[German]Since Microsoft released update KB4503276 of June 2019, users of macOS have had problems accessing shares on Windows machines (clients and servers). SMB1 and LTLM are causing problems. Apple has now published a KB article on this topic.
Update KB4503276 for Windows Server 2012 R2
Update KB4503276 is the June 2019 rollup update for Windows 8.1 and Windows Server 2012 R2 that was released on June 11, 2019. I introduced the update in the blog post Patchday: Updates for Windows 7/8.1/Server (June 11, 2019).
A user feedback about Windows 10
I had noticed that there were issues. German blog reader Steffen had reported issues accessing Windows 10 shares from Mavericks (macOS 10.9.5) mid-June 2019:
Macs with Mavericks 10.9.5 can no longer access SMB shares.
What could I do? Enabling the SMB v1 protocol didn’t help.
I had already pointed out in a replay to the comment that SMBv1 is actually a constant trouble maker in macOS. Steffen’s feedback was that he uninstalled the Windows update and the accesses are working again. He hadn’t revealed any further details.
Apple has published a support article
I became aware of this topic again at the weekend via the following tweet by Ned Pyle (Microsoft).
For MacOS users seeing problems connecting to Windows Servers over SMB1 and NTLM after applying MS June Update KB4503276, Apple has a KB now:https://t.co/0qyfAhYTRv
— Ned Pyle (@NerdPyle) August 9, 2019
Apple has released on August 9, 2019 the support article your Mac can’t use NTLM to connect to a Windows server. They are addressing that macOS has issues when connecting to Windows Server, if NLTM credentials are used. The problem: macOS Mojave and earlier macOS versions may not be able to use NTLM credentials to connect to CIFS or SMB1 shares on a server that received Microsoft Windows Server updates dated June 11, 2019 or later.
After entering the user name and password, a warning message appears indicating that a problem has occurred with the connection to the server. It is suggested to check the server name or IP address and then try again. If this information is correct, Apple suggests the following:
- Use Kerberos authentication to connect to the server. This requires the share DNS name to be used instead of the IP address.
- Under macOS Mojave, High Sierra, Sierra, El Capitan or Yosemite, users should use SMB 2 or SMB 3 as protocols to connect to the server.
- Enable signing of the Server Message Block (SMB) on the server. On an SMB1 server, enabling signing can affect performance.
The connection can be established with SMBv2/v3, for example, by selecting Go > Connect to Server in the menu bar of the Finder. Then enter an smb:// address for the server.