Condividi tramite


Windows Server 2012 R2: Which version of the SMB protocol (SMB 1.0, SMB 2.0, SMB 2.1, SMB 3.0 or SMB 3.02) are you using?

Note: This blog post is a Windows Server 2012 R2 update on a previous version focused on Windows Server 2012.

 

1. Introduction

With the release of Windows 8.1 and Windows Server 2012 R2, I am frequently asked about how older versions of Windows will behave when connecting to or from these new versions. Upgrading to a new version of SMB is something that happened a few times over the years and we established a process in the protocol itself by which clients and servers negotiate the highest version that both support.

 

2. Versions

There are several different versions of SMB used by Windows operating systems:

  • CIFS – The ancient version of SMB that was part of Microsoft Windows NT 4.0 in 1996. SMB1 supersedes this version.
  • SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
  • SMB 2.0 (or SMB2) – The version used in Windows Vista (SP1 or later) and Windows Server 2008
  • SMB 2.1 (or SMB2.1) – The version used in Windows 7 and Windows Server 2008 R2
  • SMB 3.0 (or SMB3) – The version used in Windows 8 and Windows Server 2012
  • SMB 3.02 (or SMB3) – The version used in Windows 8.1 and Windows Server 2012 R2

Windows NT is no longer supported, so CIFS is definitely out. Windows Server 2003 R2 with a current service pack is under Extended Support, so SMB1 is still around for a little while. SMB 2.x in Windows Server 2008 and Windows Server 2008 R2 are under Mainstream Support until 2015. You can find the most current information on the support lifecycle page for Windows Server. The information is subject to the Microsoft Policy Disclaimer and Change Notice.  You can use the support pages to also find support policy information for Windows XP, Windows Vista, Windows 7 and Windows 8.

In Windows 8.1 and Windows Server 2012 R2, we introduced the option to completely disable CIFS/SMB1 support, including the actual removal of the related binaries. While this is not the default configuration, we recommend disabling this older version of the protocol in scenarios where it’s not useful, like Hyper-V over SMB. You can find details about this new option in item 7 of this blog post: What’s new in SMB PowerShell in Windows Server 2012 R2.

 

3. Negotiated Versions

Here’s a table to help you understand what version you will end up using, depending on what Windows version is running as the SMB client and what version of Windows is running as the SMB server:

OS Windows 8.1  WS 2012 R2 Windows 8  WS 2012 Windows 7  WS 2008 R2 Windows Vista  WS 2008 Previous versions
Windows 8.1 WS 2012 R2 SMB 3.02 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 8 WS 2012 SMB 3.0 SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 7 WS 2008 R2 SMB 2.1 SMB 2.1 SMB 2.1 SMB 2.0 SMB 1.0
Windows Vista WS 2008 SMB 2.0 SMB 2.0 SMB 2.0 SMB 2.0 SMB 1.0
Previous versions SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0

* WS = Windows Server

 

4. Using PowerShell to check the SMB version

In Windows 8 or Windows Server 2012, there is a new PowerShell cmdlet that can easily tell you what version of SMB the client has negotiated with the File Server. You simply access a remote file server (or create a new mapping to it) and use Get-SmbConnection. Here’s an example:

PS C:\> Get-SmbConnection
 
ServerName ShareName UserName Credential Dialect NumOpens
---------- --------- -------- ---------- ------- --------
FileServer1 IPC$ DomainName\UserN... DomainName.Testi... 3.00 0
FileServer1 FileShare DomainName\UserN... DomainName.Testi... 3.00 14
FileServ2 FS2 DomainName\UserN... DomainName.Testi... 3.02 3
VNX3 Share1 DomainName\UserN... DomainName.Testi... 3.00 6
Filer2 Library DomainName\UserN... DomainName.Testi... 3.00 8
DomainCtrl1 netlogon DomainName\Compu... DomainName.Testi... 2.10 1

In the example above, a server called “FileServer1” was able to negotiate up to version 3.0. FileServ2 can use version 3.02. That means that both the client and the server support the latest version of the SMB protocol. You can also see that another server called “DomainCtrl1” was only able to negotiate up to version 2.1. You can probably guess that it’s a domain controller running Windows Server 2008 R2. Some of the servers on the list are not running Windows, showing the dialect that these non-Windows SMB implementations negotiated with this specific Windows client.

If you just want to find the version of SMB running on your own computer, you can use a loopback share combined with the Get-SmbConnection cmdlet. Here’s an example:

PS C:\> dir \\localhost\c$
 
Directory: \\localhost\c$
 
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 5/19/2012 1:54 AM PerfLogs
d-r-- 6/1/2012 11:58 PM Program Files
d-r-- 6/1/2012 11:58 PM Program Files (x86)
d-r-- 5/24/2012 3:56 PM Users
d---- 6/5/2012 3:00 PM Windows

PS C:\> Get-SmbConnection -ServerName localhost

ServerName ShareName UserName Credential Dialect NumOpens
---------- --------- -------- ---------- ------- --------
localhost c$ DomainName\UserN... DomainName.Testi... 3.02 0

 

You have about 10 seconds after you issue the “dir” command to run the “Get-SmbConnection” cmdlet. The SMB client will tear down the connections if there is no activity between the client and the server. It might help to know that you can use the alias “gsmbc” instead of the full cmdlet name.

