Shulou(Shulou.com)06/02 Report--

This is an accident caused by the fight against the blackmail virus.

To put it simply, win10 plus domain, no matter whether DC and PC are in the same network segment or not, port 445 must be able to communicate normally.

Why is this emphasized, because win7 is not needed, which may be due to their different versions of SMB.

Here's what happened:

At that time, in order to resist the blackmail virus, I made an ACL that forbids access to port 445 for each interface on the layer 3 switch. Because it was an emergency, I did not do any relevant log instructions. I forgot this long ago, which is the hidden trouble buried at this time.

Last month, when I was working in the desktop cloud, I found that win7 could not add a domain (the wideband gateway is a layer 3 switch shielded by 445). The fault is as follows: the added domain can pop up a window to enter the account password, but will eventually report an error: the network path cannot be found. The reason for the packet grab was not found out, so we tried to add an additional domain control under the same network segment as the virtual machine, thus solving the problem of adding domain to win7. This also reinforces my belief that the firewall DNS transparent proxy is not properly set up (because my DC is deployed in the DMZ zone of the firewall).

A few days ago, the quality control department planned to replace a batch of PC, because the quality control software was old and did not support win7, so I had a whim to try to install it on win10 and installed it unexpectedly. So I want to get a virtual desktop and let win10 run software testing for a while. At this time, the problem of win10 plus domain comes again, but this time it is more unique, and the hint is similar to the failure of win7 plus domain, even if it is the same as the network segment.

Net use\\ dcname.local\ ipc$ returned: network path not found 53

After tossing about for several days, I suddenly remembered the switch shielding 445 in the afternoon, canceled the configuration, and everything went well.

This means: win7 plus domain, PC and DC on the same network segment, do not need port 445, cross-network segment, it is required.

Win10 plus domain, regardless of whether PC and DC are under the same network segment or not, port 445 is required.

Don't spray if you don't like it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.