Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows Server 2012 R2 / SMB 1.0 Support in Windows Server 2012 R2 / Windows Server 2016

April 2, 2018 Windows Server 2012 R2Windows Server 2016

SMB 1.0 Support in Windows Server 2012 R2 / Windows Server 2016

A new version of SMB 3 protocol was introduced since Windows Server 2012 R2 (technically, it is SMB 3.02, since SMB 3.0 appeared in Windows Server 2012). Now you can disable the driver of the legacy SMB 1.0 protocol and block its components from loading. If you disable the SMB 1.0 protocol, the outdated OS versions (Windows XP, Server 2003) and compatible clients (Mac OSX 10.8 Mountain Lion, Snow Leopard, Mavericks, earlier Linux versions) won’t be able to access shared files located on the file servers running Windows 2012 R2 / 2016.

Contents:
  • SMB versions in Windows
  • Stop Using SMBv1 Protocol
  • SMB 1.0 in Windows Server 2012 R2
  • SMB 1.0 in Windows Server 2016

SMB versions in Windows

SMB (Server Message Block, sometimes called LAN-Manager) is a network protocol for remote access to files, printers and other network services. The connection uses the TCP port 445. Different versions of the SMB protocol appeared in the following Windows versions:

  • CIFS – Windows NT 4.0
  • SMB 1.0 – Windows 2000
  • SMB 2.0 – Windows Server 2008 and Windows Vista SP1
  • SMB 2.1 – Windows Server 2008 R2 and Windows 7
  • SMB 3.0 – Windows Server 2012 and Windows 8 (added SMB encryption)
  • SMB 3.02 – Windows Server 2012 R2 and Windows 8.1
  • SMB 3.1.1 – Windows Server 2016 and Windows 10

In the network communication over SMB protocol, a client and a server use the maximum version of the SMB protocol supported both by the client and the server.

The summary table of SMB version compatibility looks like this. Using this table, you can determine the version of the SMB protocol that is selected when different versions of Windows interact:

Operation SystemWindows 10, Server 2016Windows 8.1,
Server 2012 R2
Windows 8,
Server 2012
Windows 7,
Server 2008 R2
Windows Vista,
Server 2008
Windows XP, Server 2003 and earlier
Windows 10 ,
Windows Server 2016
SMB 3.1.1SMB 3.02SMB 3.0SMB 2.1SMB 2.0SMB 1.0
Windows 8.1 ,
Server 2012 R2
SMB 3.02SMB 3.02SMB 3.0SMB 2.1SMB 2.0SMB 1.0
Windows 8 ,
Server 2012
SMB 3.0SMB 3.0SMB 3.0SMB 2.1SMB 2.0SMB 1.0
Windows 7,
Server 2008 R2
SMB 2.1SMB 2.1SMB 2.1SMB 2.1SMB 2.0SMB 1.0
Windows Vista,
Server 2008
SMB 2.0SMB 2.0SMB 2.0SMB 2.0SMB 2.0SMB 1.0
Windows XP, 2003 and earlierSMB 1.0SMB 1.0SMB 1.0SMB 1.0SMB 1.0SMB 1.0

For example, if a client computer running Windows 7 connects to a file server with Windows Server 2012 R2, the SMB 2.1 protocol will be used.

Tip. You can check the version of the SMB protocol by which the client connects to the server using the PowerShell command:

Get-SmbConnection

On the file server side, you can display a list of the versions of the SMB protocols that the clients are currently using. Run the command:

Get-SmbSession | Select-Object -ExpandProperty Dialect | Sort-Object -Unique

Get-SmbSession used Dialect versionsIn this example, there are 898 clients connected to the server using SMB 2.1 (Windows 7/ 2008 R2) and 8 clients via SMB 3.02 (Windows 8.1 / 2012 R2).

