While testing my software for compatibility with Windows Vista during the last couple of years I’ve noticed that Vista often does not want to play nice with other computers on my LAN. If there are only XP computers connected, everything was fine: they could see each other, I could move files between their shared folders, etc., no problems. However, should I start a computer with Windows Vista on it, more often than not that computer would not connect to others. When that happened in the past, I usually was in the middle of some other work that I did not want to interrupt, so I would just move the files using a USB flash drive and be done with it. When it happened yesterday, however, I was fed up with it and decided to get to the root of the problem.
The problem was, when I opened the Network folder on the Vista computer, I could see all other computers on the same LAN, as it was supposed to be. However, an attempt to open any of them would either present me with a login box (and no user name and password I tried would let me connect to that computer), or an error message would appear saying “Windows cannot access \\DEV. Check the spelling of the name…”, (where DEV is another computer on the LAN running XP) with the error code 0×80070035 “The network path was not found”. Pressing the Diagnose button would result in the message “DEV is not a valid host name”. Which kind of did not make sense because DEV did show up in the Network folder.
I’ve spent a couple of hours googling around and trying every troubleshooting suggestion I could find, like:
- Is the name of the workroup correct?
- If Network discovery and File sharing enabled?
- Is there something to share from the Vista computer (like a folder on its hard drive)?
- Does turning the firewall temporarily off make a difference?
- Does rebooting the Vista computer help?
Nothing helped, the Vista computer could not connect to others. After googling some more, I’ve found the solution. (Ironically, it’s a suggestion for the Linux users, but it worked for me, too):
- Open the Local Security Policy console (it’s on the Start – Administrative Tools menu)
- Navigate to Local Policy – Security Options
- Locate the entry named “Network security: LAN Manager authentication level”
- Change the value to “Send LM and NTLM responses”
After I did that, the Vista computer magically started to recognize the presence of other computers and connect to them, just like XP computers always did.
What exactly did the policy change do? It allowed Vista to use a less strong network authentication protocol. Why was it necessary? Apparently, my router (Buffalo AirStation) that runs a variation of Linux, does not provide full support for the NTLM authentication. It is it dangerous to allow the LM responses? It would be dangerous if I allowed unknown persons to plug into my LAN and eavesdrop on the traffic (by doing that they could recover my Windows password), but no one but me is connecting to my LAN. I have to make a note to myself: when I upgrade the router, I need to try to turn off the LM responses on all computers and see if my network would work OK.
Hope this helps someone.
Update: (September 8, 2008)
If you have one of the Home editions of Vista that doesn’t come with the Local Security Policy tool, you can change this policy manually with the Registry Editor: navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa, and set the REG_DWORD value named LmCompatibilityLevel to 0. This is equivalent to setting the “Send LM and NTLM responses” value as described above.