-
-
Save dantof/83bd02541b8e5290433abff4bde0fca9 to your computer and use it in GitHub Desktop.
Synology Active Directory ADS join domain fix (suddenly nas lost connection to domain)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Your NAS Synology device suddenly lost connection to your Windows Domain Controller, and or intermittent AD connectivity issues. | |
# Symptoms include but not limited to: | |
# - Failing to rejoin after removing the account on the Domain. | |
# - Failing to rejoin without any changes | |
# - Join attempt results in = "Failed to join the Windows domain. Please check your domain and firewall settings and try again" | |
# - Synology is joined, but attempting to connect from domain clients results in "There are no logon servers available to service the logon request" | |
# - This problem happens intermittently, sometimes rebooting the Synology device allows you to rejoin (Not a solution). | |
# - Sometimes rebooting both Synology device and Domain Controller allows you to rejoin (Not a solution). | |
# 1st.) *OPTIONAL* Remove the AD Synology device from Avtice Directory Users/Computers. | |
# Step could be required if your Synology system is currently in a disconnected state. | |
# ie: Inaccessible from Domain systems, and or "no login servers available". | |
# Always try Step 2 first, you have nothing to lose. Permissions for Domain Users/Groups, entered | |
# on your Synology system, for shared folders do not get removed when the Synology Computer object | |
# is deleted from the Domain's Active Directory Users/Computers. | |
# 2nd.) *THE FIX*) Enable SMB1 Protocol - Try the following commands on your Domain Controller: | |
# Use the appropriate commands for the terminal/console/shell you are using. | |
# Goal: Enable SMB1 and restart LanmanWorkstation and LanmanServer SMB Windows services | |
# powershell v4 (ws2012+) | |
Set-SmbServerConfiguration –EnableSMB1Protocol $true | |
# powershell v2 (ws2k8) | |
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 1 -Force | |
# cmd (cmd/run) | |
reg.exe ADD 'HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' /v SMB1 /t REG_DWORD /d 0x1 /f | |
# restart SMB services (Powershell) | |
Restart-Service LanmanWorkstation -Force; Restart-Service LanmanServer -Force | |
# restart SMB services (cmd) | |
net stop LanmanWorkstation & net start LanmanWorkstation | |
net stop LanmanServer & net start LanmanServer | |
# sc cmd method | |
sc stop LanmanWorkstation & sc start LanmanWorkstation | |
sc stop LanmanServer & sc start LanmanServer | |
# 3rd.) Enjoy the problem never happening again. You might also want to setup a WINS server, since Synology boxes seem to function | |
# much better with one available to them. | |
# Info: Why would SMB1 all of a sudden be relevant to a previously joined device with it disabled? No Clue. | |
# Since I don’t use SMB for anything on the related Domain Controller, I now schedule a task to restart SMB services | |
# once a day. If the problem persists you may want to evaluate your Domain's Network Permissions (Securty Settings) | |
# for NTLM authentication. I can see this being an issue for certain environments. Might want to look into adding an | |
# server exception for your NAS. Granted i have not tested a Synology with zero NTLM (no NTLMv2 only Krb). I am also not sure | |
# what data is passed from NAS to DC in regards to SMB1. Somepoint i will setup a lab and capture data with SMB1 enabled/disabled, | |
# and the activity of the synology system in a dissconnected domain state. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment