Re: SMB signing problem with winXP

In an SBS 2003 network with Windows XP workstations I did have
problems with delays saving files. It drove the client crazy because it hung
the whole workstation for up to ten seconds. After I disabled SMB signing
the client stopped complaining-- but we tried so many things that I can't be
100% certain that was the fix. I disabled it on several networks after that
just in case. The boss hates when clients complain that a brand-new network
is "slow."

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
wrote in message news:OwpDu48NFHA.2136@xxxxxxxxxxxxxxxxxxxxxxx
> And I'll debate you and say that you don't have to do this.
>
> Leave it on and in today's XP sp2 environment you are fine.
>
> Leave it off and you are fine.
>
> Just don't screw it up getting it there.
>
> Jeff Middleton [SBS-MVP] wrote:
> > I don't think anyone is looking for an argument about this, but if
someone
> > is, just be prepared to debate both me and Mariette telling you that the
> > sane thing to do in 99.99% of all SBS deployment scenarios is to disable
all
> > SMB Signing in the Default Domain Policy and the Default Domain
Controller
> > Policy.
> >
> > There is no problem with Disabling SMB Signing entirely.
> >
> > SMB Signing is not a required protocol function. It's an authentication
> > process which means that network packets are authenticated individually
in
> > addition to using application and protocol authentication for every
> > transaction stream.
> >
> > The analogy that I use is that we don't require co-workers in a small
> > business to wear badges, we don't use locks on doors in the middle of
> > hallways to secure room to room, we don't post an armed guard in the
lobby
> > next to the receptionist. You probably don't lock your office when you
walk
> > to the copy machine or take your coffee cup with you for fear of being
> > poisoned while it's unattended. These are all things that someone can
say
> > "hey, but if you don't you are at risk of....whatever." Even if you are
a
> > business that does all of those things, SMB Signing is still not
necessarily
> > improving upon a measurable risk when you compare it's value to cost
causing
> > networking problems. Not just file access issues like what Mariette
cited,
> > I'm talking about silliness that just makes things not work right.
> >
> > The relationship most people running SBS have with SMB Signing is that
it
> > causes them headaches, and isn't preventing a plausible security breach.
If
> > you had to pay for SMB Signing, you wouldn't.
> >
> > You don't lose functionality for having it disabled. You remove a level
of
> > complexity that isn't related to functionality.
> >
> >
> >
> > "Oliver Sommer" <o.sommer@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
> > news:11578632479945866584240@xxxxxxxxxxxxxxxxxxxxx
> >
> >>It's not a real good idea to disable all four policies.
> >>Just keep the "if..." policies active so replication and other issues
> >
> > won't
> >
> >>trouble as by result of your recommendation.
> >>
> >>greetings,
> >>Oliver Sommer
> >>
> >>German News to SBS under:
> >>http://www.SBSFAQ.de
> >>xxxxxxxxxxxxxxxxxxxxxx
> >>
> >>
> >>>In news:OUPcI8jNFHA.2880@xxxxxxxxxxxxxxxxxxxx,
> >>>Eugene Tan <insights-[dropthis]@post1.com> wrote:
> >>>
> >>>>I recall there was a problem when winXP was introduced to a SBS2k
> >>>>LAN, causing slow file copies etc, and among the fixes was to turn
> >>>>off
> >>>>SMB signing because of issues (KB810907) and other hot fixes required
> >>>>such as KB329170.
> >>>>Any idea of status, since win2k sp4 has been out for some time?
> >>>>Should SMB signing be turned on, preferably?
> >>>>
> >>>
> >>>Smallbizserver.Net > SBS 2003 > Server issues > Slow file copy to the
> >>>SBS
> >>>2003 server:
> >>>http://www.smallbizserver.net/Default.aspx?tabid=139
> >>
> >>
> >>
> >
> >


.

Relevant Pages

  • Re: SMB packet and secure channel signing
    ... You know, in all the times that you and I have the debate on SMB Signing, ... > Optionally you can do "if client agrees" and thus the signing will be ... > Just don't screw up in the process of disabling these suckers. ... SMB Signing puts a tag on each and every network packet ...
    (microsoft.public.windows.server.sbs)
  • Re: [2.6.24.3][net] bug: TCP 3rd handshake abnormal timeouts
    ... I didn't know where to write to the "network guys". ... It's hard to explain and describe a problem when you know people will ask you hundreds of questions related to application-level problems, or not reply because web/mysql problems are so common and generally not related to any kernel issue. ... you should try disabling it to rule out any possible bug in the ... I have the conntrack on both the client and server, and unfortunately can't disable it now on the client, however I will test today and disable it on the server, after I get some sleep. ...
    (Linux-Kernel)
  • Re: [2.6.24.3][net] bug: TCP 3rd handshake abnormal timeouts
    ... I didn't know where to write to the "network ... you should try disabling it to rule out any possible bug in the ... I have the conntrack on both the client and server, ...
    (Linux-Kernel)
  • Re: Slow opening Files over network
    ... If you are not using SMB signing for anything specific, ... > The network is a 100Mb network, ... > SMB signing is on by default, will disabling this affect anything else?? ... >>> users are in that folder with detailed view on, ...
    (microsoft.public.win2000.networking)
  • Disabling file and printer sharing server only in Windows 98
    ... When disabling the "File and Printer ... it seems to disable the client and the ... server - I can't access shares on other computers, ... I would like the pc to be able to read shares on one network, ...
    (comp.protocols.smb)
Loading