Windows 7 Unsolvable networking issue

macleoda

New Member
Folks,
Could it be I have (sadly) found a network issue which has defeated every Windows 7 expert community? I have posted my issue on every expert forum I can find, in total almost 1'000 views, but not one answer. Is this because my issue is too niche, or because the solution has in fact eluded the whole world? Or maybe I just wrote too much and p****d everyone off?
In a nutshell this time (you can read my prior posts if you want the whole soup-to-nuts version): on my network, the only computer which cannot network properly with our Macbook Pro is my Windows 7 Ultimate x64 machine (other W7x32Pro fine, XP fine). I am 99.9999% sure this is a setting and/or incompatibility with either Ultimate or 64-bit, since there are NO issues networking with XP or 32bitW7. And the W7x64 machine can see the Mac, but not the other way around.
Desperate now for help on this. Anyone got any ideas at all? I have tried all the Control Panel stuff listed on these forums, and I done the secpol mods (unless there are others I have not tried yet).
Thanks on the offchance anyone can solve this.
Alastair
 
Hi,

From the MAC can you ping the windows 7 x64 machine? If the windows 7 machine can see the Mac but the Mac can't see the windows 7 box, you could add the windows 7 x64 machines ip to the macs hosts file. Having never used a mac, I wouldn't know how you accomplish this but I bet google will help :)
 
Yep - you can ping both ways, so it's not an IP level (basic connectivity) issue.

My over-long other posts refer to this in some detail.

Seems to be something very fundamental (like perhaps an authentication issue on the x64 Ultimate machine) which does not apply on a W7 32 bit machine or an XP machine. The W7pro32bit comparison is particularly troubling... you would think if connectivity works fine on one Windows 7 machine, it would work fine on all of them - but either a difference relating to "Ultimate" versus "Professional", or a difference relating to 64bit versus 32bit, is screwing this up. Probably just one minor little thing, but it seems no-one knows which little thing and since we're in the Mac<>Windows crossover hinterland, not many people are interested and even fewer it seems know the answer!

Not sure if this helps but thanks for your thought anyway.
 
Is there any error messages your are receiving with this problem?

Have you checked in the 7 machine, network and sharing center, advance sharing setting; scroll down to Password protected sharing and turn off password protected sharing. Now on the Mac, not sure where to begin there with networking because I too haven't used a Mac.
 
I posted a full and highly-detailed diagnostic separately but, in short, yes - all "Advanced Sharing Settings" are identical in both the x32/Pro machine and the x64/Ult machine (and specifically password-protected sharing is turned OFF).

Below is an extract of the specific part of my longer post which relates to the attempts to connect from Mac to PC (x64ult).

Thanks

Alastair



Test#3. Connecting between Macbook and fairly new Windows 7 workstation (W7 Ultimate 64-bit 2009 edition SP1, Supermicro workstation w/ 2 x Intel Xeon W5590 @ 3.33GHz, 24GB RAM):

  • - Open ‘Finder’ on Mac, PC WAS INITALLY immediately visible under ‘Shared’… however while carrying out the testing for the XP machine and the laptop, it has disappeared! The other two machines remain visible.
STOP PRESS: It reappeared… for how long, is anyone’s guess…

  • - From Mac: A single click on PC icon almost instantaneously indicates “Connection Failed”. Repeated attempts produce the exact same result. To verify the basics some elementary diagnostics:
    • Mac IP address 192.168.0.11 can be successfully pinged from the PC.
    • PC IP address 192.168.0.3 can be successfully pinged from the Mac.
    • From PC entering comment “ping MACBOOKPRO-598A” (the latter being the computer name of my Macbook) works successfully i.e. name resolved OK, no packet loss, 1ms round trip.
    • From Mac unable to run the reciprocal ping test for EITHER PC since I don’t know what to put into Ping to allow it to resolve the computer names.
    • However I note that all 3 Windows machines remain visible in the Finder, only the two which work (the XP machine and the W7 32bit laptop) have the “Eject” symbol next to them and they are still the only two which work both ways without problem.
    • In the Finder window after clicking on the PC icon in the left column, I get another instance of this icon in the next column with “Connect As” underneath and presently “Connection Failed”. If I click on “Connect As” I receive the error “There was a problem connecting to the server ‘alastair-ws’ (which is the PC name of the workstation).
    • Finally if I use the GO -> Connect to Server option in Finder, using SMB://alastair-ws I receive the same error as above. I get EXACTLY the same error if I use the IP address of the workstation 192.168.0.3 as above.
  • - From PC: Opening “Windows Explorer” and single-clicking on “Network” shows all my networked computers including the Mac. Again I decided to try logging into the Mac drives as me, rather than as a guest:
    • Double-clicking the Mac icon opens up the ID / Password dialogue box.
    • Inputting my correct username and password for the Mac immediately opened up all the folders on the Mac I have access to (the shared / public folders but also the folders for my login account on the Mac).
    • Am able to copy files from Mac to PC, although naturally not the other way around.
  • - Therefore the PC-to-Mac seems to work OK, but the Mac-to-PC does not no matter what I try, although the IP is visible and it’s clear the connectivity exists (or Mac copy onto PC would also not work).
 
