This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Log File Archives broken after SMBv1 disabled

After disabling SMB version 1 on our Windows servers per US-CERT best practices, UTM log file archiving is broken.
Anyone have a workaround or extra information about this?

SMBv1 disabled on Windows 2008R2 and Windows 2012R2 servers via;
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1
REG_DWORD: 0 = Disabled

This thread was automatically locked due to age.

Parents

0 Matthew Dunbar over 6 years ago

Just to clarify, disabling SMBv1 doesn't affect the use of Authentication Servers; only Single Sign-on is broken after turning off SMBv1. Is that correct?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Matthew Dunbar over 6 years ago

Just to clarify, disabling SMBv1 doesn't affect the use of Authentication Servers; only Single Sign-on is broken after turning off SMBv1. Is that correct?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 JamesGolden over 6 years ago in reply to Matthew Dunbar

That was what my testing revealed. With SMBv1 disabled, transparent proxy was broken. Users were not recognized by their correct AD groups. I had to re-enable SMBv1 on domain controllers at several customers.

I've got a ticket open with Sophos, but I haven't heard anything yet.

Everyone, PLEASE submit a ticket for this. Its incredible that a security company is still using such a risk-laden and obsolete protocol.
Cancel
Vote Up 0 Vote Down

Cancel