troubleshooting Question

Trouble disabling SMB1 and SMB2 on Windows Server 2008 and 2016

Avatar of Tim Callahan
Tim CallahanFlag for United States of America asked on
Windows Server 2016Windows OSWindows Server 2008* smbFoxPro
4 Comments1 Solution1791 ViewsLast Modified:
Hello,

For testing the performance of a legacy database application (.DBF files) I need to temporarily disabe SMB2 and 3 on WS 2008 R2 and WS 2016 (standard editions) and turn off opportunistic locking (Oplocks.)

I have researched it a but can’t seem to get it to work – links to some related articles below.

On the servers I think I just need to disable SMB2 since MS states SMB3 is automatically disabled when SMB2 is because they share the same stack.

What I’ve found is that the following procedure done on the server should work but it does not seem to.

1.      Reboot

2.      Show SMB1 running:
C:\ >sc query mrxsmb10
SERVICE_NAME: mrxsmb10
TYPE               : 2  FILE_SYSTEM_DRIVER
STATE              : 4  RUNNING
                        (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x0

3.      Show SMB2 running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE               : 2  FILE_SYSTEM_DRIVER
STATE              : 4  RUNNING
                         (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x0

4.      Update the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB2
REG_DWORD: 0 = Disabled

5.      Reboot

6.      Show that SMB2 is still running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE               : 2  FILE_SYSTEM_DRIVER
STATE              : 4  RUNNING
                        (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x0

For disabling Oplocks (which seems to be forced to enabled in SMB2) I made the following registry changes:

HKLM\SYSTEM\CurrentControlSet\services\mrxsmb\Parameters\OplocksDisabled REG_DWORD 0x1

HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\EnableOplocks REG_DWORD 0x0

I do not know how to test if these settings are effective.

Thanks,
Tim

Links:

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

https://support.microsoft.com/en-us/help/296264/configuring-opportunistic-locking-in-windows

https://www.experts-exchange.com/questions/28100582/Issues-disabling-SMB-2-0-on-Windows-Server-2008.html
ASKER CERTIFIED SOLUTION
Pavel Celba
All in One

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros