wannacry and disabling smb1

If you’ve been living under a rock you don’t know anything about wannacry. If that’s the case you may already be in trouble.

But if you’re on top of things then you know one of the major recommendations beyond patching your systems (you should be doing this anyway) is to disable smb1 across your environment.

Beyond breaking many things like printers, scanners and folder shares for legacy applications; it also will break AD authentication from the virtual center virtual appliance. It’s key to note that the windows installation is not effected by this.

VMware has a good KB article around this which calls out the requirements for SMB1:

https://kb.vmware.com/kb/2134063

Luckily there is a workaround you can apply to the VCSA to enable smb2 for authentication.

  • SSH into the VCSA
  • enable the bash shell
    • shell.set –enabled true
  • enter the bash shell
  • shell
  • Set the SMB2Enabled Flag in likewise’s config:
    • /opt/likewise/bin/lwregshell set_value ‘[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]’ Smb2Enabled 1
  • You can verify the values with the following command:
    • /opt/likewise/bin/lwregshell list_values ‘[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]’
  • Then restart likewise:
    • /opt/likewise/bin/lwsm restart lwio

 

Once you’ve made these changes, your vcsa will once again be able to authenticate via AD using smb2.

Leave a Reply

Your email address will not be published. Required fields are marked *