As per the Microsoft
recommendation, SMBv1 should be disabled on all servers of a domain. We made
this change on our all servers. After some days, we found that we are not able
to RDP into the servers and we are not able to resolve their DNS hostname as well.
After digging into
the problem, I found that "NetLogon" Server was stopped. When I tried
to run it, it gave me error that one of its dependency service is stopped or
disabled. Later I found that it is because of "Workstation" service because
it was also in stopped mode. In event log I found that it is not able to run
because SMBv1 is disabled. Below are the screenshots which will show you what I
am talking about.
Note: This problem was only with Windows Server 2008 R2 and earlier. Because SMBv1 is the dependency of "Workstation" service. In later versions of Windows server, like 2012, 2012 R2 and 2016. Microsoft has removed it from dependencies. See the below screenshot of "Workstation" service of Windows Server 2012 R2.
There are two ways
to fix, either enabling SMBv1 back or remove it from "Workstation" service
dependency.
Enabling SMBv1 Back
Although it is not a good option because all famous attacks were based on SMBv1. So, i would not suggest it to do. But still i have mentioned the steps below.
1. Open "Command Prompt" as an administrator.
2. Type below command to enable SMBv1
2. Type below command to enable SMBv1
sc.exe query
lanmanworkstation
(This is to check
the status of lanmanworkstation service)
sc.exe
config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
(Config all
dependencies for "Workstation" Service
sc.exe config
mrxsmb10 start= auto
(It will start it.)
3. Reboot the server and start "Workstation" service first and then "NetLogon" service.
Remove SMBv1 from dependencies of "Workstation" services
I would recommend this to do and it is easy.
1. Open registry editor and navigate to the below mentioned location.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation
2. Check for the key "DependOnService". It would have below mentioned services name.
Bowser
MRxSmb10
MRxSmb20
NSI
3. Remove "MRxSMB10" from the value of "DependOnService" key.
4. Open "Command Prompt" as an administrator run below mentioned commands.
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe
config mrxsmb10 start= disabled
5. Check "Workstation" service now, it should not have SMBv1 in its dependencies.
6. Restart "Workstation" service.
7. That's all you have to do to remove SMBv1 from dependencies.
If you have any query regarding this post, please leave your message in comment box.
0 comments:
Post a Comment