The fact that you are able to establish one way network connections from the Win7 Ultimate machine to the Mac, but not the other way around would suggest that there is something unique about the Win7 machine, especially in light of the fact that the other Windows machines are not experiencing the same issues.
So first double check your Security Policy edits (on Win7 Ultimate machine) and make sure the they were preserved since the last time you checked and that a subsequent update or service pack installation or something else hasn't reverted them back to their default. Also try experimenting with the "Network security: Minimum session security" you can change this by switch the checkbox selection or by unchecking both = no minimum. (See attachment)
Additionally this might be a result of some unique software product that is present on the Ultimate machine that is not present on the others or a unique setting within the product that has not been configured properly.
So if you're running ZoneAlarm, Comodo, Norton/Symantec, McAfee, AVG, etc., consider removing any such product completely by using the vendor specific proprietary removal tool and see if that helps. Even if such a product is not currently installed, if they had been installed on the machine in the past it's possible that some remaining remnant of the product may still be present and inhibiting the proper functioning of your network so running the uninstaller from the vendor will generally find those bits and pieces and get rid of them. Even going so far as temporarily disabling the built in Windows Firewall product just to see if that may be causing your issue.
Interesting problem and it seems that you've tried practically everything, unfortunately I don't have a Mac product to experiment with to see if I could duplicate your issue.
Good luck and keep us posted.
 
Last edited:
Don't those Macs keep several logs for such a thing? If so have you compared them for differences when connecting the the x86 vs the x64?

What settings do you show for Advanced File Sharing in the Network and sharing center?

Anything in the Event Viewer on the Windows 7 system? This would probably fit into an Informational or low lever notice. Keep track of the time you try to access?

Are you using a password on the Windows 7 machine?

Sorry, but I don't have a Mac to test either..

Edit: If you have not seen this thread, you might check. But I have seen several suggestions about the HomeGroup either being set up or changing the name to Workgroup instead of HSHome. I don't really see why the HomeGroup might be involved but ...
 
Last edited:
Thanks for very helpful post (most helpful so far). Sadly one step forward, two back... now (and with NOTHING changed!!) the XP machine is still connecting but the W7x32pro laptop is now behaving exactly like the W7x64ult desktop, i.e. instantaneous "Connection Failed" message from the Mac when trying to connect. Also other new random behaviour:
- From the x64 I can still access the Mac, although not the other way around
- From the x32 (which previously worked in BOTH directions!) I now cannot even SEE, let alone ACCESS, the Mac!!

One other info. All three Windows machines have the current version of Norton Internet Security installed. I know it's tempting to think that's the issue BUT I have tried disabling it completely before (didnt' work). Also the same NIS is installed on the XP machine, which always connected both ways and still does, and on the W7x32pro machine which worked yesterday (but now doesn't). When problems start to exhibit apparently inconsistent behaviour like this, I realise it makes it much harder to diagnose - all I can tell you is nothing has changed except we're all a day older since the behaviour was quite different.

In terms of your points:

1. The setting 'Network security: LAN Manager authentication level' was set to "Not Defined" on the x32pro machine and "Send LM & NTLM - use NTLMv2 session security if negotiated" on the x64ult machine.
==> since it is not possible to reset the x64 machine to "not defined" (this option does not exist in the drop-down), I have instead set the x32 machine to this same setting.

2. I exported every single item from the secpol and used Excel to do a line-by-line comparison, from the whole list of every entry there were only three differences:
> The difference in the "Network security: LAN Manager authentication level" settings, which I have now aligned to the value you suggested, as above.
> In User Rights Assignment, the parameter "Deny log on as a batch job" had different keys as follows:
>>> on the laptop: *S-1-5-21-1112843904-1533428843-3841691866-1002,*S-1-5-21-1112843904-1533428843-3841691866-1005
>>> on the desktop: *S-1-5-21-791934733-3474851164-2610667567-1001,*S-1-5-21-791934733-3474851164-2610667567-1004
> In User Rights Assignment, the parameter "Deny log on locally" had different keys as follows:
>>> on the laptop: *S-1-5-21-1112843904-1533428843-3841691866-1002,*S-1-5-21-1112843904-1533428843-3841691866-1005,Guest
>>> on the desktop: *S-1-5-21-791934733-3474851164-2610667567-1001,*S-1-5-21-791934733-3474851164-2610667567-1004,Guest

3. I set the Network Security to "Minimum" as you suggest.

Sadly no change. I will put the Network Security settings back as they were to minimise the moving parts.

