Wonder why IBM doesn't support change notification like other SMB2 providers? Looks like it's a registry patch you can deploy to all corporate PC's via Group Policy push to fix the deficiency in IBM's SMB2 support.
Microsoft should also do their part though and respond to status_not_supported.
What I find interesting is that netserver now supports SMB2? When did this happen? I thought you had to run Samba in the PASE environment in this type of setup for that support: http://www-01.ibm.com/support/docview.wss?uid=nas8N1020089
When did this new feature come into play? Does NetServer's SMB2 support remove the Kerberos/LDAP limitation that IBM's Samba release had?
From: Rob Berendt [mailto:rob@xxxxxxxxx]
Sent: Monday, June 13, 2016 5:04 PM
Subject: Microsoft Windows File Explorer issues a Denial of Service attack against IBM i 7.3.
IBM changed protocol for NetServer from SMB1 to SMB2 when upgraded to IBM i 7.3.
When you are running SMB2 Windows File Explorer will refresh the list of files shown multiple times per second. This is a violation of SMB protocol. Microsoft admits this but currently has no plans to change this.
Microsoft has done this in the past and have issued a hotfix. They have no plans at this time to issue a hotfix for this occurrence.
Due to serious security issues IBM is strongly discouraging you from configuring back to SMB1.
There is a registry hack to reduce the refresh rate. Or you can stop using Windows File Explorer. For example, looking at a mapped drive from a DOS prompt does not have this issue. Having a file open from a share (like Excel, PDF, etc) does not have this issue. Just the list of files shown in Windows File Explorer.
I will supply a link. The link talks about byte counts in netstat, etc. I can duplicate all this.
So far the Denial of service attack only causes issues with the windows file explorer sessions. We've not noticed other performance implications (YMMV).
I've been told that if you're on a list of a few thousand files, and you're updating that several times a second it gets more interesting. I'm not in the mood to put on my steel cup, step in front of Chuck Norris and say "prove it".
IBM would like more people to report this issue to them, and to Microsoft, to put the pressure on Microsoft to fix this.
We'll have to discuss this internally as to how we want to proceed.
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
Kendallville, IN 46755
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l
Please contact support@xxxxxxxxxxxx for any subscription related questions.
As an Amazon Associate we earn from qualifying purchases.