Answered

Windows Share Access Broken After Latest Update?

  • 26 October 2017
  • 38 replies
  • 4326 views


Show first post
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

38 replies

Badge
Hi Ryan. Has there been any updates?
Userlevel 7
Badge +26
I've been working with another customer who is having this issue with a Windows Server 2016 hosted share.

He has been working on it and offered the following as a solution that worked for him:
https://blogs.msdn.microsoft.com/openspecification/2017/05/26/smb-2-and-smb-3-security-in-windows-10-the-anatomy-of-signing-and-cryptographic-keys/
It seems that using the details here, he was able to get the share working again for all of his players:
https://technet.microsoft.com/en-us/library/cc731957(v=ws.11).aspx
He said that it worked by disabling the requiresecuritysignature (setting it to 0). This was the only change required (and is the default for server 2k16) including leaving enablesecuritysignature set to 1. This turns off device signing as a requirement which was causing the PLAY:1 or Sonos One to fail connecting.

I haven't had a chance to test it out myself and we recommend caution when it comes to working with the registry settings, but you're welcome to give it a shot. If you have any concerns or questions about doing this, I'd recommend reaching out to someone who's familiar with Windows Server.
Badge
Hi Ryan,

Yes, that works for me too. As you say, I'll have to read up on the implications.

Do we know what actually changed for this to start being a problem?

Thanks.
Badge
Ok that worked. enablesecuritysignature was set to "1", After I set it to "0" it worked. I also confirmed that Windows 10 was also set to "0", If I enabled that to "1" I was able to replicate the issue. Now that being said, Microsoft clearly created this security enhancement to prevent exploration. Is there anything on the Sonos road map to utilize the newer versions of SMB?
Hi all I had exactly the same issue and changed IRPStackSize parameter again with no effect but setting security to 0 resolved the issue.

Thanks guys for finding this.

Regards
Malcolm
Userlevel 7
Badge +21
Is there anything on the Sonos road map to utilize the newer versions of SMB?
Sonos is very much aware of the desire to support a newer version of SMB. They have unfortunately not said anything regarding a plan to move to a newer version, but given the changes that Microsoft has made to SMBv1 support in the latest feature update to Windows 10, I would hope that they have a plan. Some NAS manufacturers are also no longer supporting it in their latest firmware updates.
Badge
Interestingly at some point in the last few days my Windows 2012 Server had reset the requiresecuritysignature registry setting back to 1 (enabled). I haven't looked into how/why yet.

Not much of a fix if it doesn't stick. I still think Sonos need to fix this.
Experienced this same problem on Win 2012 Server recently. Setting RequireSecuritySignature to 0 fixed it for me. Thank you for your help
Yep, agree, the RequireSecuritySignature setting reverts to 1 automatically so this is not a fix. Sonos need to update their software sharpish. I trialled a Sonos 5 last week and while the sound quality is indeed quite impressive this inability in the software to work with a Windows Server share meant I returned the unit as not fit for purpose.
Badge
Interestingly at some point in the last few days my Windows 2012 Server had reset the requiresecuritysignature registry setting back to 1 (enabled). I haven't looked into how/why yet.

Not much of a fix if it doesn't stick. I still think Sonos need to fix this.


Take a look at your Group Policy settings. They may be set to re enable the security that you are attempting to disable via the registry.
Userlevel 1
Badge +1
Interestingly at some point in the last few days my Windows 2012 Server had reset the requiresecuritysignature registry setting back to 1 (enabled). I haven't looked into how/why yet.

Not much of a fix if it doesn't stick. I still think Sonos need to fix this.


Take a look at your Group Policy settings. They may be set to re enable the security that you are attempting to disable via the registry.


You can disable this in Group Policy under
Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / Security Options / Microsoft netwrk server: Digitally sign communications (always) : Disabled
& Digitally sign communications (if client agrees) : Enabled

If using Group Policy Management and the server is a domain controller, you'll have to set it to Enforced because the default domain controller group policy overrides this.

Obviously I'm a bit uneasy downgrading security just so Sonos works, can Sonos confirm they're looking at this?

Thanks
As others have stated, Microsoft have disabled SMB1 by default in their latest anniversary update... They had been campaigning for it to be deprecated for a long time before making this not very well publicised move.

I had confirmed this was the problem by re-enabling SMB1 on my machine, but leaving such a big security hole in place didn’t sit comfortably with me long term (as I work in IT and understand the risks.) So, I’ve disabled SMB1 again and used a MUCH simpler workaround. I fired up Windows Media Player, enabled media streaming and added my previously shared folder as a source.

Then in the Sonos app I just enabled connections to uPNP media servers and can access my All local music again just like I could before.
Userlevel 7
Badge +21
As others have stated, Microsoft have disabled SMB1 by default in their latest anniversary update... They had been campaigning for it to be deprecated for a long time before making this not very well publicised move.
Actually, it was well known months in advance that changes would be coming to SMBv1 with the Fall Creators Update. Articles were posted on tech sites as early as mid June.

BleepingComputer: Microsoft to Disable SMBv1...
BetaNews: Microsoft is killing off SMBv1...
Windows Report: Microsoft removes SMB1 from Windows 10...
ThreatPost: Say Goodbye to SMBv1 in Windows Fall Creators Update
IT Pro Today: Microsoft taking steps to deal with remnants of SMB1...
And those are the ones I easily found in June alone. Others chimed in as release got closer.

I fired up Windows Media Player, enabled media streaming and added my previously shared folder as a source. Then in the Sonos app I just enabled connections to uPNP media servers and can access my All local music again just like I could before.

A great choice of workaround, and one that also gets you past the 65k track limit of Sonos, since Windows Media Player is actually managing the music database instead of Sonos.