Get Support
Forums
Knowledge Base
Data Recovery
Security Notices
Downloads
Warranty Information
Find and download the latest product firmware, utility or driver.
Partner Program
Red Rewards
Deal Registration
Case Studies & White Papers
Webinars
Helpful Tips & Articles
About Buffalo
Buffalo Compliance Information
Trademarks
Legal
Press Releases
Search by either entering keywords/KB_ID or by selecting a category.
OR
KB ID: 6058
Last Updated: 10/01/2025
Applies To: TeraStation™ WS5020 IoT 2025, Windows 11 (24H2 and later)
This KB provides the workflow for configuring SMB over QUIC on TeraStation™ WS5020 IoT 2025, enabling secure, "VPN-less" file share access for remote users.
Prerequisites • Server/Client: A TeraStation WS5020 IoT 2025 NAS and a Windows 11 (24H2+) client. • Public DNS Name: A registered public domain name that will point to your server (e.g., share.yourcompany.com). • Certificate Authority-issued public SSL Certificate installed on the WS5020 IoT 2025 NAS • Firewall Access: You must be able to open UDP Port 443 inbound to your file server from the internet. • WS5020 IoT 2025 NAS and Windows 11 (24H2+) client are joined to an Active Directory domain (recommended) • Windows Admin Center (WAC) installed.
For more details above, please refer to the Microsoft KB.
Share Setup • Create a new file share that will be accessed over the internet. • Configure the share-level permissions. For a simple setup, you can grant "Full Control" to "Authenticated Users" and rely on NTFS permissions for finer control. • Configure the file system (NTFS) permissions for the folder. Specify which domain users or groups can read, write, or modify files.
Enable SMB over QUIC in Windows Admin Center 1. Connect to your WS5020 IoT 2025 NAS in Windows Admin Center (WAC). 2. Navigate to Files & file sharing. Select the File shares tab then select File server settings. 3. Under File sharing across the internet with SMB over QUIC, click Configure. 4. Select your public SSL certificate from the dropdown list. Then select the server addresses to use. In this demonstration we disabled KDC Proxy to use NTLM authentication for simpler setup. Click Enable to finish configuration.
Client Connection From a remote Windows 11 client, open Command Prompt and run:
net use Z: \\\ /TRANSPORT:QUIC
Replace Z: with your desired drive letter. Example: net use Z: \\share.yourcompany.com\Public /TRANSPORT:QUIC
User name: Enter the username in the format username@DOMAIN
The drive should now be mapped and accessible in File Explorer.
Troubleshooting Common Errors • Error: "A computer policy does not allow the delegation..." in WAC. o Solution: On the machine running WAC, run gpedit.msc. Go to Computer Config -> Admin Templates -> System -> Credentials Delegation. Enable Allow Delegating Fresh Credentials and add WSMAN/ to the server list. • Error: "Unable to add... as an alternate name for the computer." o Solution: Check AD for a stale computer object with the server's old name and delete it. Use netdom computername /remove: followed by /add: to reset the name. Reboot the server. • Symptom: Unable to reach Domain controller for authentication Solution: Register the Service Principal Name (SPN) on a Domain Controller Open an elevated Command Prompt on a Domain Controller and run: setspn -S cifs/ Example: setspn -S cifs/share.yourcompany.com FileServer01
This site uses cookies in order to improve your user experience and to provide content tailored specifically to your interest. By continuing to browse our site, you agree to our use of cookies. You can view our Privacy Notice here.
