Question

  • Creator
    Topic
  • #2341622

    Trouble disabling SMB2 and SMB3 in Windows Server 2008 and 2016

    Locked

    by tcallahan ·

    Tags: 

    Hello,

    For testing the performance of a legacy database application (.DBF files) I need to temporarily disabe SMB2 and 3 on WS 2008 R2 and WS 2016 (standard editions) and turn off opportunistic locking (Oplocks.)

    I have researched it a but can’t seem to get it to work – links to some related articles below.

    On the servers I think I just need to disable SMB2 since MS states SMB3 is automatically disabled when SMB2 is because they share the same stack.

    What I’ve found is that the following procedure done on the server should work but it does not seem to.

    1. Reboot

    2. Show SMB1 running:
    C:\ >sc query mrxsmb10
    SERVICE_NAME: mrxsmb10
    TYPE : 2 FILE_SYSTEM_DRIVER
    STATE : 4 RUNNING
    (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    3. Show SMB2 running
    C:\ >sc query mrxsmb20
    SERVICE_NAME: mrxsmb20
    TYPE : 2 FILE_SYSTEM_DRIVER
    STATE : 4 RUNNING
    (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    4. Update the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
    Registry entry: SMB2
    REG_DWORD: 0 = Disabled

    5. Reboot

    6. Show that SMB2 is still running
    C:\ >sc query mrxsmb20
    SERVICE_NAME: mrxsmb20
    TYPE : 2 FILE_SYSTEM_DRIVER
    STATE : 4 RUNNING
    (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    For disabling Oplocks (which seems to be forced to enabled in SMB2) I made the following registry changes:

    HKLM\SYSTEM\CurrentControlSet\services\mrxsmb\Parameters\OplocksDisabled REG_DWORD 0x1

    HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters\EnableOplocks REG_DWORD 0x0

    I do not know how to test if these settings are effective.

    Supporting links:

    https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows

    https://support.microsoft.com/en-us/help/296264/configuring-opportunistic-locking-in-windows

All Answers

Share your knowledge