Application run from network share on Windows 10 cannot connect to SQL Server

Question

Windows 10 Build 17134 (April 2018) has started to affect users.

Software:

• is run from a network share (e.g. \\hydrogen\Contoso\Grobber.exe)
• connects to SQL Server database
• using OLEDB

It fails with the error:

[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied

If the software is run from the local PC it works fine.

Using ADO

I've tried using ADO COM objects:

String connectionString = "Provider=sqloledb;Data Source=screwdriver;Integrated Security=SSPI;";

Connection cn = CreateComObject("ADODB.Connection") AS Connection;
cn.Open(ConnectionString, "", "", 0);

[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied

Using OLE DB

As nobody knows, ADO is a friendly wrapper around the over-engineered OLE DB API:

String connectionString = "Provider=sqloledb;Data Source=screwdriver;Integrated Security=SSPI;";

IDataInitialize dataInit = CreateComObject(CLSID_MSDAInitialize) as IDataInitialize;
IDBInitialize provider;
dataInit.GetDataSource(nil, CLSCTX_INPROC_SERVER, ConnectionString, IDBInitializeSC, out provider);

provider.Initialize; //Actually opens the connection to the database

[DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied

And using Delphi XE6's wrapper of ADOdb

Since i use Delphi, i thought it would be useless to include a CMRE using Delphi's own object wrappers around ADODB:

program W10OleDbTest;

{$APPTYPE CONSOLE}

{$R *.res}

uses
  System.SysUtils,
  ComObj,
  ADOdb,
  ADOInt,
  ActiveX,
  WinApi.OleDb;

var
    cs: string;
    conn: TADOConnection;
begin
    conn := TADOConnection.Create(nil);
    conn.ConnectionString := 'Provider=sqloledb;Data Source=screwdriver;Integrated Security=SSPI;';
    WriteLn('Opening connection to database using TADOConnection...');
    try
        conn.Open;
        WriteLn('Successfully connected to database using TADOConnection');
    except
        on E:Exception do
            WriteLn('Exception connecting to database using TADOConnection: '+E.Message);
    end;

    Writeln('Press enter to close.');
    ReadLn;
end.

What is Windows 10 doing that it's breaking application - and how do i tell it to stop it?

• Client PC: Windows 10 Build 17134
• SQL Server: SQL Server 2005
• Network share: Windows Server 2003 R2

Looking at the release notes from Build 17134, there are no changes related to anything like this; so i assume it is a bug.

Bonus Chatter

• digitally signing the executable makes no difference
• specifying SQL Server by IP address (rather than name) makes no difference
• running the application as an administrator makes no difference
• turning off Domain, Public and Private firewall makes no difference
• turning off Windows Defender makes no difference
• turning off Windows Defender Real-time protection makes no difference

SMB version 1

It seems to be an unintended security feature (i.e. one that i cannot disable) that prevents applications from opening network connections if they were launched from an SMB 1 (verses SMB 2, or SMB 3) share:

| SMB Version | Result    | Example of product     |
|-------------|-----------|------------------------|
| 1.5         | Fails     | Windows 2000           |
| 1.5         | Fails     | Synology NAS           |
| 2.0         | Works     | Windows Server 2008    |
| 2.1         | Works     | Windows Server 2008 R2 |

Obviously it's no good that a correctly written application fails after an update to Windows.

You can get the SMB version in use by running from a Powerhell command prompt:

> Get-SmbConnection

ServerName  ShareName  UserName      Credential    Dialect NumOpens
----------  ---------  --------      ----------    ------- --------
screwdriver Fizbang    SOVERFLOW\ian SOVERFLOW\ian 2.0.2   6
hydrogen    Contoso    SOVERFLOW\ian SOVERFLOW\ian 1.5     6

Bonus Reading

• https://changewindows.org/build/redstone4/17134/pc^🕗
• Windows 10 Version 1803 Update Breaks Some Applications (🕗)
• KB4284835: June 12, 2018—KB4284835 (OS Build 17134.112) (🕗)
• Windows 10 Fall Creators Update and Synology NAS (🕗)
• KB4034314: SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions (🕗)
• Windows 10 1803 can’t run EXE files from a network shared folders (🕗)
• [RS4:1803]Windows 10 1803 won't run ODBC SQL connected application from network (🕗)

Answer 1

It is an issue with Windows Defender, and a fix is expected for later in June (2018).

---

If an application is run from an SMBv1 share, with Windows Defender installed, the application will not be allowed to open socket connections.

Microsoft has acknowledged this a a "hot issue":

• Symptom: Some users running Windows 10 version 1803 may receive an error "An invalid argument was supplied" when accessing files or running programs from a shared folder using the SMBv1 protocol.
• Workaround: Enable SMBv2 or SMBv3 on both the SMB server and the SMB client, as described in KB2696547.

Microsoft is working on a resolution that will be available later in June.

You can also workaround the issue by installing a different anti-virus product. If you install another anti-virus product, Windows Defender will disable itself, and you can run your applications.

Note: Disabling Windows Defender will not be sufficient, as it doesn't actually disable Windows Defender. You have to install another AV before Windows Defender will actually disable itself.

---

Edit 6/28/2018 - Fixed

Microsoft has released a fix in OS Build 17134.137:

June 26, 2018—KB4284848 (OS Build 17134.137) (archive)

• Addresses an issue where some users may receive an error when accessing files or running programs from a shared folder using the SMBv1 protocol. The error is "An invalid argument was supplied".

Installed KB4284848, rebooted, and confirmed it fixes it.