Disabling SMB2 on Windows Server 2008
7,341
"The second is potential locking and corruption issues with legacy flat-file databases." Please explain this issue a little bit more, e.g. what do you mean with flat-file databases? thx ice
Related videos on Youtube
Author by
Alan B
Updated on September 17, 2022Comments
-
Alan B almost 2 years
There are a couple of reasons you might do this, the first is an exploit.
The second is potential locking and corruption issues with legacy flat-file databases. There is a performance penalty in doing this - but how noticeable is it? What other reasons are there for not disabling SMB2 (assuming the security vulnerability is fixed) ?
-
EKW over 12 yearsJust a note here (in case someone stumbles across this question in the future) to confirm that the issues with SMB2 were absolutely NOT resolved in Windows Server 2008 SP1 and Win7 SP1. Access databases work fine, FoxPro databases will suffer constant corruption with SMB2 enabled, and less frequently with SMB oplocks enabled.
-
Alan B over 12 yearsI dispute this - is there any supporting evidence? I deal with a multiuser VFP 9 application installed on hundreds of sites, quite a few of which will now be Windows Server 2008 SP1 / Windows 7 SP1 and we are not experiencing any corruption.
-
EKW over 12 yearsI deal with a FoxPro ODBC-based app on a few hundred sites. Sites which are pure-XP don't experience any issues, sites which are a mixed client environment (XP, Vista/7) or pure-Vista/7 experience issues until SMB2 directory caching is disabled (Server 2003/XP hosts), or SMB2 and oplocking are disabled (Server 2008/Vista/7 hosts).
-
Alan B over 12 yearsWhen you say ODBC-based, do you mean it's a non-VFP application accessing the VFP data via ODBC?
-
EKW over 12 yearsThat would be correct.
-
Alan B over 12 yearsI wonder if the issue is with the ODBC driver in that case.
-
EKW over 12 yearsPossibly, but the point stands that compatibility is only fixed in specific cases. alaska-software.com/fixes/smb2/overview.shtm has more information, as well as dataaccess.com/whitepapers/opportunlockingreadcaching.html
-
Alan B over 12 yearsThose are valuable documents for anyone dealing with VFP on SMB2.
-
-
Alan B over 14 yearsWell, MS Access and Visual FoxPro would be two example. In the case of the latter it is often necessary to turn off Opportunistic Locking on the server to alleviate multiuser file access and locking problems. This is done by setting EnableOplocks to 0 in the registry under HKLM\SYSTEM\CURRENTCONTROLSET\LANMANSERVER\PARAMETERS. However under Windows Server 2008 you can't turn that off without first turning SMB2 off.