disable oplocks on server 2012R2 without enabling SMB1

Algon 1 Reputation point
2021-11-17T16:06:59.37+00:00

Hello

I'm really hoping someone can help with this one.

We have an old application that's currently hosted on a Windows 2012R2 failover cluster - This provides file access to clients via a number of shares.
This application used to reside on an old Windows 2003 cluster and at the time the clients were running windows XP.

We've since upgraded our clients to Windows 10.

The vendor of the application has always insisted that the server be configured to only use SMB1 otherwise this causes issues with the application. We then had to enable SMB1 on our Windows 10 clients so they could access the server. This obviously isn't something we want to do.

Since the application has been on the 2012R2 cluster files are occasionally locked or corrupted causing all sorts of problems within the system.

I looked into this a little more and assumed that these issues could be because the clients are caching the flat files and also locking them on the server.

I also assumed this was the reason for the supplier wanting the server restricted to SMB1 so that that oplocks could be disabled - It seems that oplocks can only be disabled under SMB1 :/
(Turns out that although SMB2\3 has been disabled on the server the registry keys to disable oplocks hasn't been put in place so it's kinda pointless)

My questions are:

• Can oplocks be disabled on server 2012R2 for SMB2/3? I thought I might be able to use the new -LeasingMode powershell switch but this is only available for 2016 and up.
Info about leasing mode found here: https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows

• I did notice there's an EnableOplocks parameter under the Set-SMBServerConfiguration cmdlet on 2012R2. Would this work instead?

• If I can't disable this on the server side without being restricted to SMB1 then can I disable caching on these clients using the following reg keys? I could then leave the server running with SMB2\3 and then disable SMB1 on the clients?

  1. Directory cache, by setting DirectoryCacheLifetime to ZERO.
  2. File Not Found cache, by setting FileNotFoundCacheLifetime to ZERO.
  3. File information cache, by setting FileInfoCacheLifetime to ZERO.

• Here's the silly question. If I just disable caching on the server side share wouldn't this prevent the client from trying to cache the file and therefore prevent it from requesting a lock on the file?

Many thanks in advance

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,617 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Limitless Technology 39,796 Reputation points
    2021-11-19T09:38:28.503+00:00

    Hi there,

    Yes simple as that disabling the cache on the server side share wouldn't prevent the client from caching the file .

    While disabling or removing SMBv1 might cause some compatibility issues with old computers or software, SMBv1 has significant security vulnerabilities
    https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

    ---------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--


  2. Algon 1 Reputation point
    2021-11-24T09:37:19.303+00:00

    Anyone able to add to this?

    I'm pretty sure if I disable the following reg keys that this will be enough to stop any problems caused by oplocks:

    Directory cache, by setting DirectoryCacheLifetime to ZERO.

    File Not Found cache, by setting FileNotFoundCacheLifetime to ZERO.

    File information cache, by setting FileInfoCacheLifetime to ZERO.

    0 comments No comments

  3. Algon 1 Reputation point
    2021-11-26T11:06:33.57+00:00

    I've also notice a powershell cmdlet "Set-SMBClientConfiguration" which provides the option "UseOpportunisticLocking".

    If I set this to false would this prevent the client from requesting a lock on the server? Again, this could be the workaround I need to keep SMB3 in place on the server side and keeping SMB1 disabled.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.