Problem: Windows 10/11 Clients cannot discover UCS server via Network view

Knowledge Base Community
, , , , ,
1

Windows 10/11 Clients cannot discover UCS server via Network view

Problem

A UCS Server is no longer displayed in the Network section of Windows Explorer on Windows 10 and Windows 11 clients.

  • Accessing shares manually (e.g. via \\<server-name>) works without issues
  • The UCS server itself does not appear in the Windows Network view
  • The behavior is identical on both Windows 10 and Windows 11 systems

Root Cause

The issue is caused by changes in network discovery mechanisms in modern Windows versions.

Older Windows versions relied on SMBv1-based network browsing to discover file servers. However:

  • SMBv1 has been deprecated and disabled by default in Windows since version 1809 (and earlier in some updates)

  • This was done for security reasons, as SMBv1 is considered insecure

  • Re-enabling SMBv1 is not recommended, as it:

    • Reduces system security
    • May be reverted during Windows feature updates

Modern Windows systems now use WS-Discovery (WSD) instead of SMBv1 for network discovery.

However:

  • Samba does not provide WSD support by default
  • Therefore, UCS (as a Samba-based system) is not discovered automatically
  • Windows systems can still discover each other, but not Samba servers

Investigation

Further details and background information can be found in the following discussion:

Key findings:

  • No network discovery via SMB2 or SMB3
  • Windows relies on WS-Discovery (UDP/TCP 3702 and 5355)
  • UCS/Samba requires an additional service to participate in this discovery mechanism

Solution

To restore visibility of the UCS server in the Windows Network environment, install and configure a WS-Discovery daemon.

Two implementations are available:

  • wsdd (Python-based)
  • wsdd2 (C-based, more lightweight)

In this example, wsdd2 is used.

Step 1: Install wsdd2

univention-install wsdd2

Step 2: Configure firewall rules

Allow the required WS-Discovery ports:

ucr set security/packetfilter/tcp/5355/all=ACCEPT
ucr set security/packetfilter/udp/5355/all=ACCEPT
ucr set security/packetfilter/tcp/3702/all=ACCEPT
ucr set security/packetfilter/udp/3702/all=ACCEPT

Step 3: Restart firewall service

systemctl restart univention-firewall.service

Result

After completing these steps:

  • The UCS server becomes visible again in the Windows Network environment
  • Shares can be accessed directly via Explorer without manual UNC path entry
  • No need to enable SMBv1 on clients

Notes

  • This solution applies equally to Windows 10 and Windows 11
  • Avoid enabling SMBv1 unless absolutely necessary due to security risks
  • wsdd2 is not part of the officially documented maintained UCS packages, but works reliably in practice

Inspired by @ahrnke Thx <3