Testimo icon indicating copy to clipboard operation
Testimo copied to clipboard
verified publisher icon EvotecIT

Server 2019 - SMB Protocols

Open neztach opened this issue 4 years ago • 2 comments

I was looking into why testimo flagged the following items

DisplayName Type Category Assesment Importance Action Extended Domain
AsynchronousCredits Domain Controller Not defined False Extreme Not defined Expected value (Equal): 64, Found value: 512 domain.local
AutoDisconnectTimeout Domain Controller Not defined False Extreme Not defined Expected value (Equal): 0, Found value: 15 domain.local
CachedOpenLimit Domain Controller Not defined False Extreme Not defined Expected value (Equal): 5, Found value: 10 domain.local
DurableHandleV2TimeoutInSeconds Domain Controller Not defined False Extreme Not defined Expected value (Equal): 30, Found value: 180 domain.local
SMB v1 Protocol should be disabled Domain Controller Not defined False Extreme Not defined Expected value (Equal): False, Found value: True domain.local
Smb2CreditsMin Domain Controller Not defined False Extreme Not defined Expected value (Equal): 128, Found value: 512 domain.local
Smb2CreditsMax Domain Controller Not defined False Extreme Not defined Expected value (Equal): 2048, Found value: 8192 domain.local

After running BPA by hand on a few of the 2019 servers, I've noticed that BPA has no problem with the current settings. As part of my research, I found a few links that could be helpful

Following this thread: https://social.technet.microsoft.com/Forums/ie/en-US/8da67a3f-b2fd-4b27-8767-fb73e8056d5c/bpa-vs-default-in-windows-2016-dc?forum=winservergen

lead me to this MS link (could be a good resource for your explanation of that section): https://docs.microsoft.com/en-us/previous-versions//dn567661(v=vs.85)?redirectedfrom=MSDN

Per standard MS articles, they have a link under the "SMB Performance tuning" section, that reads "Windows Server 2012: Which version of the SMB protocol (SMB 1.0, SMB 2.0, SMB 2.1, SMB 3.0, or SMB 3.02) are you using on your File Server?" and of course it's MIA. I looked up someone else's cache of the article here: https://barreto.home.blog/2013/10/02/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using/

From that, on the local server I ran: Get-SmbConnection which resulted in showing I was running "Dialect 3.1.1"

Also the only "shares" on these 2019 servers are NETLOGON and SYSVOL.

neztach avatar Apr 26 '21 18:04 neztach

I believe I added it from old BPA 2012/2016 servers. The whole test needs update on assesment/importance and so on to get it in-line with new approach. Feel free to submit PR :-)

PrzemyslawKlys avatar Apr 26 '21 19:04 PrzemyslawKlys

I've tried different permutations of remotely asking the server what dialect the SmbConnection is using:

  • Get-SmbConnection -ServerName srvname01.domain.local

No MSFT_SMBConnection objects found with property 'ServerName' equal to 'srvname01.domain.local'

  • Get-SmbConnection -CimSession srvname01.domain.local

srvname01.domain.local: Cannot connect to CIM Server.

  • Get-WmiObject -ComputerName srvname01 -namespace 'Root\Microsoft\Windows\SMB' MSFT_SmbConnection
    • answered once, but unable to ask again as it returns nothing:
__GENUS               : 2
__CLASS               : MSFT_SmbConnection
__SUPERCLASS          :
__DYNASTY             : MSFT_SmbConnection
__RELPATH             : MSFT_SmbConnection.ServerName="SRVNAME01.domain.local",ShareName="sysvol",UserName="DOMAIN\\SRVNAME01$"
__PROPERTY_COUNT      : 11
__DERIVATION          : {}
__SERVER              : SRVNAME01
__NAMESPACE           : Root\Microsoft\Windows\SMB
__PATH                : \\SRVNAME01\Root\Microsoft\Windows\SMB:MSFT_SmbConnection.ServerName="SRVNAME01.domain.local",ShareName="sysvol",UserName="DOMAIN\\SRVNAME01$"
ContinuouslyAvailable : False
Credential            : DOMAIN.LOCAL\SRVNAME01$
Dialect               : 3.1.1
Encrypted             : False
NumOpens              : 0
Redirected            : False
ServerName            : SRVNAME01.domain.local
ShareName             : sysvol
Signed                : True
SmbInstance           : 0
UserName              : DOMAIN\SRVNAME01$
PSComputerName        : SRVNAME01

My thinking was something like this

  1. Pre-stage Get-ComputerSMB by asking the Target Server and processing the results of Get-SmbConnection.
  2. Store the value of 'Dialect' that was returned
  3. Adjust the expected results in Testimo based on whether the [int]$Dialect was -lt 3 or -ge 3.

My attempts, however, generally result in RPC server unavailable or No MSFT_SMBConnection with only a single success.

Essentially, the method you're utilizing to overcome the hurdle of remote querying the server successfully is evading me, therefore you may be more versed on how to approach this. Me utilizing how I know to get at the information is failing me.

At the very least, perhaps my approach has some logic that may assist or be useful in any future development of Get-ComputerSMB or the logic used in the Testimo expected values for this field.

neztach avatar Apr 27 '21 17:04 neztach