Sunday, 2 April 2017

Shared folder’s access denied on windows 7 after enabling Protocol Encryption - EMC VNXe3150

Or, Access to shared folders denied after enabling Protocol Encryption in VNXe3150
Or, Shared folder’s access denied after enabling Protocol Encryption EMC VNXe3150
Or, How shared folders Protocol Encryption works – EMC VNXe 3150

Descriptions: Guys if you have enabled protocol encryption on some of your shared folder that are directly shared from your VNXe3150 storage box, it is possible that windows 7 machines may not be able to access those shared folders after enabling protocol encryption on the shared folders from storage side. However, windows 10 machines can access those shared folder without any errors.

How shared folders Protocol Encryption works – EMC VNXe 3150: Enabling Protocol Encryption is not the encryption of data either on client or storage side. Enabling Protocol encryption just encryption the data in transit. Means, the data travelling between client and storage is encrypted only while travelling.

Scenario: I had recently enabled protocol encryption on some of the shared folder of my storage box VNXe3150 to meet organisation security requirement of data encryption.
Soon after enabling Protocol Encryption from storage side, I noticed that windows 7 users are not able to access any of the shared folders, which are having protocol encryption enabled on them. However, users using windows 10 machines are able to access those folders without any error.

IMP Note: Never be confused with management IP and shared folders IP if you are using direct-shared folders from VNXe3150 storage box. Management IP is the one that gives you the ability to manage your storage box (e.g. any administrative tasks, firmware update, health check etc...) whereas, shared folder IP address is the one that you use to access the shared folder’s using \\path etc…

You may be aware of already (that is goodJ) but I would like to let you that, shared folder’s IP address that you use to access the shared folder on your windows machines also have Registry Keys Hierarchy like windows. To resolve the problem all you need to do is you need to fine-tune the registry keys of the shared folders (not the local machine’s regedit keys). 

Solution: modifying the shared folders registry keys

On your local windows machine, go to Run > type regedit > press Enter

Got to File option > Click on ‘Connect Network Registry’ > Type the IP address of the shared folder to connect

After successful connection, the shared folder’s registry should look like below.

Browse the registry key until the path:

Set the following parameters
“Encryptdata” to 1 and "RejectUnencryptedAccess" to 0

Take a reboot of your storage and SPs to make sure these changes are completely applied and in effect.

Note: Please understand the risk of modifying registry keys before modify them.

Cheers, please let me know if you have any query or feedback on this.

No comments:

Post a Comment