I have spent the better part of yesterday finding out why a Windows 11 client couldn't connect to a specific SMB2 configured Samba server while other Windows 11 could. After a lot of digging and checking the firewall rules on the Windows side, I found out that Windows 11 had different rules for outbound SMB depending on what updates that were applied. Applying an "Allow Outbound SMB for Domain traffic" on the problematic client solved the problem. The 2 screenshots on my Gdrive show the difference in firewall rules, in spite of both being 24H2. The one with no applied exceptions are newly installed (no recent patches) while the second one has most exceptions as default. Those systems have been up and running for approx 6 months so quite a few windows updates has been appliedl https://drive.google.com/drive/folders/1QaCBAnxY-zJAgYo1apMVK9hnVLi1fm6X?usp=sharing I found this explanation on Google Windows 11 24H2 and Windows Server 2025 have different default outbound SMB firewall rules, requiring SMB signing by default for improved security, which can break compatibility with older systems. Previous versions automatically handled inbound NetBIOS ports 137-139, but 24H2 removes this, only allowing the minimum ports required for modern SMB2+. You must manually re-enable older ports like 137-139 or adjust SMB signing settings if you need to connect to legacy systems. Key changes in 24H2 for outbound SMB rules SMB signing is required by default: All outbound SMB connections now require signing by default, a change from older versions where it was only required for specific connections like SYSVOL and NETLOGON shares. NetBIOS ports removed: The default firewall rules no longer include ports 137-139, as modern SMB2+ does not use them. Insecure guest logons disabled: Anonymous or insecure guest access to shares is blocked by default, which can cause issues with older NAS devices or servers. How to address these changes For legacy compatibility: If you need to connect to older systems that don't support SMB signing or guest access, you must manually create firewall rules to allow the necessary ports and adjust the SMB signing and guest access settings. Re-enable NetBIOS ports: You may need to manually create an inbound rule to allow SMB ports 137-139 if a legacy SMB1 server is required. Adjust SMB signing: The outbound rule exceptions for "Allow the connection if it is secure" may need to be adjusted in your security connection rules to accommodate older devices. Is this "SMB signing" something that should be applied on the Samba side or is it purely a Windows thing? -- ------ -------------------- 8 ------------------ ------ "A wise man once told me - Any idiot can do backups, but it takes a genius to successfully restore" Anders ?stling +46 768 716 165 (Mobil)