asked on Trouble disabling SMB1 and SMB2 on Windows Server 2008 and 2016
Hello,
For testing the performance of a legacy database application (.DBF files) I need to temporarily disabe SMB2 and 3 on WS 2008 R2 and WS 2016 (standard editions) and turn off opportunistic locking (Oplocks.)
I have researched it a but can’t seem to get it to work – links to some related articles below.
On the servers I think I just need to disable SMB2 since MS states SMB3 is automatically disabled when SMB2 is because they share the same stack.
What I’ve found is that the following procedure done on the server should work but it does not seem to.
1. Reboot
2. Show SMB1 running:
C:\ >sc query mrxsmb10
SERVICE_NAME: mrxsmb10
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
3. Show SMB2 running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
4. Update the registry:
HKEY_LOCAL_MACHINE\SYSTEM\
Registry entry: SMB2
REG_DWORD: 0 = Disabled
5. Reboot
6. Show that SMB2 is still running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
For disabling Oplocks (which seems to be forced to enabled in SMB2) I made the following registry changes:
HKLM\SYSTEM\CurrentControl
HKLM\SYSTEM\CurrentControl
I do not know how to test if these settings are effective.
Thanks,
Tim
Links:
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
https://support.microsoft.com/en-us/help/296264/configuring-opportunistic-locking-in-windows
https://www.experts-exchange.com/questions/28100582/Issues-disabling-SMB-2-0-on-Windows-Server-2008.html
For testing the performance of a legacy database application (.DBF files) I need to temporarily disabe SMB2 and 3 on WS 2008 R2 and WS 2016 (standard editions) and turn off opportunistic locking (Oplocks.)
I have researched it a but can’t seem to get it to work – links to some related articles below.
On the servers I think I just need to disable SMB2 since MS states SMB3 is automatically disabled when SMB2 is because they share the same stack.
What I’ve found is that the following procedure done on the server should work but it does not seem to.
1. Reboot
2. Show SMB1 running:
C:\ >sc query mrxsmb10
SERVICE_NAME: mrxsmb10
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
3. Show SMB2 running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
4. Update the registry:
HKEY_LOCAL_MACHINE\SYSTEM\
Registry entry: SMB2
REG_DWORD: 0 = Disabled
5. Reboot
6. Show that SMB2 is still running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
For disabling Oplocks (which seems to be forced to enabled in SMB2) I made the following registry changes:
HKLM\SYSTEM\CurrentControl
HKLM\SYSTEM\CurrentControl
I do not know how to test if these settings are effective.
Thanks,
Tim
Links:
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
https://support.microsoft.com/en-us/help/296264/configuring-opportunistic-locking-in-windows
https://www.experts-exchange.com/questions/28100582/Issues-disabling-SMB-2-0-on-Windows-Server-2008.html
Windows Server 2016Windows OSWindows Server 2008* smbFoxPro
Last Comment
Tim Callahan
ASKER
Thanks. I was able to do this on Windows Server 2016 using Powershell:
Detect: Get-SmbServerConfiguration
Disable: Set-SmbServerConfiguration
Enable: Set-SmbServerConfiguration
However these are not available for Windows Server 2008.
If I understand you correctly for Windows Server 2008 I should just make the above three registry changes.
Is there a way to detect that SMB2 is disabled on the 2008 server once these changes are made? That would help to know for sure.
Detect: Get-SmbServerConfiguration
Disable: Set-SmbServerConfiguration
Enable: Set-SmbServerConfiguration
However these are not available for Windows Server 2008.
If I understand you correctly for Windows Server 2008 I should just make the above three registry changes.
Is there a way to detect that SMB2 is disabled on the 2008 server once these changes are made? That would help to know for sure.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
In reading more carefully, I see that the powershell commands I need are in the docs as you first indicated and that they are registry edit commands as you say (which I list here for completeness.)
Detect: Get-ItemProperty HKLM:\SYSTEM\CurrentContro
Disable: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentContr
Enable: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentContr
Thanks, Tim
Detect: Get-ItemProperty HKLM:\SYSTEM\CurrentContro
Disable: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentContr
Enable: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentContr
Thanks, Tim
To stop SMB2/3 on workstation you have to disable the appropriate windows service and restart.
To stop SMB2/3 on the server update registry (or use PowerShell commands) and restart.
SMB1 and oplocks are slightly different but again they are described sufficiently.
BTW, I would guess no disk mapping will be available when you disable both SMB1 and SMB2