Jump to content
Welcome to our new Citrix community!
  • 0

What is the SMB Protocol Version for an SMB ISO Library?


Alain Assaf1709157628

Question

Hello,

 

My storage group claims that my XenServers are producing "a lot" of SMB 1.0 traffic on the new storage array. The only SR we have setup that touches the storage array is our ISO Library. Is there a way to confirm the SMB protocol version the ISO library is using? Is there a way to change it to use SMB 3? Our PVS servers are W2012R2 and our XenApp servers are W2012R2 and W2008R2. 

 

When I run XE SR-param-list uuid=<UUID of my SMB ISO Library> I get:

 

uuid ( RO)                    : d5801c11-96c9-d6ca-4946-fee6ea3a433c
              name-label ( RW): SMB ISO library
        name-description ( RW): SMB ISO Library [\\STORAGEARRAY.DOMAIN.LOCAL\pvs_iso_repo]
                    host ( RO): <shared>
      allowed-operations (SRO): unplug; plug; PBD.create; PBD.destroy; VDI.clone; scan; VDI.create; VDI.destroy
      current-operations (SRO):
                    VDIs (SRO): d1ea5c3f-7a80-4202-ae69-01ea70110294; 76095305-144c-4f25-9d72-3d0820f1a654; ea15ae3f-a4f6-472f-b824-b44f753e4280; b25af1b2-88eb-4c36-b43a-b7808f3e1f8c; 5d15ca2a-22ab-4b39-ab96-579b3eddbafb; e855668f-8d68-4258-ba0b-134f27acf67c; a9d613c8-b9ab-4b6f-a0d6-ccb2b9fe20e9; f7b66b79-9404-46ae-8e53-c42b98c98110; b5a171b5-aa9f-48d9-8b9b-61afbe07e6c3; 2bb5d17e-9b56-4882-b066-a5d1535ca762; ff19f19c-71b6-4710-befe-0541e6f9a90e; ea525701-5019-4efc-a2db-c1b1aeab6887; 410cad69-2c46-4728-92d3-2f96df7ff201; d45f1a5d-4773-42af-9ac8-51dcce22078d; 9f233d88-32f5-4352-947f-8d223135c763; ddc46c1f-73b9-49b0-9db4-0df407ed1c83; 2a04dfdc-3a5d-4ec3-b9b1-418abecdd92b; 4bd83171-9d9a-41f3-83a0-590ce7a29c2f; d6dbf8dd-19d8-461a-b947-f47776e72057; 6b40fa2b-b49e-4d2e-b8ba-58b1127c53c5; e52ff797-3dbb-4af6-a9ef-07fa75b53fdb; f672e1a8-3506-4ab1-a228-8c7fb208a2a9; 41ac816d-b192-4f8d-bfdf-40bc39942ec2; a0a28700-812b-4e5c-bac9-7628b5f582ab; 61a9c952-1510-40e5-a3b4-7a94085feb15; faae0fc0-fd3c-4a33-82b0-f2277da9cad9; 6f3be796-84e9-4c64-bfd2-3ffe4854c69a; dae37cf8-4d4a-43f2-b728-1c793e4963fd; 302183d7-a612-4d39-bad4-68c80c074bb7; 8260b3ff-d71d-41e3-bd3c-274a1b48e249; 7b844ae0-9f7f-4f3b-acc5-6815e96db4cf; 4f1c8cbc-142a-43d7-938b-407ca65ab77f; d0a3dc29-94d2-4888-a9bd-85ff21ffd7e8
                    PBDs (SRO): 917124e3-cbfb-7a43-a616-40ec0c4c8775; e7c65d74-7408-eabd-3b2f-d0291e87ed03; 00007c40-ad83-f1b6-701c-9cd4aeaf5d92; 89f920e5-b619-3e51-140f-39a5f3ca9820; 0829f1ca-2a12-eea6-7fb8-0e4c43493cf8; 8d09883c-9311-f225-9bcf-a35aa6ed2935; f9dd0c45-04b8-5947-0710-713a499d1277; 925903c0-60d9-8e45-5363-71ac8e03db52; b4a4cb58-3d0e-8c72-1f5f-b32614397558; f0173014-ed09-f2b5-9dcc-879b2ae62cc9; b16a925c-0c9a-e38e-fd13-919a6da736c5; 7884b1b7-213f-7746-397e-b20a9182edf2; 6209f57c-ff40-6aad-7708-6fd8c6b902a4; d78fb49c-4644-4f9c-cdb6-06160dc03a94; fb96bb85-d9d8-e7dc-4619-37c58a790d5b; b186c901-8970-bde7-05e7-aef67b928b1c
      virtual-allocation ( RO): 59111544613
    physical-utilisation ( RO): 24627708868608
           physical-size ( RO): 102533191074816
                    type ( RO): iso
            content-type ( RO): iso
                  shared ( RW): true
           introduced-by ( RO): <not in database>
             is-tools-sr ( RO): false
            other-config (MRW): auto-scan: true
               sm-config (MRO): iso_type: cifs
                   blobs ( RO):
     local-cache-enabled ( RO): false
                    tags (SRW):
               clustered ( RO): false
 

