You may fail to connect to the file share (due to non-secure share) if the SMB protocols (i.e., SMBv1 and SMBv2) are not properly configured. Moreover, the outdated OS of your system or outdated firmware of the router may also cause the issue at hand.
The issue arises when the user tries to access a file share either by using the File Explorer or while adding the PC to a domain network. In some cases, the user encountered the issue when accessing a storage device directly attached to the router. Usually, the following type of message is shown:
“You can’t connect to the file share because It’s not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack. Your system requires SMB2 or higher”
Before moving on to the solutions to fix you can’t connect to the file share because it’s not a secure issue, check if a network application (like Riverbed) is not causing the issue (in a corporate network environment). Also, check if the firewall of your networking equipment is not enabling the SMBv1 protocol (like the Fiber Interconnect’s firewall tends to enable the SMBv1 protocol). Last but not least make sure the startup type of the following services is configured to Automatic (Delayed Start), make sure to restart the systems afterward (i.e., the host and clients systems):
- Computer Browser (Browser)
- Function Discovery Provider Host (FDPHost)
- Function Discovery Resource Publication (FDResPub)
- Network Connections (NetMan)
- UPnP Device Host (UPnPHost)
- Peer Name Resolution Protocol (PNRPSvc)
- Peer Networking Grouping (P2PSvc)
- Peer Networking Identity Manager (P2PIMSvc)
Solution 1: Re-enable the SMBv1/SMBv2 Protocols
The SMBv1 protocol, due to its security loops (was used to spread the massive ransomware attack) is usually not liked by the system admins and is usually kept disabled on the systems. The issue at hand can be caused by the SMBv1 protocol if it is enabled on the server/host machine. In this case, disabling the SMBv1 protocol on the server/host system (if that is not an option, then enabling the SMBv1 protocol on the client machine) may solve the problem.
- Click Windows, type: Control Panel, and select Control Panel.
- Now click on Programs and open Turn Windows Features On or Off.
- Then, on the server/host machine, uncheck the SMB 1.0/CIFS File Sharing Support Option and SMB Direct (you may have to enable SMBv2 which is discussed below). If that is not an option, then, on the client machine, enable the SMBv1 features.
- Now apply the changes and check if the secure connection issue is resolved.
You can also use the following commands in the PowerShell (Admin) to enable or disable the SMBv1/SMBv2 protocols:
To enable SMBv1:
Get-WindowsOptionalFeature -Online -FeatureName smb1protocol
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb10 start= auto
To disable SMBv1:
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
To enable SMBv2
Set-SmbServerConfiguration -EnableSMB2Protocol $true
Solution 2: Update the OS of the Host/Client Systems and Firmware of the Router
SMBv1 is an ancient protocol and is not liked by many modern days OS. The issue at hand could be a result of an outdated OS of the host/client systems or outdated firmware of the router device. In this context, updating the OS of the host/client systems and the firmware of the router may solve the problem.
- Manually update Windows (or the OS) of the host/client systems (or use a patch released by the OS manufacturer for the particular OS like KB KB4284848 for the Windows Server 2003) and check if the secure connection issue is resolved.
- If not, perform an update of the router firmware (so that it supports the SMBv2 protocol) and check if the file share issue is resolved.
If the issue persists, check if an OEM utility (like WD Link) allows you to access the file share. If the issue is still there, then check if disabling the IPv6 protocol sorts out the problem. You may also try to open the network share by entering the IP address of the share in the Run command box e.g., \\192.168.10.1 but make sure the IP address is not blocked in the Hosts file (it will be better to add the IP of the host in the Hosts file of the client system).