Also, sadly, the apparent random behaviour continues: at time of writing the desktop x64 machine can access the Mac, as before, but the Mac cannot access the x64 machine; however the x32 machine now still cannot even see the Mac, curiously on Finder (Mac equivalent of Explorer) the x64 machine has appeared but, currently, the x32 machine and the XP machine have not.

You could be forgiven now for thinking I am a crazy lunatic incapable of following through methodically and systematically; I promise you I have changed nothing since I posted, the only changes I guess are the machines have been power-cycled since yesterday but otherwise nothing - they are all physically plugged into the same router with cables (so it's not a wifi issue), each machine can ping the others, but somehow the behaviour does indeed seem to have a degree of randomness which is baffling.

Any other thoughts....????!!!!

Thanks again

Alastair
 
Saltgrass - thanks - honestly re Mac / logs good question but I don't really know... I'm not bad with PCs but the Mac only got in the house because the Mrs wanted it... I'd hope it wouldn't need too much tech support.

Ref AFS settings, see attached. Couldn't lower the bar much more without just sending the whole internet a free invite to come and raid my shared files! Let me know if you think anything is wrong in there however.

I will do some digging for logs on the Mac tonight.
 

Attachments

  • Advanced sharing settings.JPG
    Advanced sharing settings.JPG
    219.6 KB · Views: 543
Thanks for very helpful post (most helpful so far). Sadly one step forward, two back... now (and with NOTHING changed!!) the XP machine is still connecting but the W7x32pro laptop is now behaving exactly like the W7x64ult desktop, i.e. instantaneous "Connection Failed" message from the Mac when trying to connect. Also other new random behaviour:
- From the x64 I can still access the Mac, although not the other way around
- From the x32 (which previously worked in BOTH directions!) I now cannot even SEE, let alone ACCESS, the Mac!!

One other info. All three Windows machines have the current version of Norton Internet Security installed. I know it's tempting to think that's the issue BUT I have tried disabling it completely before (didnt' work). Also the same NIS is installed on the XP machine, which always connected both ways and still does, and on the W7x32pro machine which worked yesterday (but now doesn't). When problems start to exhibit apparently inconsistent behaviour like this, I realise it makes it much harder to diagnose - all I can tell you is nothing has changed except we're all a day older since the behaviour was quite different.

In terms of your points:

1. The setting 'Network security: LAN Manager authentication level' was set to "Not Defined" on the x32pro machine and "Send LM & NTLM - use NTLMv2 session security if negotiated" on the x64ult machine.
==> since it is not possible to reset the x64 machine to "not defined" (this option does not exist in the drop-down), I have instead set the x32 machine to this same setting.

2. I exported every single item from the secpol and used Excel to do a line-by-line comparison, from the whole list of every entry there were only three differences:
> The difference in the "Network security: LAN Manager authentication level" settings, which I have now aligned to the value you suggested, as above.
> In User Rights Assignment, the parameter "Deny log on as a batch job" had different keys as follows:
>>> on the laptop: *S-1-5-21-1112843904-1533428843-3841691866-1002,*S-1-5-21-1112843904-1533428843-3841691866-1005
>>> on the desktop: *S-1-5-21-791934733-3474851164-2610667567-1001,*S-1-5-21-791934733-3474851164-2610667567-1004
> In User Rights Assignment, the parameter "Deny log on locally" had different keys as follows:
>>> on the laptop: *S-1-5-21-1112843904-1533428843-3841691866-1002,*S-1-5-21-1112843904-1533428843-3841691866-1005,Guest
>>> on the desktop: *S-1-5-21-791934733-3474851164-2610667567-1001,*S-1-5-21-791934733-3474851164-2610667567-1004,Guest

3. I set the Network Security to "Minimum" as you suggest.

Sadly no change. I will put the Network Security settings back as they were to minimise the moving parts.

Also, sadly, the apparent random behaviour continues: at time of writing the desktop x64 machine can access the Mac, as before, but the Mac cannot access the x64 machine; however the x32 machine now still cannot even see the Mac, curiously on Finder (Mac equivalent of Explorer) the x64 machine has appeared but, currently, the x32 machine and the XP machine have not.

You could be forgiven now for thinking I am a crazy lunatic incapable of following through methodically and systematically; I promise you I have changed nothing since I posted, the only changes I guess are the machines have been power-cycled since yesterday but otherwise nothing - they are all physically plugged into the same router with cables (so it's not a wifi issue), each machine can ping the others, but somehow the behaviour does indeed seem to have a degree of randomness which is baffling.

Any other thoughts....????!!!!

