Loading ...

Month: March 2018

Network Drives Disconnect

Network Drive Disconnected - Grants Pass, OR

Had a client that repeatedly had troubles with network drives disconnect happening randomly. I did explain that this would happen normally if they kept their workstations logged into the server, but they did not want to change their habits. I performed the usual registry fixes on the workstations and the server, but these did not seem to work. Finally I got to look at the error and figured out the Group Policy Object that was causing the problem.

Usual Registry Fix:

The default method for this is to edit the registry as follows on both and run a command on the server to lengthen the disconnect time on the workstations and disable disconnect on the server.

Workstations:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
  3. In the right pane, click the KeepConn value, and then on the Edit menu, click Modify. If the KeepConn value does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click REG_DWORD.
    2. Type KeepConn, and then press ENTER.
  4. On the Edit menu, click Modify.
  5. Click Hexadecimal.
  6. In the Value data box, type ffff, and then click OK.

Server:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
  3. In the right pane, click the autodisconnect value, and then on the Edit menu, click Modify. If the autodisconnect value does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click REG_DWORD.
    2. Type autodisconnect, and then press ENTER.
  4. On the Edit menu, click Modify.
  5. Click Decimal.
  6. In the Value data box, type 0, and then click OK.

Finally the following command should also be run:

net config server /autodisconnect:-1

Kerberos Policy - Maximum lifetime for user ticket

Group Policy Object Fix:

Even though I changed the systems as above, it still disconnected regularly. The clients were getting this message when disconnected -“The system has detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.” Some research found that Windows Small Business Server created a Group Policy Object that by default times out authentication to the server after 10 hours. Here is how I changed it:

  1. Open Group Policy Management
  2. Look for Default Domain Policy
  3. Click on the Settings tab and then Show All
  4. Under Account Policies/Kerberos Policy look for Maximum lifetime for user ticket which by default was 10 hours.
  5. Right click on the policy and choose Edit
  6. Dig down to Computer Configuration > Windows Settings > Security Settings > Account Policies > Kerberos Policy
  7. Change the Maximum lifetime for user ticket to 100 hours (>4 days)
  8. Change the Maximum lifetime for user ticket renewal to 4 days

This combination will keep the ticket lifetime timeout longer than the time for renewal which will cause the renewal to happen before the timeout. Problem solved.

If your company is having issues with Network Drive Disconnect, then contact us for assistance.

 

 

Synology Active Directory Server

Synology Active Directory Server - Grants Pass, OR

Recently provided some assistance to a local IT company that exclusively uses Synology devices instead of servers for their clients. They approached us to create Group Policy objects based on this new feature of the Synology. The Synology Active Directory Server app is based on the Samba 4 Protocol, here are some details of available features:

  • Support for Windows RSAT
  • Support for TLS domain controller certification
  • Support for custom NetBIOS domain names
  • DNS auto registration
  • Support for single domain controllers

Account & Privileges

  • Group membership and policies
  • Roaming user profiles
  • Account single sign-on
  • Home folder support

Security & Access Control

  • Kerberos-based authentication
  • Password reset via email
  • Password strength policies
  • Account lockout policies

Domain Clients

  • Microsoft Windows 7 and above
  • Linux

Take Aways

Here are some basic take-aways from our experience creating these Group Policy Objects (GPO) on the Synology Active Directory Server.

  1. Need to install Remote Server Administration Tools (RSAT) on the most up-to-date desktop or server OS version in the organization to allow for best compatibility with all earlier OSs when creating GPOs
  2. Need to modify Synology Active Directory Server control panel Domain Options to allow Domain Admins to have admin access – without this you will get Access Denied every time a GPO is attempted to be added
  3. Windows Servers, Active Directory and domains are not dead, they are just becoming a “Container” which makes them much cheaper for small businesses to adopt.

If your company is utilizing a Synology Network Attached Storage device and would like the functionality of an Active Directory domain, then contact us for assistance.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]