 

5. Features and Capabilities

Here’s a very short summary of what changed with each version of SMB:

  • From SMB 1.0 to SMB 2.0 - The first major redesign of SMB
    • Increased file sharing scalability
    • Improved performance
      • Request compounding
      • Asynchronous operations
      • Larger reads/writes
    • More secure and robust
      • Small command set
      • Signing now uses HMAC SHA-256 instead of MD5
      • SMB2 durability
  • From SMB 2.0 to SMB 2.1
    • File leasing improvements
    • Large MTU support
    • BranchCache
  • From SMB 2.1 to SMB 3.0
    • Availability
      • SMB Transparent Failover
      • SMB Witness
      • SMB Multichannel
    • Performance
      • SMB Scale-Out
      • SMB Direct (SMB 3.0 over RDMA)
      • SMB Multichannel
      • Directory Leasing
      • BranchCache V2
    • Backup
      • VSS for Remote File Shares
    • Security
      • SMB Encryption using AES-CCM (Optional)
      • Signing now uses AES-CMAC
    • Management
      • SMB PowerShell
      • Improved Performance Counters
      • Improved Eventing
  • From SMB 3.0 to SMB 3.02
    • Automatic rebalancing of Scale-Out File Server clients
    • Improved performance of SMB Direct (SMB over RDMA)
    • Support for multiple SMB instances on a Scale-Out File Server

You can get additional details on the SMB 2.0 improvements listed above at
https://blogs.technet.com/b/josebda/archive/2008/12/09/smb2-a-complete-redesign-of-the-main-remote-file-protocol-for-windows.aspx

You can get additional details on the SMB 3.0 improvements listed above at
https://blogs.technet.com/b/josebda/archive/2012/05/03/updated-links-on-windows-server-2012-file-server-and-smb-3-0.aspx

You can get additional details on the SMB 3.02 improvements in Windows Server 2012 R2 at
https://technet.microsoft.com/en-us/library/hh831474.aspx

 

6. Recommendation

We strongly encourage you to update to the latest version of SMB, which will give you the most scalability, the best performance, the highest availability and the most secure SMB implementation.

Keep in mind that Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V only support SMB 3.0 for remote file storage. This is due mainly to the availability features (SMB Transparent Failover, SMB Witness and SMB Multichannel), which did not exist in previous versions of SMB. The additional scalability and performance is also very welcome in this virtualization scenario. The Hyper-V Best Practices Analyzer (BPA) will warn you if an older version is detected.

 

7. Conclusion

We’re excited about SMB3, but we are also always concerned about keeping as much backwards compatibility as possible. Both SMB 3.0 and SMB 3.02 bring several key new capabilities and we encourage you to learn more about them. We hope you will be convinced to start planning your upgrades as early as possible.

 


Note 1: Protocol Documentation

If you consider yourself an SMB geek and you actually want to understand the SMB NEGOTIATE command in greater detail, you can read the [MS-SMB2-Preview] protocol documentation (which covers SMB 2.0, 2.1, 3.0 and 3.02), currently available from https://msdn.microsoft.com/en-us/library/ee941641.aspx. In regards to protocol version negotiation, you should pay attention to the following sections of the document:

  • 1.7: Versioning and Capability Negotiation
  • 2.2.3: SMB2 Negotiate Request
  • 2.2.4: SMB2 Negotiate Response

Section 1.7 includes this nice state diagram describing the inner workings of protocol negotiation:

 

Note 2: Third-party implementations

There are several implementations of the SMB protocol from someone other than Microsoft. If you use one of those implementations of SMB, you should ask whoever is providing the implementation which version of SMB they implement for each version of their product. Here are a few of these implementations of SMB:

Please note that is not a complete list of implementations and the list is bound to become obsolete the minute I post it. Please refer to the specific implementers for up-to-date information on their specific implementations and which version and optional portions of the protocol they offer.

You also want to review the SNIA Tutorial SMB Remote File Protocol (including SMB 3.0). The SNIA Data Storage Innovation Conference (DSI’14) in April 22-24 2014 is offering an updated version of this tutorial.

