerberos encryption versions on the DC.
- Verified that there are no duplicate SIDs among the DCs.
- All other services in the domain are functioning properly.
- LDAP communication between the SAN and DCs is fine; only SMB is problematic.

Interestingly, clients that haven't rebooted yet after the upgrade can still access the share without problems and can modify documents. I'm at a loss regarding what else might be causing this issue and how to resolve it.

4 Answers

Answered By SecurityWhiz12 On

You should also make sure to enable a compatible version of NTLM. Just be careful with that; it's like opening a door for potential vulnerabilities, so think about the security implications.

Answered By NetworkGuru88 On

Have you checked if a Group Policy Object (GPO) is blocking SMBv1 on the clients? Sometimes after an upgrade, those policies might prevent older protocols from being used.

Answered By LegacySupport99 On

It sounds like your SAN might be relying on really outdated authentication methods, like NTLMv1 or RC4 Encryption Kerberos. Since RC4 was completely removed in 2025 and NTLMv1 is pretty much obsolete, it's likely that's causing the connection issues.

Honestly, the best long-term solution would be to look into replacing the SAN. Right now, since you've upgraded the domain level, rolling back to an older version won't be easy—especially if you don’t have a backup of Active Directory, which could complicate things further.

Answered By TroubleshootMaster On

Could Credential Guard be interfering? It's worth checking, but if it's off, it shouldn't be causing issues.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.