Microsoft releases a solution regarding third-party NAS using SMB for Windows 11 24H2

Reading time icon 3 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Windows 11 24H2 security updates may cause issues with connecting to third-party NAS devices.
  • Enable SMB signing and disable guest access on your NAS for a secure connection.
  • Upgrading the NAS or replacing it with a compatible model might be necessary.
windows 11 wallpaper

Windows 11 24H2 Release Preview introduces new security measures that may cause issues when mapping drives to third-party network-attached storage (NAS) devices. These measures include mandatory SMB signing and disabled guest fallback in Windows 11 Pro.

While these changes enhance security, they can disrupt connections with NAS devices that don’t support SMB signing or rely on guest access for easy setup.

If signing isn’t supported by your third-party device, you may get error:

  • 0xc000a000
  • -1073700864
  • STATUS_INVALID_SIGNATURE
  • The cryptographic signature is invalid

If guest access is required by your third party, you may get error:

  • You can’t access this shared folder because your organization’s security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network
  • 0x80070035
  • 0x800704f8
  • The network path was not found
  • System error 3227320323 has occurred

Microsoft recommends users follow these steps in order of safety:

  1. Consult your NAS vendor’s instructions for enabling SMB signing within the device’s management software (if supported).
  2. Similar to step 1, refer to your NAS vendor’s instructions for disabling guest access in the management software.
  3. Set up a username and password authentication on your NAS for secure access.
  4. If enabling signing, disabling guest access, or using usernames and passwords isn’t possible, consider upgrading your NAS firmware to a compatible version.
  5. If upgrading the firmware fails to resolve the issue, you may need to replace your NAS with a model that supports the required security features.

6. Disable the SMB client signing requirement:

a. On the Start Menu search, type gpedit and start the Edit Group Policy app (i.e. Local Group Policy Editor).

b. In the console tree, select Computer Configuration > Windows Settings > Security Settings> Local Policies > Security Options.

c. Double-click Microsoft network client: Digitally sign communications (always).

d. Select Disabled OK.

7. Disable the guest fallback protection:

a. On the Start Menu search, type gpedit and start the Edit Group Policy app (i.e. Local Group Policy Editor).

b. In the console tree, select Computer Configuration > Administrative Templates> Network > Lanman Workstation.

c. Double-click Enable insecure guest logons

d. Select Enabled OK.

Microsoft acknowledges that the steps may not always be feasible. As a last resort, they offer instructions for disabling SMB signing and guest fallback protection.

More here.

User forum

0 messages