Problems connecting to Windows Server 2003 shares from within MacOS X

Although I’ve been connecting to Windows XP clients with no issues, each time I attempted to connect to my Windows Server 2003 (SP1) server from the Finder in MacOS X 10.4.7, I was greeted with the following message:

The alias servername could not be opened because the original item cannot be found.

There was nothing wrong with the alias (it was created automatically by OS X when browsing the network) but, as Drew McLellan outlines in his blog, the issue turns out to be related to digitally-signed SMB traffic, which must be disabled.

Strangely, the option to digitally sign communications (if client agrees) didn’t seem to make any difference, so it really is necessary to disable digitally signed communications (always). Although it would seem logical to make the change via Group Policy, this is a computer setting (so is not applied to a user account) and as Macs are not domain members they are not affected by group policy either (although the policy for the target server could be set at domain level)

Beware that if editing local policies, these are overridden by site and domain-level policies; however in this case, it’s probably best to make the change only on those servers to which access is required from a computer that doesn’t support SMB signing as the need for digitally signed communications is intended to prevent man-in-the-middle attacks from occuring and disabling this represents a security risk. Further details can be found in the Microsoft Windows Server TechCenter.

Leave a Reply