Windows Vista / Windows 7 & IBM iSeries IFS Mapped Drive

Print Friendly

If you are using Windows Vista or Windows 7 and need to map a drive to an iSeries IFS directory you will need to follow the steps below:

  1. Open the Local Security Policy editor: Start – Run – “secpopl.msc” – Ok
    image
  2. If a User Account Control window appears, click [Continue].
  3. Expand Local Policies – Security Options
    image
  4. Double-click  “Network security: LAN Manager authentication level”
  5. Change the value to “Send LM & NTLM – use NTLMv2 session security if negotiated”
    image

 

 

This is documented on IBM’s website: http://www-01.ibm.com/support/docview.wss?uid=nas2bb4cf3cc6d1a859e862573900041ed36.

Another install-related issue concerns installing from the     
applied System i PTF.  Once the PTF is applied, you can install
this service pack or complete merged image from the network   
share called QIBM on your System i.  Accessing this share uses 
the LAN Manager component of Windows, and NetServer support   
on the System i.  In Windows Vista, Microsoft has changed the 
default negotiation method for such connections, so that, at   
this time, accessing shares on the System i may fail. One way 
to work around this problem is to change a policy setting on   
the PC.  This action requires administrator authority, and can 
be performed as follows:                                       
  1) Click Start, click All Programs, click Accessories, click 
     Run; then type "secpol.msc" (without the quotes) in the   
     Open text box, and click OK.                             
  2) If a User Account Control dialog box appears. verify that 
     the details shown match the request you initiated (you are
     starting the Microsoft Management Console), and if so,   
     click Continue.                                           
  3) From the Local Security Settings console tree, expand     
     Local Policies, then click Security Options.             
  4) In the right pane, scroll down to the setting called     
     "Network security: LAN Manager authentication level       
     Properties" and double-click it.                         
  5) Note the current value.  The default value at the time of 
     this writing is "Send NTLMv2 response only".  If the value
     is not as follows, change it to be:                       
     "Send LM & NTLM-use NTLMv2 session security if negotiated"
     then click OK, and exit the Local Security Settings       
     console. You should now be able to access network shares 
     on the System i.                                         
The last issue related to install has to do with installing   
from a network share.  Testing has shown that, in some cases, 
installing System i Access for Windows on a Windows Vista PC   
from a network share fails.  In such cases, copying the files 
from the network share to the PC’s local hard disk, then       
re-starting the installation from the local hard disk,         
completes successfully.                                       
Alternatively, you can map a drive to the network share in a   
Command Prompt box that was opened as administrator and start 
the installation from the mapped drive.                       
To open a Command Prompt box as administrator, click Start,   
then All Programs then Accessories, right-click the Command   
Prompt icon and choose Run as administrator. This action will 
prompt you to allow the Command Prompt program to run elevated.
At the Command Prompt, type in the following command to map the
network drive:                                                 
  net use X: \server_nameshare_name                         
where X: is the drive you want to map, server_name is the     
network server’s name and share_name is the name of the shared 
directory. If you are installing from a System i, you would   
type in                                                       
  net use X: \system_i_nameQIBM                             
Then change to the mapped drive in your Command Prompt box and 
run the setup program from there. If you are mapping a drive   
to the QIBM share of your System i, these are the steps you   
should follow for a 32-bit installation of System i Access     
for Windows V6R1:                                             
  X:                                                           
  cd ProdDataAccessWindowsImage32                           
  setup.exe                                                   
If you are installing on AMD64 or on Itanium hardware use     
Image64a or Image64i instead.                                 
The cause of this failure is being investigated.

Stewart Schatz

Location: Missoula, MT USA

What I like to do: Spend Time With Family, Play Basketball, Coach Basketball, Hunt, Hike, etc.

More Posts - Website

Follow Me:
TwitterLinkedInGoogle Plus

6 comments

  1. Garth says:

    Thank you! Since moving to Windows 7, mapping drives to iSeries shares, not just IFS, has been iffy at best. Sometimes I would have success, sometimes I would just get prompted for credentials again, and sometimes I would receive authority errors.

    In some cases, I could map as a super user but not as a regular user on one system but not another, even though the permissions were the same as far as I could tell.

    Since trying this fix, so far these sporadic, inconsistent failures have ceased. That’s what I get for looking for a solution on the iSeries when, of course, it is a Windows issue. Doh!

    • Stewart says:

      Hey, Garth! Glad this helped. There are always many moving parts when trying to get different technologies to talk to one another, but when Microsoft has to talk to IBM it seems like there are more than usual.

      Thanks for the visiting the site!

  2. Dean says:

    Hi

    I have tried the NTLM security change (applied via GPO to all PCs’) but still having some issues on new Windows 7 Enterprise PC’s in which I keep getting access denied if trying to map using either the windows explorer or net use command. Though strangely it works OK on my Windows 7 Professional PC. Beside being Professional or Enterprise I cannot see any other differences to stop this working! Have you come across any other solutions?

  3. Mitch Hall says:

    Hi Stewart,

    I have a similar problem.

    I have one Windows user who can’t map a IFS drive regardless of what PC he logs onto the Windows network with. His credentials aren’t accepted. If he jumps on another PC he hits the same problem so I don’t think it’s any local windows policy.

    If we use another iSeries user credentials to authenticate when mapping the Windows Network drive to the IFS folder share it works and the drive is successfully mapped.

    Because we’re mapping Windows Network Drives to IFS Folder Shares all user’s have *IOSYSCFG authority.

    I checked and this iSeries user is not disabled in the i5/OS NetServer.

    I even granted the problem user all permissions to the IFS folders we’re creating the IFS Folder Shares over.

    Any idea what else I can lok at?

    Best Regards
    Mitch Hall

    • Wow, Mitch! It looks like you have already taken all the steps that I would know to try. Have you tried recreating the user profile? That’s the only thing that I can think of to try.

      Let me know how it goes.

Leave a Reply

Your email address will not be published. Required fields are marked *