Windows 2012 R2 and Invalid Signature

in #networking8 years ago

Have you tried to connect to a SMBv2 NAS appliance via CIFS, using a UNC path, from a Windows 2012R2 client?  If you have, have most likely run across the Invalid Signature error.  The reason for this error is that your NAS does not support SMB 3.0.  SMB 3.0 added a feature called “Secure Negotiate”.  This feature depends on the error responses from all SMBv2 servers being correctly signed.  If the error responses are not correctly signed the Workstation Service will immediately drop the connection.  Microsoft added this feature to combat man in the middle attacks.  There is however a way to disable this functionality to allow you to use a SMBv2 NAS.  All you need to do is run the following commands on the Windows 2012 R2/Windows 8.1 client machines: 

Set-SmbClientConfiguration -RequireSecuritySignature $false 
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force

 These settings will disable the requirement of the security signature and disable Secure Negotiate.