Enable SMB signon XCOM for Windows
search cancel

Enable SMB signon XCOM for Windows

book

Article ID: 261387

calendar_today

Updated On:

Products

XCOM Data Transport - Windows

Issue/Introduction

Due to SMB vulnerability on a XCOM for Windows server it is necessary to enable SMB signing on that server.

Does XCOM internally use SMB internally or is there any relation between them . If yes please help with complete details of it and the SMB version it uses ?

Will enabling SMB signing have any impact on the XCOM file transfers?

Environment

XCOM™ Data Transport® for Windows

Resolution

XCOM does not directly use SMB internally.
XCOM operates at the OSI Application Layer and from XCOM's point of view SMB signing is transparent, so enabling it should have no impact on XCOM.

Some additional advice:

  1. As SMB is a network file sharing protocol, if in the XCOM file transfers a file specification is being used which is references a network drive (UNC/NAS file specification to read/write files) then it would be a good idea to ensure that the SMB signing change will not impact the relevant userid still having the required access to that file e.g.
    - when sending files the userid that starts the XCOM service can read the local file
    - when receiving files the USERID parameter being used in the transfer can write the remote file
  2. From researching on the web it appears that enabling SMB signing may also involve the use of Kerberos instead of NTLM e.g. Overview of Server Message Block signing. To use Kerberos it is strongly advised to ensure that the DOMAIN parameter is set for the USERID being used in any transfers to avoid unforeseen errors e.g. XCOM for Windows using Kerberos (NTLM disabled) gives XCOMN0287E
  3. There is also a recent XCOM for Windows 11.6 SP03 PTF LU07574 USING DOMAIN NAME AS PART OF USERID WHEN ACCESSING UNC PATHS for a UNC scenario that should be installed.  
    In general it is strongly advised that customers be fully up to date on XCOM for Windows maintenance which can be accessed from the Broadcom Support portal.
    XCOM PTFs are cumulative in terms of the fixes they contain, so it is only necessary to install the latest PTF listed on the above page to pick up the LU07574 fix.
    Or install XCOM for Windows 12.0.
  4. It is also highly recommended to first enable SMB signing in a test/lower environment (if available) before doing so in production environments. 

Additional Information