Thanks again

Alastair
First those two policies "Deny Logon Locally" and "Deny log on as a batch job" have no impact on your present issue, and those are not actually keys, they are GUIDS (Globally Unique IDentifierS) and are different because they are different user GUIDS, you're likely to find identical string values in the registry (under HKEY_USERS) on the respective machines.
Second did you reboot after making policy changes or force a gpupdate? Policy changes will not take effect without doing one or the other.
Don't worry too much about what you can see using the Computer Browser Service, as it's dependent on NetBIOS name caches being updated and can be impacted by simple reboots and can take some time before a refresh occurs. And additionally requires the presense of something called a "Browse Master" this Master Browser is responsible for keeping a list of available network resources (who's who and where) resolving NetBIOS names to IP addresses. And with a good old XP machine in the mix (they always want to be the Browse Master) it can complicate things, so when you UNC to a share, use the IP address (\\192.168.1.nnn\ShareName) to circumvent this issue so you know you're not relying on a master browser that may be unavailable and a new election hasn't taken place yet, or some IP's have changed and it's NetBIOS name tables (cache) hasn't caught up yet.
Better yet read this so you might better understand what the heck I'm talking about How to Determine the Master Browser in a Windows Workgroup | Scottie
 
Thank you. V helpful - and definite progress (although still not there!).

I followed the article (Master Browser) and discovered that, through a know quirk of W7, both my W7 machines had reset their workgroup name from the setting I gave them and the Mac - WILF - to the standard WORKGROUP. So problem #1 they weren't in the same workgroup, which wouldn't have helped!! (BTW I am not a total idiot, this has not always been the case).

Now have aligned the secpol entries per our eariler and made some progress as follows:

- For the first time ever, I have succeeded in connecting to the W7x64ult workstation from the Mac!

...however...

- The browser issue on the Mac is recurring (right now for example the Mac is showing the x32 laptop but not the x64 desktop).
- Connecting with IP address is not ideal for me since the desktop gets its IP from the router, I would prefer to keep this way but if absolutely necessary I could set my workstation with a static IP and reconfigure the router to leave a set of IP's unallocated.
- Strangest remaining issues:
>>> From the other W7 machine I can connect to all the shared drives on the desktop x64 machine no problem
>>> When I try to connect to the x64 from the Mac using ONLY its name (not IP) it fails, however it works with the x32 machine - a dialogue box comes up asking which share I would like to mount as a drive on the Mac
>>> When I repeat the above on the x64 but using the name AND the sharename ('smb://ALASTAIR-WS/public') it works and immediately shows me the directories
>>> The difference appears to be that somehow, when the Mac talks to the x32 machine, it correctly and immediately offers up any shared directories it knows about, whereas the x64 machine only shows a directory if you specify the sharename in the connect request

So this leaves me with a different but more hopeful problem; why, when connecting from the Mac, does the x32 machine immediately offer me the option to mount volumes, but the x64 will not respond unless I precisely specify the sharename - in addition (and realise not everyone knows the Mac.. god knows I don't) - if you then click back on the computer name in the browser window, again the directory list is lost.

Could it be something to do with SMB2.0?

Also maybe it's because on the x32 the public folders are still 'natural' (as god intended), whereas on the x64 machine I don't use the original public folders on the C: but instead created separate folders on the D: which, I have a hunch, are not recognised as public folders. This still doesn't explain it however because when you do it from Windows all 6 shares come up.

Probably getting too close to Mac now but any ideas from this point?

THanks....
 
Much to far into Mac and way far out of my comfort zone but I do know that while Windows 7 uses Network Discovery which is dependent on several supporting services like SSDP, Function Discovery Provider Host, Funtion Discovery Resource Publication, etc., from what I can tell, and please remember I'm not a Mac guy, Mac's use the Bonjour Service to do something very similar to help them locate other computers and network devices on the same subnet, which can be and often is installed on Windows machines.

Now what I can tell you about that is that very often, a product called mDNSresponder.exe which is part and parcel of the Bonjour service will often cause problems with your Windows machines being able to reliably resolve FQDNs (Fully Qualified Domain Names) outside your subnet. So you can try installing Bonjour Service on your Windows machines (usually installing iTunes will do it as it's part of the package) and see if that in any way helps with your present situation. And then if you discover later that your Windows machines are having Internet connectivity issues you can always open the Services Management Console and stop and disable it. Might be worth a try just to advance the diagnostic process a bit.
 
Really old thread, but Im battling the same issue with my Win7 x64 for over 5 years.
Almost absolutely same with minor differences that I can't mount Win7 shared folder even if I use subdirectory.

OTH when I use IP number everything connects smoothly.
So:
smb://192.168.1.186
works
smb://media
doesn't
smb://media/0.%20Movies
doesn't
smb://media/0. Movies
doesn't.

I kinda gave up and just lived with it.
 
Back
Top