Quantcast
Channel: File Services and Storage forum
Viewing all articles
Browse latest Browse all 13565

Windows 2008 R2 server stops responding to SMB2 Command: NegotiateProtocol

$
0
0

Hi

We have a Windows 2008 R2 SP1 (6.1.7601 Service Pack 1 Build 7601) serving as file server. Clients are Windows XP and Windows 7.

The files are being served happily and all of a sudden the server stops continuing on NEW SMB2 connections.

For ex,

A. time0 : connection 1 (and all connections before it) came in and is successfully established and is being served

B. time1: I assume something happens to the internals of server

C. time1: connection 2 comes in and tcp handshake is successful.

D. time+1msec: client sends SMB2 Negotiate

E. time+200 msec: server sends an ACK

F. time+59~sec: Server sends a RST

G. Now all the new connections from same or different clients have TCP handshake go thru and a reset from the server on NegotiateRequest!!!!

H. XP clients work fine to same server means SMBv1 or server resource is not an issue

I. If a client had an ongoing connection from BEFORE B (say connection 1). It still gets served but new connections get reset.

J. The only work around is to reboot the server!! Until it happens again!!

This sounds like something on Windows 2008 R2 SMB2 stack which goes into a state where it intentionally stops taking new connection. Some kind of anti-DDOS behavior or something??

Appreciate any help

Here is D (time+1msec: client sends SMB2 Negotiate)

NetBIOS Session Service
    Message Type: Session message (0x00)
    Length: 155
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        SMB Command: Negotiate Protocol (0x72)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x18
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0xc853
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
            .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
            .... .... .1.. .... = Long Names Used: Path names in request are long file names
            .... .... ...1 .... = Security Signatures Required: Security signatures are required
            .... .... .... 0... = Compressed: Compression is not requested
            .... .... .... .0.. = Security Signatures: Security signatures are not supported
            .... .... .... ..1. = Extended Attributes: Extended attributes are supported
            .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 65535
        Process ID: 65279
        User ID: 0
        Multiplex ID: 0
    Negotiate Protocol Request (0x72)
        Word Count (WCT): 0
        Byte Count (BCC): 120
        Requested Dialects
            Dialect: PC NETWORK PROGRAM 1.0
                Buffer Format: Dialect (2)
                Name: PC NETWORK PROGRAM 1.0
            Dialect: LANMAN1.0
                Buffer Format: Dialect (2)
                Name: LANMAN1.0
            Dialect: Windows for Workgroups 3.1a
                Buffer Format: Dialect (2)
                Name: Windows for Workgroups 3.1a
            Dialect: LM1.2X002
                Buffer Format: Dialect (2)
                Name: LM1.2X002
            Dialect: LANMAN2.1
                Buffer Format: Dialect (2)
                Name: LANMAN2.1
            Dialect: NT LM 0.12
                Buffer Format: Dialect (2)
                Name: NT LM 0.12
            Dialect: SMB 2.002
                Buffer Format: Dialect (2)
                Name: SMB 2.002
            Dialect: SMB 2.???
                Buffer Format: Dialect (2)
                Name: SMB 2.???


Here is E (time+200 msec: server sends an ACK)

    [Time delta from previous captured frame: 0.201044000 seconds]

    Flags: 0x010 (ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 0... = Push: Not set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Here is F (F. time+59~sec: Server sends a RST)

    [Time delta from previous captured frame: 59.765376000 seconds]

    Flags: 0x014 (RST, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 0... = Push: Not set
        .... .... .1.. = Reset: Set
            [Expert Info (Chat/Sequence): Connection reset (RST)]
                [Message: Connection reset (RST)]
                [Severity level: Chat]
                [Group: Sequence]
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set


Viewing all articles
Browse latest Browse all 13565

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>