We help IT Professionals succeed at work.
Get Started

Trouble disabling SMB1 and SMB2 on Windows Server 2008 and 2016

1,780 Views
Last Modified: 2017-11-10
Hello,

For testing the performance of a legacy database application (.DBF files) I need to temporarily disabe SMB2 and 3 on WS 2008 R2 and WS 2016 (standard editions) and turn off opportunistic locking (Oplocks.)

I have researched it a but can’t seem to get it to work – links to some related articles below.

On the servers I think I just need to disable SMB2 since MS states SMB3 is automatically disabled when SMB2 is because they share the same stack.

What I’ve found is that the following procedure done on the server should work but it does not seem to.

1.      Reboot

2.      Show SMB1 running:
C:\ >sc query mrxsmb10
SERVICE_NAME: mrxsmb10
TYPE               : 2  FILE_SYSTEM_DRIVER
STATE              : 4  RUNNING
                        (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x0

3.      Show SMB2 running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE               : 2  FILE_SYSTEM_DRIVER
STATE              : 4  RUNNING
                         (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x0

4.      Update the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB2
REG_DWORD: 0 = Disabled

5.      Reboot

6.      Show that SMB2 is still running
C:\ >sc query mrxsmb20
SERVICE_NAME: mrxsmb20
TYPE               : 2  FILE_SYSTEM_DRIVER
STATE              : 4  RUNNING
                        (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN
WIN32_EXIT_CODE    : 0  (0x0)
SERVICE_EXIT_CODE  : 0  (0x0)
CHECKPOINT         : 0x0
WAIT_HINT          : 0x0

For disabling Oplocks (which seems to be forced to enabled in SMB2) I made the following registry changes:

HKLM\SYSTEM\CurrentControlSet\services\mrxsmb\Parameters\OplocksDisabled REG_DWORD 0x1

HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\EnableOplocks REG_DWORD 0x0

I do not know how to test if these settings are effective.

Thanks,
Tim

Links:

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

https://support.microsoft.com/en-us/help/296264/configuring-opportunistic-locking-in-windows

https://www.experts-exchange.com/questions/28100582/Issues-disabling-SMB-2-0-on-Windows-Server-2008.html
Comment
Watch Question
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE