After upgrading to Windows 10 1803 (April Update), users began to complain that they can’t run executable files that are located in network shared folders on the Windows file server and NAS storage.
The problem manifests itself in different ways. Some network applications simply do not start from network folders (
The application was unable to start correctly (0xc00000ba), 0xC0000005: Access violation reading location 0x0000000000000000), while others start fine, but all the functionality associated with network connections with other servers is not available. In particular, doesn’t working the connection to the remote MS SQL Server via both ODBC and ADO SQL connection, the client also can’t connect to the Oracle database either.
The problem occurs when you try to run EXE files from shared folders using the UNC path (
\\file-server\share\app1.exe) or when you run executables from network folders mapped to a local drive letter (using NET USE).
However, in Windows 10 1709 and Windows Server 2016, the same programs run from network folders correctly. To run these programs on Windows 10 1803, you will have to copy the executable files to a local disk. If you rollback the Windows 10 1803 update on your computer, the problem also disappears.
It seems that Windows 10 1803 blocks network access to programs running from shared network folders and the programs themselves are crash when they trying to open a network socket. The problem is somewhat similar to the problem of disabling insecure guest logons in Windows 10 1709, but this solution did not help.
One of the users found the following workaround: if you select in the exe file properties, that this program should be run in compatibility mode for Windows 8, the network programs start working!
However, as a permanent solution to use it incorrectly. I would like to find the cause of the problem.
During troubleshooting the problem, it was found that in all cases devices supporting only SMBv1 file access protocol were used to provide shared folders service. At the same time, on the Windows 10 workstations a separate client feature was enabled to access network folders using SMBv1 (SMB 1.0/CIFS Client).
If you move the executable files to the shared folder on Windows Server 2012 R2 / 2016, on which SMB1 is disabled, the executable files run correctly!
It can be concluded that Windows 10 update 1803 for security reasons does not allow you to open network connections in programs running from shared folders that are accessible only using the SMBv1 protocol. As network folders, you need to use devices that support SMBv2 or SMBv3.
Check if SMBv2 or SMBv3 is enabled on your server with the command:
Get-SmbServerConfiguration | Select EnableSMB2Protocol
If SMBv2 is disabled, you can enable it:
Set-SmbServerConfiguration -EnableSMB2Protocol $true
In our case, the used NAS storage device also supports file sharing only using the SMBv1 protocol, so it can’t be used to run programs on workstations updated to Windows 10 1803.
If you are still using Windows Server 2003 as a file server, you should understand that only SMBv1 is supported in this version. Accordingly, you can’t use this OS as a file server when accessing it from Windows 10 1803 and higher.
Also, if you use Linux Samba as a file server, to disable SMB1 you need in the configuration file
smb.conf to add the line
min protocol = SMB2 in the
[global] section and restart Samba.