Answered

Windows Share Access Broken After Latest Update?

  • 26 October 2017
  • 38 replies
  • 4780 views

My Sonos system recently updated to the latest release (8.1 Build 38946070) and it can no longer access music on my Windows Server share. I've been through all the troubleshooting steps, verified the credentials work, verified the path, made sure the network is private, and the firewall is set properly. I even changed the LanmanServer setting for the IRPStackSize in the registry (for both client machine and server, and, yes, I rebooted).

When I try to add the music share and path with credentials, I get the following: "Sonos was unable to add the music folder".

Anyone run into anything similar? Anything else I might try?

-b
icon

Best answer by Ryan S 3 November 2017, 18:07

I've been working with another customer who is having this issue with a Windows Server 2016 hosted share.

He has been working on it and offered the following as a solution that worked for him:
https://blogs.msdn.microsoft.com/openspecification/2017/05/26/smb-2-and-smb-3-security-in-windows-10-the-anatomy-of-signing-and-cryptographic-keys/
It seems that using the details here, he was able to get the share working again for all of his players:
https://technet.microsoft.com/en-us/library/cc731957(v=ws.11).aspx
He said that it worked by disabling the requiresecuritysignature (setting it to 0). This was the only change required (and is the default for server 2k16) including leaving enablesecuritysignature set to 1. This turns off device signing as a requirement which was causing the PLAY:1 or Sonos One to fail connecting.

I haven't had a chance to test it out myself and we recommend caution when it comes to working with the registry settings, but you're welcome to give it a shot. If you have any concerns or questions about doing this, I'd recommend reaching out to someone who's familiar with Windows Server.
View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

38 replies

Userlevel 7
Badge +21
As others have stated, Microsoft have disabled SMB1 by default in their latest anniversary update... They had been campaigning for it to be deprecated for a long time before making this not very well publicised move.
Actually, it was well known months in advance that changes would be coming to SMBv1 with the Fall Creators Update. Articles were posted on tech sites as early as mid June.

BleepingComputer: Microsoft to Disable SMBv1...
BetaNews: Microsoft is killing off SMBv1...
Windows Report: Microsoft removes SMB1 from Windows 10...
ThreatPost: Say Goodbye to SMBv1 in Windows Fall Creators Update
IT Pro Today: Microsoft taking steps to deal with remnants of SMB1...
And those are the ones I easily found in June alone. Others chimed in as release got closer.

I fired up Windows Media Player, enabled media streaming and added my previously shared folder as a source. Then in the Sonos app I just enabled connections to uPNP media servers and can access my All local music again just like I could before.

A great choice of workaround, and one that also gets you past the 65k track limit of Sonos, since Windows Media Player is actually managing the music database instead of Sonos.
As others have stated, Microsoft have disabled SMB1 by default in their latest anniversary update... They had been campaigning for it to be deprecated for a long time before making this not very well publicised move.

I had confirmed this was the problem by re-enabling SMB1 on my machine, but leaving such a big security hole in place didn’t sit comfortably with me long term (as I work in IT and understand the risks.) So, I’ve disabled SMB1 again and used a MUCH simpler workaround. I fired up Windows Media Player, enabled media streaming and added my previously shared folder as a source.

Then in the Sonos app I just enabled connections to uPNP media servers and can access my All local music again just like I could before.
Userlevel 3
Badge +1
Interestingly at some point in the last few days my Windows 2012 Server had reset the requiresecuritysignature registry setting back to 1 (enabled). I haven't looked into how/why yet.

Not much of a fix if it doesn't stick. I still think Sonos need to fix this.


Take a look at your Group Policy settings. They may be set to re enable the security that you are attempting to disable via the registry.


You can disable this in Group Policy under
Computer Configuration / Policies / Windows Settings / Security Settings / Local Policies / Security Options / Microsoft netwrk server: Digitally sign communications (always) : Disabled
& Digitally sign communications (if client agrees) : Enabled

If using Group Policy Management and the server is a domain controller, you'll have to set it to Enforced because the default domain controller group policy overrides this.

Obviously I'm a bit uneasy downgrading security just so Sonos works, can Sonos confirm they're looking at this?

Thanks
Badge
Interestingly at some point in the last few days my Windows 2012 Server had reset the requiresecuritysignature registry setting back to 1 (enabled). I haven't looked into how/why yet.

Not much of a fix if it doesn't stick. I still think Sonos need to fix this.


Take a look at your Group Policy settings. They may be set to re enable the security that you are attempting to disable via the registry.
Yep, agree, the RequireSecuritySignature setting reverts to 1 automatically so this is not a fix. Sonos need to update their software sharpish. I trialled a Sonos 5 last week and while the sound quality is indeed quite impressive this inability in the software to work with a Windows Server share meant I returned the unit as not fit for purpose.
Experienced this same problem on Win 2012 Server recently. Setting RequireSecuritySignature to 0 fixed it for me. Thank you for your help
Badge
Interestingly at some point in the last few days my Windows 2012 Server had reset the requiresecuritysignature registry setting back to 1 (enabled). I haven't looked into how/why yet.

Not much of a fix if it doesn't stick. I still think Sonos need to fix this.
Userlevel 7
Badge +21
Is there anything on the Sonos road map to utilize the newer versions of SMB?
Sonos is very much aware of the desire to support a newer version of SMB. They have unfortunately not said anything regarding a plan to move to a newer version, but given the changes that Microsoft has made to SMBv1 support in the latest feature update to Windows 10, I would hope that they have a plan. Some NAS manufacturers are also no longer supporting it in their latest firmware updates.
Hi all I had exactly the same issue and changed IRPStackSize parameter again with no effect but setting security to 0 resolved the issue.

Thanks guys for finding this.

Regards
Malcolm
Badge
Ok that worked. enablesecuritysignature was set to "1", After I set it to "0" it worked. I also confirmed that Windows 10 was also set to "0", If I enabled that to "1" I was able to replicate the issue. Now that being said, Microsoft clearly created this security enhancement to prevent exploration. Is there anything on the Sonos road map to utilize the newer versions of SMB?
Badge
Hi Ryan,

Yes, that works for me too. As you say, I'll have to read up on the implications.

Do we know what actually changed for this to start being a problem?

Thanks.
Userlevel 7
Badge +26
I've been working with another customer who is having this issue with a Windows Server 2016 hosted share.

He has been working on it and offered the following as a solution that worked for him:
https://blogs.msdn.microsoft.com/openspecification/2017/05/26/smb-2-and-smb-3-security-in-windows-10-the-anatomy-of-signing-and-cryptographic-keys/
It seems that using the details here, he was able to get the share working again for all of his players:
https://technet.microsoft.com/en-us/library/cc731957(v=ws.11).aspx
He said that it worked by disabling the requiresecuritysignature (setting it to 0). This was the only change required (and is the default for server 2k16) including leaving enablesecuritysignature set to 1. This turns off device signing as a requirement which was causing the PLAY:1 or Sonos One to fail connecting.

I haven't had a chance to test it out myself and we recommend caution when it comes to working with the registry settings, but you're welcome to give it a shot. If you have any concerns or questions about doing this, I'd recommend reaching out to someone who's familiar with Windows Server.
Badge
Hi Ryan. Has there been any updates?
Userlevel 7
Badge +26
Thanks for the details. I'm digging into this with the team to see if there are some steps we can give you to work with before giving us a call. I'll let you know what I hear after they have some time to take a look at the diagnostics.
Badge
I’m my case it’s the kitchen which is the Play 1. I also have both the Sonos connect and Sonos amp both of which are unaffected.
Userlevel 7
Badge +26
Ryan. I had created a new share on my server and I did get the same error. I’ve submitted a support diagnostics. The number is 8032318.
Just checking on this one, when you try to play to each room individually (selecting music from inside the library, not the queue), which rooms are unable to play the library?
Badge
Ryan, thanks. My new diagnostic is 8032474.

I too have tried using the IP address. Didn't make any difference.
Badge
Is there anyway to find out from the firmware update to the Play 1 What has changed that affected the way it interacts with SMB
Badge
I did that as well. Same error. The only thing that seems to work is putting a folder on windows 10 computer. That’s why I think there’s something wrong with the way the Play 1 interacts with SMB and Server 2012. sure you already know this but this happened after the update. Everything worked perfectly fine in the previous version of Sonos .
Userlevel 7
Badge +26
Thanks, I'm looking over the diagnostic now, but I'd like to also try having you set up a share to the IP address of the server, as opposed to using the name of the server.
Badge
Ryan. I had created a new share on my server and I did get the same error. I’ve submitted a support diagnostics. The number is 8032318.
Userlevel 7
Badge +26
Hey Dave, if you can send a new diagnostic I'm happy to take a look. As you guys suggest, I'm pretty sure there's an SMB issue here which the PLAY:1 is running into. Usually, I'd expect this to be a device restriction somewhere in there, but it's hard to say without poking around. If you create a new share from that server in a different location, are you able to get the PLAY:1 to link to it and play?
Badge
No other responses - only what you can see above.
Badge
I'm not sure what else to do. I have an open ticket with Sonos. Has anyone responded to you?
Badge
Yes, you're right. If I share from Windows 10 it works on the Play:1s.