Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server 2019 - SMB Protocols #125

Open
neztach opened this issue Apr 26, 2021 · 2 comments
Open

Server 2019 - SMB Protocols #125

neztach opened this issue Apr 26, 2021 · 2 comments
Labels
bug Something isn't working enhancement New feature or request

Comments

@neztach
Copy link

neztach commented Apr 26, 2021

I was looking into why testimo flagged the following items

DisplayName Type Category Assesment Importance Action Extended Domain
AsynchronousCredits Domain Controller Not defined False Extreme Not defined Expected value (Equal): 64, Found value: 512 domain.local
AutoDisconnectTimeout Domain Controller Not defined False Extreme Not defined Expected value (Equal): 0, Found value: 15 domain.local
CachedOpenLimit Domain Controller Not defined False Extreme Not defined Expected value (Equal): 5, Found value: 10 domain.local
DurableHandleV2TimeoutInSeconds Domain Controller Not defined False Extreme Not defined Expected value (Equal): 30, Found value: 180 domain.local
SMB v1 Protocol should be disabled Domain Controller Not defined False Extreme Not defined Expected value (Equal): False, Found value: True domain.local
Smb2CreditsMin Domain Controller Not defined False Extreme Not defined Expected value (Equal): 128, Found value: 512 domain.local
Smb2CreditsMax Domain Controller Not defined False Extreme Not defined Expected value (Equal): 2048, Found value: 8192 domain.local

After running BPA by hand on a few of the 2019 servers, I've noticed that BPA has no problem with the current settings.
As part of my research, I found a few links that could be helpful

Following this thread: https://social.technet.microsoft.com/Forums/ie/en-US/8da67a3f-b2fd-4b27-8767-fb73e8056d5c/bpa-vs-default-in-windows-2016-dc?forum=winservergen

lead me to this MS link (could be a good resource for your explanation of that section): https://docs.microsoft.com/en-us/previous-versions//dn567661(v=vs.85)?redirectedfrom=MSDN

Per standard MS articles, they have a link under the "SMB Performance tuning" section, that reads "Windows Server 2012: Which version of the SMB protocol (SMB 1.0, SMB 2.0, SMB 2.1, SMB 3.0, or SMB 3.02) are you using on your File Server?" and of course it's MIA. I looked up someone else's cache of the article here: https://barreto.home.blog/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/

From that, on the local server I ran: Get-SmbConnection which resulted in showing I was running "Dialect 3.1.1"

Also the only "shares" on these 2019 servers are NETLOGON and SYSVOL.
@PrzemyslawKlys PrzemyslawKlys added bug Something isn't working enhancement New feature or request labels Apr 26, 2021
@PrzemyslawKlys
Copy link
Member

I believe I added it from old BPA 2012/2016 servers. The whole test needs update on assesment/importance and so on to get it in-line with new approach. Feel free to submit PR :-)

@neztach
Copy link
Author

neztach commented Apr 27, 2021

I've tried different permutations of remotely asking the server what dialect the SmbConnection is using:

  • Get-SmbConnection -ServerName srvname01.domain.local

No MSFT_SMBConnection objects found with property 'ServerName' equal to 'srvname01.domain.local'

  • Get-SmbConnection -CimSession srvname01.domain.local

srvname01.domain.local: Cannot connect to CIM Server.

  • Get-WmiObject -ComputerName srvname01 -namespace 'Root\Microsoft\Windows\SMB' MSFT_SmbConnection
    • answered once, but unable to ask again as it returns nothing:
__GENUS               : 2
__CLASS               : MSFT_SmbConnection
__SUPERCLASS          :
__DYNASTY             : MSFT_SmbConnection
__RELPATH             : MSFT_SmbConnection.ServerName="SRVNAME01.domain.local",ShareName="sysvol",UserName="DOMAIN\\SRVNAME01$"
__PROPERTY_COUNT      : 11
__DERIVATION          : {}
__SERVER              : SRVNAME01
__NAMESPACE           : Root\Microsoft\Windows\SMB
__PATH                : \\SRVNAME01\Root\Microsoft\Windows\SMB:MSFT_SmbConnection.ServerName="SRVNAME01.domain.local",ShareName="sysvol",UserName="DOMAIN\\SRVNAME01$"
ContinuouslyAvailable : False
Credential            : DOMAIN.LOCAL\SRVNAME01$
Dialect               : 3.1.1
Encrypted             : False
NumOpens              : 0
Redirected            : False
ServerName            : SRVNAME01.domain.local
ShareName             : sysvol
Signed                : True
SmbInstance           : 0
UserName              : DOMAIN\SRVNAME01$
PSComputerName        : SRVNAME01

My thinking was something like this

  1. Pre-stage Get-ComputerSMB by asking the Target Server and processing the results of Get-SmbConnection.
  2. Store the value of 'Dialect' that was returned
  3. Adjust the expected results in Testimo based on whether the [int]$Dialect was -lt 3 or -ge 3.

My attempts, however, generally result in RPC server unavailable or No MSFT_SMBConnection with only a single success.

Essentially, the method you're utilizing to overcome the hurdle of remote querying the server successfully is evading me, therefore you may be more versed on how to approach this. Me utilizing how I know to get at the information is failing me.

At the very least, perhaps my approach has some logic that may assist or be useful in any future development of Get-ComputerSMB or the logic used in the Testimo expected values for this field.

@PrzemyslawKlys PrzemyslawKlys mentioned this issue Nov 26, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PrzemyslawKlys @neztach