SMB signing not working


Article ID: 166924


Updated On:


ProxySG Software - SGOS


Have enabled smb v1 signing but I still cannot get cifs protocol optimisation.


This could be a couple of things:

1) In domain security group policy the option Microsoft network client: Digitally sign communication (always) is enabled. This means the client is configured to require signing. The "always" means required. We will not provide cifs protocol optimisation for this flow (will still see ADN and tcp optimisations) and a message will be logged in active sessions stating that client is configured to require signing.

This is a working domain security policy. Note the Microsoft network server: Digitally sign communications... are enabled and the Microsoft network client: Digitally sign communications.. are disabled.

Note if the share is on a domain controller then there is also a domain controller security policy. You can enable both the client and server digitally sign communications in this policy.

Once you have modified the settings you should run gpupdate /force on both the client and server. This will install the group policy to the client.


2) bad user configured for the smb credential signing. For example a user which is in a different domain to the file server hosting the share and no two way trust configured. In this case the user will

receive a popup when accessing the share. If you configure the smb signing credentials with a user in a trusted domain and the two way trust is broken (for example the domain controller in remote domain is no longer available)

then you will also see a popup.

3) Smb signing has been enabled on the branch proxy and not the core proxy. The smb signing credentials need to be enabled on the core proxy. Note it  is optional to include the domain in the credentials.