Wireshark shows SMB Request is administrativly blocked, yet all firewall rules allow SMB. What gives?

This is a continuation of todays earlier thread I posted. I cannot link to it but it might be found close to this one on the windows forum.

Anyway, like the title suggests, im trying to figure out why SMB is being blocked, doing a wireshark capture of requests to my smb server while im trying to connect to it show

(Destination Unreachable) Communication Administratively Filtered

But in my anti-virus (es-et) and windows, all show that file and printer sharing are enabled and allowed to go through.

So my question is what is blocking my SMB requests since the firewall clearly allows it?
Im guessing something in group policies?

The administratively filtered packets are ICMP, not TCP. Make sure the subnet or interface is trusted. In the default Windows firewall you would change the interface from Public to Private.

That is interesting. I missed that but I still assumed it was apart of the SMB connection request as these packets only occured when I was trying to connect to my network drive in file exporer.

I Just tried to ping my server and the ICMP packets were allowed to go through.

So why are these ICMP packets administratively blocked when I try to map a network drive from file explorer?

Another note, I did make sure my ethernet adapter (the only one im using) is set to private(trusted) Please let me know if I misunderstood, but here are three sources saying that adapter should be trusted. (i cannot put more than two embedded images in a post, youre just going to have to trust me on the other two sources)

I would start clean from scratch.

Are you using two firewalls at the same time? Turn everything off for a while and then watch for communication. The port you should be interested in is TCP 445 outgoing from pc to server.

Make sure the smb server is not blocking communication.

Do you have netbios over tcp disabled? If not turn it off.

From the explorer window \\server_smb_ip

Is smb traffic blocked or are you just paying attention to what wireshark says?

Personally, I prefer Comodo Firewall over both of the above, but that’s an irrelevant detail. :wink:

Thank you for the firewall suggestion.

I turned off my firewall. I did as requested and ran wireshark listening to TCP 445, nothing came over the wire when I attempted to connect via file explorer as shown using the IPv4 of my smb server.

I have not gone out of my way to check the logs on my SMB server to see if its blocking my client because I have other clients on the same network who are able to connect to the smb server and use it.

I have ran some commands from the suggestions of another forum user (I have a parallel forum post here on this issue) and I was able to get something now after running commands from this list in a admin admin power shell, rebooting.


Here is what wireshark now says with tcp 445 when attempting to connect to my smb server.

The issue i still have is that this happens: “turn off file and printer sharing” keeps automatically being selected when I try to select “turn it on”


I always have it turned off for both profiles. This should not affect communication with the smb server. These are the options when you want to share the client’s resources with the network, and not connect the client to the server.

Check NetBIOS over TCP/IP personally I always have it turned off.
Check from the smb server side if packets are actually arriving.

Listening on tcp port 445 is done on the server side. The client initiates outgoing traffic to the server on tcp 445. So on the pc you should see an attempt to connect to smb-ip and tcp 445. If you see an attempt to initiate communication then you need to make sure that not only packets are leaving the pc but also reaching the server. If you confirm that the traffic is leaving the pc but not reaching the server then the problem is somewhere in the middle.

You can also try disabling IPv6.
I understand that ubiquiti is your smb server?

Maybe it will be faster for you to reinstall, because you probably have a lot of mess in the sys. :wink:
And if it’s definitely the client’s fault, then we’re all going to play a little guessing game. And we don’t know how deeply your system is affected by your possible changes.

This is what it looked like, I set it to disabled.

Though im not so sure it was causing the issues. Ill resart soon and confirm.

with all due respect, to you and the gods of troubleshooting IT, I do not think my issue is somewhere in the middle, or on my server side.

My server is a 11th gen intel processor running redhat 8.6, custom configured SMB profiles and mapped drives to folders.

Other clients on my network (right now) can talk to that server and transfer files just fine. I did do changes on my server that night a few nights ago when I messed up my windows client but like I said, even after those changes on the server (enforce encryption, signing, and a minimum SMB2 protocol) other clients can still talk to the server.

Re-installing will be a silver bullet in this situation, the only cost is that itll take my system out of commission for two days while I reinstall and reconfigure everything that needs reconfiguring. (maybe a day if thats all I do).

But im still going to hold out for the fact that a few more sleepless nights or an angel on this form will help me figure out the one powershell command that turns on all the lights again.

Thank you so much for all your help thus far

Set netbios to disabled. First option from the bottom.
I don’t know if that will help. I’m speculating in the dark because I don’t have the gift of clairvoyance. :wink:

Ok no problem. If you are sure it’s ok, it’s ok. You have access to the equipment, I can only speculate where the problem may be.
Typically, remote diagnosis is done by elimination, step by step, if the problem is not immediately obvious.

Since you are 100% sure that the problem is not on the server side and somewhere in the middle of the network, then all you have to do is focus on your pc…

You expect a magic command… Hmm, maybe tell us what steps you were taking before it stopped working. Let’s go back to the beginning step by step. :wink:

My server is a exynos5422 samsung processor running debian 11.5

Its all documented in my original post. (darn it i cant post links!!!)

please find it on my profile, its pretty empty there.

I have a onetab link there too (idk how i could post that but its there) of all the guides i was following while stumbling around with powershell figuring out how to turn off SMB2. long story. original post covers it all

You know, it would be a good idea to always put all information per thread. Not everyone has time to track jumps between threads. :wink:

i know, but weve already gotten this far with all the comments on both posts, and i have so many links on my first post and this forum wont allow me to post links in posts. i have no idea how it happened the first time, i think a mod had to approve it, but now i have to go and coordinate with mods to make a mega post. idk… maybe in a day or so if this isnt soon resolved. then ill delete it all i promise

Resolved. I reset windows 10.