networking - Network speed significantly reduced on Win Server 2008 DC

I have recently set up a Windows 7 Ultimate 64-bit machine which I plan on using in preference to my old Windows XP machine to do development on. However I am having problems connecting to the file shares exposed by the Windows Server 2008 (SP2 not R2) 32-bit server on the network.

I have trawled Google but been unable to find any solutions that work so far.

The error:

Login Failure, unknown username or password". Password prompt keeps on appearing as obviously the authentication is failing between the boxes.

What works:

• Connecting to shares on the Windows Server 2008 machine from the XP box
• Connecting to shares on the XP box from the Windows 7 box
• Connecting via RDP to the XP box from the Windows 7 box
• Connecting via RDP to the Windows Server 2008 box from the Windows 7 box
• Connecting via RDP to the Windows Server 2008 box from the XP box

So I can assume that a) I'm not having any issues with incorrectly typed passwords & b) there are no network connectivity issues between the machines.

What doesn't work

• Connecting to any password protected shares on the Windows Server 2008 machine from the Windows 7 machine. I have not tried non-password protected shares.
• Connecting to the Windows 7 box from the Windows Server 2008 machine.

Additionally I have tried a few suggestions floating round on the web, such as setting LmConnectivityLevel to '1' in the registry, and setting the Network Security: LAN manager authentication level in secpol.msc.

There have also been a few comments that the timezone/datetime need to be the same on both machines, they are, however there is one difference. The Windows 7 box lists everything in "UTC" and the Windows Server 2008 box lists everything in "GMT" (I am based in London so this is expected).

Additional Info

The machines are running NOT on a domain, rather they all belong to the WORKGROUP workgroup.

I have tried both User and Administrator accounts on the Server all with the same result.

The usernames are always authenticated against users on the server, so are entered in the form SERVER\UserName in the login prompt.

There are other non-Windows 7 machines on the network so I cannot really go fiddling with the network settings too drastically on the 2k8 server, however it is essential that I can connect to the server from the Windows 7 machine.

Any help gratefully accepted.

Update 1.

I've mot fiddled with firewalls on any of the machines, my thinking behind this being that given that independently all the machines can communicate, and file sharing works between the Windows 7 <-> XP box <-> server, just not between server <-> Windows 7. I will try turning off all the firewalls to remove them from consideration though.

Update - Success at last - See end of post!

Well I have had some partial success. I'll detail what I have done in the hope I help someone else in future [I will keep this updated as I progress].

The problem appears to be with the Win2k8 box being too restrictive with its security policy. The server has been locked down using the Security Configuration wizard, and although Windows XP could talk to the server fine, this was obviously too restrictive for Windows7.

So far I have started the SSDP service, the Computer Browser service, added inbound and outbound rules to the firewall for the Network Discovery and additional inbound File and Print sharing.

I still cannot connect using the machine name, i.e. \\server as it still repeatedly asks for the username and password. However if I connect using the IP address i.e. \\192.168.10.50 it accepts the username and password and allows access to the shares.

I will continue fiddling until I manage to work out a combination of what services must be running and what firewall rules must be set up to allow connection using the computer name.

Things to note

Evidentially windows XP machines being able to connect to a network share is no indication that all of the plumbing required for Windows7 to connect is accessible through the firewall.

Update: The following services need to be running in order to connect using the computer name to a share.

• Dns Client
• Function Discovery Provider Host
• Function Discovery Resource Provider
• SSDP Discovery

Additionally firewall rules need to be set (inbound and outbound) for:

• File and Printer Sharing
• Network Discovery

I hope this info helps someone.

Hope ya figured it out. Remember, 'workgroup' or peer to peer depend on NETBIOS over TCIP. Since this is a big security problem and easily hacked, especially if you put any of those computers on wifi or out on the DMZ, Win Server 2008 has disabled this by default. You have to enable it if you want to logon by computer name(WINS) or access by CIFS(common internet file service) or SMB. Since Win Server 2008 is a powerful server platform designed for Active Directory and Hyper V, running it as a peer to peer box is going to give you some headaches once you realize how tight it's buttoned up security-wise. You'd be better off running a XP Pro box for peer to peer workgroup shares until you snag a few lessons on how to actually configure Win Server 2008. Good luck. All the best.

The best way that I have just now found out is there is a setting in network sharing that needs to be set.

File sharing connections

windows 7 uses 128-bit encryption to help protect file sharing connections. Some devices don't support 128-bit encryption and muse use 40- to 56 bit encryption.

Set this to Enable file sharing for devices that use 40- or 56-bit encryption.

that should alleviate your problems.