According to the table, Windows XP and Windows Server 2003 can use only SMB 1.0 to access folders and files, that one can be disabled in new versions of Windows Server (2012 R2 / 2016). So, if your infrastructure uses computers running Windows XP ( no longer supported ), Windows Server 2003 / R2 and servers running Windows Server 2012 R2 / 2016, you should understand that the legacy clients will not be able to access files and folders on a file server running new OS. If Windows Server 2016 / 2012 R2 is used as a domain controller, it means that Windows XP / Server 2003 clients won’t be able to execute logon scripts (NETLOGON) and apply some of the group policies stored in the network folders on the domain controllers (for example, when using the Central Store for ADMX templates). If you try to connect to a shared folder on a file server with SMBv1 disabled, the old client will receive the following error message:

The specified network name is no longer available

Stop Using SMBv1 Protocol

Today the SMB 1.0 protocol is obsolete and it has a large number of critical vulnerabilities (remember the last incidents with the ransomware attacks – WannaCry and NotPetya that exploited the vulnerability in SMBv1 protocol). Microsoft and other IT companies strongly recommend that you stop using SMBv1 in your network.

If there are clients in your network running Windows XP and Windows Server 2003 /R2, they should be migrated as soon as possible to newer versions of Microsoft’s OS or carefully isolated.

SMB 1.0 in Windows Server 2012 R2

If you open the list of Windows Server 2012 R2 components, you can see a feature with the name SMB 1.0/CIFS File Sharing Support, which is not installed. But the SMB 1.0 driver itself works. If you install this feature, the Computer Browser service appears in the system. This is an SMB 1.0 client, without which it will not be possible to connect from this server to other computers that support only smbv1 protocol.SMB 1.0/CIFS File Sharing Support feature in windows server 2012 r2

Tip. If you don’t need to support an older SMB version 1.0 for computers running Windows XP or Windows Server 2003, you can disable this feature to reduce the system load and improve security as shown below:

Remove-WindowsFeature FS-SMB1

Then on the server side you need to completely disable SMB 1.0 with the command:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

By default, both drivers SMB 1 and SMB 2 are loaded in Windows Server 2012. To confirm this, open the properties of a system service Server (LanmanServer) and on the Dependencies tab you can see that Server SMB 1.xxx Driver and SMB 2.xxx Driver are running on the server at the same time.

Windows 2012: SMB 1.xxx Driver and SMB 2.xxx Drivers

If you open the properties of the LanmanServer service on Windows 2012 R2, you can see that the driver supporting SMB 1.0 is excluded from the dependencies.

Windows Server 2012 R2 support only smb 2 driver

However, this does not mean that the SMB 1.0 driver is not working. To check whether SMB 1.0 is enabled on the server side, you can use the command:

Get-SmbServerConfiguration | Select EnableSMB1Protocol

smb 1 protocol enabledAs you can see, the SMB1 protocol in Windows Server 2012 R2 is enabled despite the absence of the SMB 1.0/CIFS File Sharing Support feature and driver dependencies for the LanmanServer service.

To restore the access of XP/2003 (and other legacy) clients over SMB to the file servers/domain controllers on Windows Server 2012 R2, you can enable SMB 1 support as follows. First, enable the protocol in the server settings:

Set-SmbServerConfiguration -EnableSMB1Protocol $true

Then enable the dependencies of SMB 1.0 in Windows Server 2012 R2 through the registry. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer and change the value of DependOnService parameter from SamSS Srv2 to SamSS Srv.

SamSS Srv in dependencies LanmanServer service

After that you have to reboot the system and make sure that SMB 1.0 driver is working again.

smb 1 support on windows server 2012 R2

These actions should be performed on all file servers and domain controllers to which legacy versions of clients are connected.

SMB 1.0 in Windows Server 2016

In Windows Server 2016, support for SMB 1.0 on the client side is also enabled as a separate feature, which can be found in the Add/Remove Features Wizard. This component is also called SMB 1.0 / CIFS File Sharing Support.

windows 2016: enable SMB 1.0 feautureYou can disable SMB v1 and completely remove the component with the commands:

Remove-WindowsFeature FS-SMB1
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

ws2016 disabling smb 1.0

Note. Complete manual to disable SMB 1.0 on Windows 10 / Server 2016

Starting from Windows Server 2016 1709 (and Windows 10 Fall Creators), the SMBv1 component (both client and server) is disabled by default (guest access via SMBv2 is disabled as well). To access legacy systems using an outdated version of the protocol, it must be installed separately. You need to install the SMB 1.0/CIFS File Sharing Support feature and enable SMB 1.0 with the commands:

Add-WindowsFeature FS-SMB1
Set-SmbServerConfiguration -EnableSMB1Protocol $true

10 comments
2
Facebook Twitter Google + Pinterest
previous post
Securing Administrative (Priveleged) Accounts in Active Directory
next post
How to access VMFS Datastore from Linux, Windows and ESXi

Related Reading

Integrating Windows Updates into Windows 10 Install Image

February 12, 2019

Copying Large Files over an Unreliable Network Using...

