VMware’s KB (https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2134063) about joining the appliance to the domain only shows the option of enabling SMB1 on your domain controller. With VMware Support, we were able to figure how to enable SMB2 communication from the vCSA to the domain controllers.
- SSH into the vCSA
- enable the bash shell
shell.set --enabled true
- enter the bash shell
- Set the SMB2Enabled Flag in likewise’s config:
/opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]' Smb2Enabled 1
- You can verify the values with the following command:
/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'
- Then restart likewise:
/opt/likewise/bin/lwsm restart lwio
Now the vCSA will use SMB2! This can be required if you have security policy requiring the disablement of SMB1.
8 thoughts on “Enabling vCenter Server Appliance (VCSA) to use SMB2”
This was a huge help today! One thing to note, the single quotes you have turn into backticks when you copy and paste. If you could update that in your post, it would be great.
Would this also work for SMB3?
Thanks for this, great article!
Thanks for sharing, we recently disabled domain wide smb 1 because of Wannacry and for some reason authentication from our Veeam backup server to the VC started failing, web access to the VMWare web client too, we enabled smbv2 and now all looks good
VCSA 6.5 U1 and later (>= 220.127.116.1100) already has SMBv2 enabled out of the box.