Can't access drives after removing mapped drive via powershell

History:
Was trying to run powershell scrips to rename folders but it couldn’t access files and folders for some reason, and a suggestion given was to re-map the drive via powershell.
as when " Get-PSDrive" was executed it didn’t show the mapped drive, but when I tried mapping in powershell it says it was already in use.

So I deleted the mapping via powershell and tried remapping, but it wouldn’t take the user/password originally used, but it would take a secondary one.

Problem:
I thought that was odd; so I tried longing in via the web UI and it worked. I restarted the computer and the truenas machine and now both initial login and back login doesn’t work to map the drive. (password incorrect prompt)
I can access via another machine so i think it’s just the PC where i tried to delete and map via powershell that screwed something up. there was also a previous suggestion to edit a gpedit; but that didn’t work so now I’m trying to find that thread to undo; but it was an undefined value before so this might be interesting.

iv’e tried logging in via just the network drive folder but that wouldn’t take the user/pass either anymore

There Is the possibility that TN and this client PC are using a different security level, so the password Is rejected.
By default TN reject ntlmv1, you can test if this Is the case just checking ntlm v1 auth into the SMB config → restart service, but in case you have to set ntlm v2 in the client PC because v1 Is really really old and unsafe

Oh hey that “ntlm” looks familiar, i before i had went into the windows (client PC) and had it only take ntlm v2 and before was undefined; which one should i set it to:https://4sysops.com/wp-content/uploads/2024/06/Group-Policy-setting-for-NTLM-security-levels.png Do i pick the second one off that list?
Also. is there a way i go see if that’s the reason on TN and re-configure if needed?

Afaik you should pick the last one from the list
Send NTLMv2 response only. Refuse LM & NTLM
On TN you shouldn’t need anythning fancy to set, the default settings work for most use cases.
Odd that you previously set ntlmv2 and get credential errors, my previous suggestion was to quickly check if my suppose was right (because, changing on the client need pc restart, instead restart SMB is faster).
Also, can be worth too delete the credentials on the pc (if you checked "save credential or pass some argument to the command to do that) and add them again

do you mean this section?


because i did that still didn’t work, or do you know of elsewhere or what cmd to clear all?

Was meaning exactly that section :smile:
Do you have checked audit on the TN machine when tryng to connect?

No, how would i do that? Thanks for helping troubleshoot by the way.

System → Audit
You should see the login fail attempt and hopefully some extra info can help understand whats going on

This is the details i’m getting:
Logon Id: ‘0’
Logon Type: 3
Local Address: ipv4:192.168.0.xx:445
Remote Address: ipv4:192.168.0.x1:4585
Service Description: SMB2
Auth Description: Null
Client Domain: DESKtop
Client Account: admin
Workstation: DESKTOP
Became Account: Null
Became Domain: Null
Became Sid: Null
Mapped Account: admin
Mapped Domain: DESKTOP
Netlogon Computer: Null
Netlogon Trust Account: Null
Netlogon Negotiate Flags: ‘0x00000000’
Netlogon Secure Channel Type: 0
Netlogon Trust Account Sid: Null
Password Type: NTLMv1
Client Policy Access Check: Null
Server Policy Access Check: Null
Vers:
Major: 0
Minor: 1
Result:
Type: NTSTATUS
Value Raw: 3221225572
Value Parsed: NT_STATUS_NO_SUCH_USER

and looks like is it NTLMv1 and it looks like the old logs show NTLMv2 is there a way to force convert it?
[info in case, admin is a created admin/user account ie since root was deprecated?]
Did some more tests, even though it says no such user;
when i tried from a second computer and a second user that was previously created it was fine; but when i try that user on my first computer it says wrong password

edit 3: tried from 3rd PC, couldn’t login with initial ID (admin). After restart the second login worked (had to restart for some reason it wouldn’t take if i had tried the first login first) so i wonder if my powershell in deleting the mapped drive f’d some up indrectly.

Your client is trying to authenticate with NTLMv1. That’s a wild client misconfiguration.

what’s the best way to get it to not use NTLMv1?

Configure your client to not do that. If this is windows, it’s controlled by a registry setting. You may also want to investigate why the incorrect setting is present (since this may be malicious).

to be fair there’s no real way i can investigate; the powershell usage may be a bit misleading of how system savvy i am; but i was using google/gemenai to solve a renmaing issue. which indirectly caused this issue. basically worse come to worse i would just reinstall my main PC and hope that works. but i’m hoping to solve it without going through all that hassle.

That’s why i ask how to do this “Configure your client to not do that. If this is windows, it’s controlled by a registry setting.” specifically so i don’t google and find the wrong thing and mess something else up instead.

This is the guideline provided by MS, with a “pro” edition afaik shouldn’t need to make those passage but at this point why not try?

  • open regedit
  • find HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
  • add (or edit) as mentioned in the guideline, with the only difference that (afaik) level should be 5 and not 3

also, if you checked previously ntlm v1 auth on TN, don’t forget to remove this tick and restart SMB service

Thanks for the steps, saw that TN didn’t have the ntlm v1 ticked; but that config didn’t work overall. I created a new user in the same group and that worked.

1 Like