CIFS disconnect while copying data when encryption is enabled and NULL sessions are created
Applies to
- ONTAP 9
- Microsoft Defender
- SMB Encryption
Issue
- Network Error: There is a problem accessing <path>. Make sure that you're connected to the network and try again
- Every time a Windows client, with Microsoft Defender enabled, sends an encrypted packet, ONTAP resets the TCP stream
No. Time Source Destination Protocol Length tcp.srcport tcp.dstport tcp.stream smb2.acct smb2.domain smb2.host ntlmssp.auth.domain ntlmssp.auth.username Info
575 ... <ip-1> <ip-2> SMB2 186 57663 445 0 - - - - - Session Setup Request, NTLMSSP_NEGOTIATE
588 ... <ip-1> <ip-2> SMB2 281 57663 445 0 - - <domain> NULL NULL Session Setup Request, NTLMSSP_AUTH, User: \
589 ... <ip-2> <ip-1> SMB2 130 445 57663 0 - - <domain> - - Session Setup Response
593 ... <ip-2> <ip-1> TCP 54 445 57663 0 - - - - - 445 → 57663 [RST, ACK] Seq=1198768 Ack=55095 Win=259 Len=0
595 ... <ip-2> <ip-1> TCP 54 445 57663 0 - - - - - 445 → 57663 [RST] Seq=1198768 Win=0 Len=0
597 ... <ip-2> <ip-1> TCP 54 445 57663 0 - - - - - 445 → 57663 [RST] Seq=1198768 Win=0 Len=0
anonymous (null) login, no user (User: \)- anonymous (null) login, no user (
User: \
), so as you can see the CIFS/SMB server sends aTCP [RST]
to the CIFS/SMB client, see frames:593,595,597
- anonymous (null) login, no user (