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed
    • Anonymous
      July 03, 2017
      Wow, comment reply after 3,5 years hahah.. wonder if poor MartinJ was still waiting for that reply
    • Anonymous
      December 20, 2017
      The comment has been removed
  • Anonymous
    October 02, 2013
    wow.. You are working on this since SMB 2.0.. :)It's amazing the improvements made since there. I really enjoy each one
  • Anonymous
    October 08, 2013
    The comment has been removed
  • Anonymous
    October 25, 2013
    Great Post!  But how do you check this on a windows 7 and 2008r2 session since only 8 and 2012 have get-smbconnection cmdlet?
  • Anonymous
    October 26, 2013
    The comment has been removed
  • Anonymous
    March 30, 2014
    In this post, I'm providing a reference to the most relevant content related to Windows Server 2012
  • Anonymous
    May 10, 2014
    Pingback from Como usar o Compartilhamento baseado em SMB3 para Banco de Dados SQL | Marcos Dias
  • Anonymous
    May 10, 2014
    Pingback from Como usar o Compartilhamento baseado em SMB3 para Banco de Dados SQL | Marcos Dias
  • Anonymous
    May 29, 2014
    Pingback from ????????? PC????????????
  • Anonymous
    May 30, 2014
    Pingback from TI Especialistas Usando um compartilhamento de rede para o SQL Server
  • Anonymous
    July 07, 2014
    In this post, I'm providing a reference to the most relevant content related to Windows Server 2012
  • Anonymous
    August 11, 2014
    Introduction Windows Server 2012 R2 introduced a new version of SMB. Technically it’s SMB version 3.02
  • Anonymous
    August 12, 2014
    Introduction Windows Server 2012 R2 introduced a new version of SMB. Technically it’s SMB version 3.02
  • Anonymous
    May 31, 2015
    Hi, Matthew Walker here, I’m a Premier Field Engineer here at Microsoft specializing in Hyper-V and Failover
  • Anonymous
    August 26, 2015
    Almost all SAP products are now supported on Windows 2012 and SAP are in the process of certifying Windows
  • Anonymous
    September 28, 2015
    In the not far back point in time, there was a blog done by Matthew Walker that we felt needed to also
  • Anonymous
    October 08, 2015
    The comment has been removed
  • Anonymous
    April 13, 2016
    The table shows older OS negotiate to SMB1, but the state diagram has no option for this. Is this just because out of scope of the document?
  • Anonymous
    June 14, 2016
    Great post! Well done!!!Maurizio
  • Anonymous
    July 04, 2016
    Thus all is not true. I can without problem access user/password protected smb shares on windows 10 1511 machine. But the other way around I get error: The user has not been granted the requested logon type at this computer. Which is windows 7 computer. And I have gpedit in Access this computer from network added Users,Administrator,Everyone. Have run on both Windows 7 and Windows 10 sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi andsc.exe config mrxsmb20 start= auto to ensure all smb protocols are available. But still can't connect from windows 10 to windows 7 shares although I type in existent user/pass on windows 7 at windows 10 machine. W10 throws: The user has not been granted the requested logon type at this computer. Why? Does W10 can't auto downgrade to sm2.1 to communicate with widows 7, and windows 7 can access smb3.0 on Windows 10?!?
  • Anonymous
    September 13, 2016
    This is still the best article around for SMB, but please can you update to include SMB3.1.1, Windows 10, & Server 2016 ? Many thanks!
    • Anonymous
      September 14, 2016
      Mind you, you've published another article here which explains this!https://blogs.technet.microsoft.com/josebda/2015/05/05/whats-new-in-smb-3-1-1-in-the-windows-server-2016-technical-preview-2/Thanks!
  • Anonymous
    October 02, 2016
    From build 14921, 14926 and 14936 (Insider RS2 preview), I have no more acces to my share XP (SMB 1.0). Do you think thatt SMB is the problem ????
  • Anonymous
    March 08, 2017
    @JoseBarretoWill you update this excellent post related to Windows 10 and Windows Server 2016?Thanks!
  • Anonymous
    May 17, 2017
    The comment has been removed
    • Anonymous
      June 25, 2017
      Hi Marek,At an administrative command prompt, run "sc query srv" to see whether the SMB1 drivers are running. Srv (SMB1) could be set to automatic start and running, even though the LanmanServer service does not have it as a Dependency.To disable SMB1 you can set Srv service to disabled with "sc config srv start=disabled".
  • Anonymous
    May 18, 2017
    Does it means that PC's with NT OS are not exposed to the WannaCrypt Attack?
  • Anonymous
    May 29, 2017
    Hello, I have found files on my android which i cannot access because it says it needs to unlock SMB2. This is the first article thatvi have read that explains what this means and i would like to know if you can give advice as to how to proceed with that process or report such findings, as i did not initiate the protocol myself. Any advice would be greatly appreciated.
  • Anonymous
    June 23, 2017
    Nice article, well written and concise. Thanks for the information.R.
  • Anonymous
    June 23, 2017
    A very good article indeed! Windows 2012 server supporting SMB3 version is make much difference in the market!Cheers to Microsoft team!
  • Anonymous
    June 23, 2017
    Get-SmbConnection in Poweshell is not working and posting the below error,"The term 'get-SmbConnection' is not recognized as the name of a cmdlet, function, script file, or operable program."
  • Anonymous
    July 06, 2017
    The comment has been removed
  • Anonymous
    October 03, 2017
    Is it possible to link a client using SMB1 to a server using SMB3
  • Anonymous
    December 20, 2017
    The comment has been removed