Disable SMB1

In light of the recent details of SMBv1 being incredibly vulnerable¬† to attacks, it’d be a good idea to make sure that SMBv1 is disabled on your systems. There isn’t much reason to leave it enabled, it was deprecated in Windows Vista/Server 2k8, and unless you have an old NAS that requires SMBv1, you should be able to disable it without any harm.

The other benefit of disabling SMBv1, is that it forces your systems to use SMBv2 or v3, which perform better.

So, let’s go through how to disable it quickly and easily.

For Windows 8.1 and above, as well as Windows Server 2012 R2 and above, it’s just a simple PowerShell command.

To run Powershell as an Admin, please do the following:

  1. Click on Start
  2. Type in “Powershell” without the quotes
  3. Right click on “Powershell” and click run as administrator. Do not run Powershell ISE
  4. Click on “Allow” if a prompt comes up

Server2k12R2+

Open a PowerShell window as Admin

Remove-WindowsFeature FS-SMB1

If all goes well, you’ll get a message saying it was successful.

Win8.1+

Open a PowerShell window as Admin

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

You’ll get a message saying that it has succeeded.

For the remaining versions of Windows, the commands are a little different.

Win8/Server2k12

Open PowerShell window as Admin

Set-SmbServerConfiguration -EnableSMB1Protocol $false

Windows Vista/7/Server 2k8/2k8R2

Open PowerShell window as Admin

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force

Then restart the computer

Disabling SMBv1 is simple, quick, and highly important both from a security standpoint and a performance standpoint.

On Random Yet Consistently Timed Crashes

The past few weeks, I’ve been dealing with hard crashes on my Hyper-V server. They all happened at around the same time. Essentially, the VM would stop responding to any services past pings. If I try to use the Hyper-V console to bring it up, it would just crash. If I tried to reboot or stop the VM it would crash the host.

So, I went through the event logs on the host, and came across a bunch of errors on my Highpoint 2720 controller relating to ports not responding and driver not responding. I have a scheduled drive pair verify that was running around the time of the crash, so I assumed that there may be a chance that I had an issue with the drives on the pair.

I ran a full drive scan on the two drive pairs, and both succeeded without errors, nor were there any crashes. After that, I ran a drive pair validate, but at a different time of the day. This one succeeded as well.

Feeling thoroughly confused, I went through the event logs again, and came across an error in the host log that also coincided with the same timestamps. This error was sourced from my PCIe network card, so at that point, I start trying to figure out what could cause two PCIe cards to stop responding at the same time.

I got through the logs on the VM again, and notice some errors with the ID 129 but no details given due to a missing component. I do some Googling, and find an ancient MS forum post about this error. It was traced to an issue with VSS and similar issues with crashing VMs.

I then remember that I had a Windows Server Backup running on the VM around the same time that this was running. Disabled that, and suddenly the crashes stop.

Whoops.