February 11, 2019

“The update is not applicable to your computer”:...

February 10, 2019

Fix: Clock Reverts to Wrong Time After Computer...

February 8, 2019

WSUS Windows Update Error 0x80244010: Exceeded max server...

January 31, 2019

10 comments

SMB 1.0 Support in Windows Server 2012 R2 | Win... March 13, 2015 - 1:13 pm

[…] A new version of SMB 3 protocol was presented in Windows Server 2012 R2 (technically, it is SMB 3.02, since SMB 3.0 appeared in Windows Server 2012), the  […]

Reply
Gilberto November 9, 2015 - 9:46 pm

your post save my day!!! thank u, i’m gonna reference it on my blog!!!

Reply
Alberto February 29, 2016 - 9:20 pm

I have looked everywhere on the web to resolve this issue.  THANK YOU!

Reply
Rune March 17, 2016 - 11:22 am

Thank you! Got this issue after patching and it worked fine.

Reply
ZAK May 12, 2016 - 3:27 pm

Thank you! Saved my day!

Reply
AS September 26, 2016 - 11:14 am

How come I have a windows server 2012 r2 with smb1 installed but not visible in dependencies and I can still access it from windows server 2003 ?

Reply
admin September 28, 2016 - 5:50 am

If SMB1 diver is running, you can access Windows 2012 R2 from 2003 client:

sc query mrxsmb10

E_NAME: mrxsmb10
  TYPE               : 2  FILE_SYSTEM_DRIVER
  STATE              : 4  RUNNING

Reply
Davert March 28, 2018 - 3:38 pm

2012 onwards;
Check it’s not disabled via Powershell too:
To Check:
Get-SmbServerConfiguration | Select EnableSMB1Protocol,
If it say ‘False ‘then Ennable:
Set-SmbServerConfiguration -EnableSMB1Protocol $false

Reply
Max April 11, 2018 - 1:14 pm

Thank you for your comment. Indeed, SMB1 server protocol is available by default on Windows Server 2012 R2. I updated the article

Reply
Joe Janota September 21, 2018 - 6:51 pm

Perfect, just what the doctor ordered. Saved my life and time.

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • ESXi: Slow Disk Performance on HPE Gen8

    February 15, 2019
  • Integrating Windows Updates into Windows 10 Install Image

    February 12, 2019
  • Copying Large Files over an Unreliable Network Using BITS and PowerShell

    February 11, 2019
  • Fix: Clock Reverts to Wrong Time After Computer (Server) Reboot

    February 8, 2019
  • Fix: BSOD Error 0x0000007B on Boot on Windows 7 and Server 2008 R2

    February 7, 2019
  • How to Disable Automatic Driver Updates in Windows 10?

    February 6, 2019
  • WSUS Windows Update Error 0x80244010: Exceeded max server round trips

    January 31, 2019
  • Configuring SSO (Single Sign-On) Authentication on Windows Server RDS

    January 29, 2019
  • Unable to Start or Connect to Virtual Disk Service in Disk Management

    January 28, 2019
  • How to Inject Drivers into a Windows 10 WIM/ISO Install Image?

    January 15, 2019
woshub.com

Follow us

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Install .NET Framework 3.5 on Windows Server 2012 R2
  • User Profile Disks on Windows Server 2012 R2 / 2016 RDS
  • Unable to Connect RDP: CredSSP Encryption Oracle Remediation
  • How to Clean Up “System Volume Information” Folder
  • How to Shadow (Remote Control) a User RDP session on RDS Windows Server 2016 / 2012 R2
  • Windows XP Can’t RDP to Windows 10 / Server 2012R2/2016 RDS
  • Managing Printers from the Command Prompt in Windows 10 / 8.1
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top