I've bee trying for a while to get my FMC to talk to remote storage so I can place my backups and reports there. For some reason my FMC refuses to talk to any remote storage device I have. NFS, SMB (haven't tried SSH), neither work. I keep getting an error:
All passwords and usernames that I've tried are getting the error... Am I missing some kind of formatting here? I use domain\username format or username@domain format. I've also just used the username.
Can someone please shed some light on me here?
I thought maybe it had to do with the SMB version so I turned on SMB v1 but that still won't connect. I used the exact same formatting as yours and I get this:
I have the verified the share permissions and the user has R/W on it.
What else can I be missing here?
Wireshark shows the SMB Negotiate Protocol Request being sent from the FMC but the destination host sends a RST flag resetting the connection.
I have no clue what could be causing this.
A TCP reset from the target host generally means it's not accepting connections on that port or protocol or else it restricts them to certain addresses (e.g. in Windows firewall).
You could try to mount the share as a network drive from another Windows PC as a test.
My working server is running Windows Server 2016 (all the latest updates applied) with Windows Firewall disabled.
Here's a screenshot of a Wireshark capture when it's working. As you can see in the decode, it's SMB2. SMB1 is insecure and deprecated and should NOT be enabled.
Thanks for your input here. SMB2 appears to be working fine when I mount the share from other PC's. It's only the FMC that is having trouble. Right now the FMC is only at v6.2.3. I plan on moving up to 22.214.171.124 soon. I wasn't able to connect to remote storage when it was at 6.2.2 either.
I already disabled SMB1, I just had it open for that last test. I also have the Windows firewall disabled.
Any other thoughts? I checked the access list in the FMC but that only seems to be for management access to the FMC using ports 22,443, and 161.
There was one resolved SMB bug in 126.96.36.199 and a couple in 188.8.131.52 and 184.108.40.206. None of them should affect the basic operations though.
Given that the Windows server is sending a TCP reset, I strongly suspect a domain policy on the Windows side. I'm not enough of a server admin to point you to the right setting though. You may find an event in the Event Viewer on the Windows server that shines more light on the issue.
Hi @Marvin Rhoads ,
I ended up raising a ticket with TAC. The engineer is saying that the FMC only supports SMB1. Does this sound right to you? He's recommending NFS or SSH since SMB isn't working. Like you said, these are basic functions. I already tried with SMB1 and that wouldn't connect either. It's got to be something else that I'm overlooking.
I don't usually contradict the TAC, but given that I have a packet capture showing SMB2 working between FMC and Windows Server 2016 I would say they are mistaken in this case.
If you can easily deploy a Windows Server 2016 instance in ESXi that's not joined to your domain, you might test with that. There are so many variables in an AD-joined Windows server that it's nearly impossible to guess which one might be preventing the successful mount.
The only other quick check you can do is change it to IP address vs hostname (if it's not already that way). There error message is so ambiguous that it might be something like name resolution.
I had also tried using the IP of the host. I got the same ambiguous error that time also. I've tried two different hosts with he same results. I ran Wireshark and as far as I can tell, the SMB negotiation gets reset for some strange reason.