If you try to connect to a NetApp CIFS share via Windows 8 beta you may cannot access the share because of the following error:
SMB connections fail with error “Invalid Signature”
Cause:
This behavior may be due to the “Secure Negotiate” feature added to SMB 2.24 for the Windows “8” beta release, which relies on the correct signing of error responses by all SMB 2 servers (including those supporting only protocol versions 2.0 and 2.1). Some third-party file servers do not respond with a signed error response causing the connection to fail.
Microsoft has two workrounds for this problem:
- Enable signing on the third-party file server.
- Disable “Secure Negotiate” on the client.
You can disable “Secure Negotiate” with the following PowerShell command:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force
Checkout the Microsoft KB2686098
Update
Only some minutes after I released this blog post I got an anwser from Glenn Sizemore (NetApp) how you can enable SMB 2 signing on the NetApp.
ONTAP CLI:
options cifs.smb2.signing.required on
PowerShell:
ipmo DataONTAP Connect-NaController controller Set-NaOption cifs.smb2.signing.required off
Thanks for that.
Tags: cannot access, CIFS, KB, Microsoft, NetApp, PowerShell, Secure Negotiate, share, SMB, SMB 2, SMB 2.0, SMB 2.1, SMB 2.2, Windows, Windows 8 Last modified: April 5, 2012
Hey Thomas,
Yeah that whole SMB evolution can be kinda tricky. Since your getting the error you must have SMB2 enabled on the controller. To get it work without hacking the registry on Windows 8 you just need to enable smb2 signing. The SMB Server in Data ONTAP is fully compliant.
ONTAP CLI:
options cifs.smb2.signing.required on
PowerShell:
ipmo DataONTAP
Connect-NaController controller
Set-NaOption cifs.smb2.signing.required off
If that doesn’t work just ask a question on the netapp communities.
~Glenn
Shouldn’t it be
Set-NaOption cifs.smb2.signing.required on ?
Value=0 off
Value=1 On
Value=2 is negotiate
negotiate is way much better option
Hi,
I have win8 Ent. I am not able to access shares from netapp storage server. Please suggest me.
please use the following command:
Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters” RequireSecureNegotiate -Value 0 -Force
Hi,
there are two options on NetApp
to negotiate – the best way:
options cifs.signing.enable on
options cifs.smb2.signing.required off
to force:
options cifs.signing.enable on
options cifs.smb2.signing.required on
rgds jan