This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Log File Archives broken after SMBv1 disabled

After disabling SMB version 1 on our Windows servers per US-CERT best practices, UTM log file archiving is broken.
Anyone have a workaround or extra information about this?

SMBv1 disabled on Windows 2008R2 and Windows 2012R2 servers via;
Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Registry entry: SMB1
REG_DWORD: 0 = Disabled



This thread was automatically locked due to age.
Parents Reply Children
  • That was what my testing revealed. With SMBv1 disabled, transparent proxy was broken. Users were not recognized by their correct AD groups. I had to re-enable SMBv1 on domain controllers at several customers. 

    I've got a ticket open with Sophos, but I haven't heard anything yet.

    Everyone, PLEASE submit a ticket for this. Its incredible that a security company is still using such a risk-laden and obsolete protocol.