Thanks,

Alain

Link to comment

16 answers to this question

Recommended Posts

  • 0
On 4/19/2017 at 3:39 PM, Chandrika Srinivasan said:

Alain, 

 

You can check the version by running the mount command. It should give you what version the share is mounted with (Should be 1.0). Unfortunately, we don't support version 3x for ISO SRs at the moment. 

 

-Chandrika

can you tell me please what exactly the command use to know the smb version ?? and if it was 2 or 3 how can i get it back to v 1 ??

  • Like 1
Link to comment
  • 0

Just wanted to chime in that I, too, am quite anxious for XenServer to adopt modern SMB protocols. We disabled SMBv1 across our network this year due to security threats and the aforementioned recommendations from Microsoft. While I'm still running XenServer 6.5, this should've been addressed by Citrix long ago.

 

This, combined with the occasional issues with XenServer mounting physical DVDs to VMs, I'm considering bringing up a Windows 7 box or Linux box that is used solely for ISO CIFS/SMB sharing. Maybe it could just be powered up while the VM is installing from .iso, and powered down afterwards.

 

Here's a writeup on a Linux demo appliance to go this route: http://www.dedoimedo.com/computers/xen-xenserver-local-iso-repo.html

 

Anyone else have any other ideas on workarounds?

Link to comment
  • 0

I'm not entirely sure SMB 1.0 on a linux server is susceptible to the same exploits that exist for a Windows client. But regardless, its less efficient and needs to go the way of the dodo bird. I know on our particular SAN I can choose SMB1 or SMB 2/3, but not both.

 

--Alan--

Link to comment
  • 0

Agree it needs to go as well as some applications (like Flash in 2020, yah !!!). My point was applying Microsoft vulnerabilities to a Linux platform may or may not apply well. I haven't read the details, but usually a Microsoft exploit doesn't transfer well to other platforms.

 

--Alan--

Link to comment
  • 0

If SMB connections are for example enabled using Samba and the Samba version running is earlier than a specific version, there are Linux exploits out there. Don't forget that SMB 1.0 has been around for ISO mounts on older XenServer versions dating way, way back! It's surprising how many 6.0 or even 5.X versions of XS are still running out there.

 

-=Tobias

Link to comment
  • 0

I have one XenServer 6.5 pool hanging on, there are some reports of issues with XenTools and Exchange so I'm holding off a little more. We are very email-centric so email issues is not an option. Yes, Samba exploits is a good reason to always run the latest version of XenServer you can along with other fixes and enhancements.

 

--Alan--

Link to comment
  • 0
On 5/19/2019 at 6:24 PM, noora n said:

can you tell me please what exactly the command use to know the smb version ?? and if it was 2 or 3 how can i get it back to v 1 ??

 

Noora,

 

The short answer is that XenServer still uses CIFS/SMB1.0 for ISO SR's. Otherwise, newer versions of SMB are supported. To change the SMB version you would have to unmount and "re-"mount the storage repository with a different version. See this for more info on using mount: https://www.computerhope.com/unix/umount.htm

 

For XenServer - log into the console and type mount. This will list all the file systems that are currently connected to that XenServer. If the see something similar to this example:

 

//ABCDSERVER.DOMAIN.COM/iso_repo on /run/sr-mount/9ab5976c-e00a-c280-f8b3-4711528f1e0b type cifs

 

Then that file system is smb1.

 

For Windows, the easiest (IMHO) is to use PowerShell. Open an elevated PowerShell prompt and type the following >get-smbconnection

image.thumb.png.75c688ebf5512385dfaa084f54be1fe6.png

 

get-smbconnection works for Windows 10/Windows 2016

https://docs.microsoft.com/en-us/powershell/module/smbshare/get-smbconnection?view=win10-ps

 

How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server - https://support.microsoft.com/en-us/help/2696547/detect-enable-disable-smbv1-smbv2-smbv3-in-windows-and-windows-server

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...