Installing Secondary Sites and other Roles on Windows 2012 with Riverbed in the mix

During a new Configuration Manager 2012 implementation project, we tried to push a secondary site at another location (Datacenter B) from our primary site (in Datacenter A). We saw failures in the logs specifically it can’t connect to the secondary server’s c$ and failed other queries. Both Primary and the secondary servers are Windows Server 2012. Some testing showed we are not able to connect to c$ manually from the primary server from Datacenter A to the secondary server in Datacenter B. But we can connect from a Windows 7 desktop from Datacenter A to the server (2012) in Datacenter B.

After much research, we found this is was because the sites are optimized by Riverbed and the current firmware of the appliances do not support SMB3.

Riverbed just announced SMB3 support late July 2013 with the release of RiOS 8.5 for Q3 2013.

In RiOS 8.5, Riverbed is introducing new optimizations for business-critical Microsoft applications and environments including SharePoint® 2013, Exchange 2013, Office365® and file sharing applications that utilize the server message block 3 (SMB3) protocol in Windows® 8 and Server 2012 environments. As a result, mutual customers of Microsoft and Riverbed can increase productivity and efficiency, while enhancing business resilience.

Their blog (from August 5, 2013) also stated the same.

Work around is to disable Secure Negotiate.

To change this setting, set the following LanmanWorkstation parameter using PowerShell cmdlet:

Set-SmbClientConfiguration – RequireSecureNegotiate <0|1|2>

0 – Disabled

1 – Required

2 – Enabled if needed 

You can also edit the DWORD value through the registry editor.

HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecureNegotiate.

To change the default behavior, you need to define the registry key. If not present, its default value is “Required” in Windows 8 clients.

The registry key can be populated via GPP in the computer configuration.

More information on SMB on 2012 and previous version:

http://blogs.technet.com/b/josebda/archive/2012/06/06/windows-server-2012-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-or-smb-3-0-you-are-using-on-your-file-server.aspx

Client / Server OS Windows 8
Windows Server 2012
Windows 7
Windows Server 2008 R2
Windows Vista
Windows Server 2008
Previous versions
of Windows
Windows 8
Windows Server 2012
SMB 3.0 SMB 2.1 SMB 2.0 SMB 1.0
Windows 7
Windows Server 2008 R2
SMB 2.1 SMB 2.1 SMB 2.0 SMB 1.0
Windows Vista
Windows Server 2008
SMB 2.0 SMB 2.0 SMB 2.0 SMB 1.0
Previous versions
of Windows
SMB 1.0 SMB 1.0 SMB 1.0 SMB 1.0

One thought on “Installing Secondary Sites and other Roles on Windows 2012 with Riverbed in the mix

  1. Hello Jay,
    I also bumped in a similar issue regarding Lync backup replication store (uses SMB).

    note: Set-SmbClientConfiguration powershell command doesn’t seem to have only the ‘RequireSecuritySignature’ parameter

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s