vCSA 6.0 and earlier may use SMB1 for authentication
We have had a customer that disabled SMB1 by GPO. They were in the process of security hardening there Windows machine. But after this they could no longer login to there vCenter 6.0 with is an Appliance.
The vCenter is a member of the AD domain, and they are using “Integrated AD authentication” for authentication.
It look like vCenter uses SMB1 for authentication i this configuration.
VMware has a KB about this and there solution is to enable SMB1 again. See KB here: https://kb.vmware.com/kb/2134063
But this may not be the solution that all customer wants, we changed the authentication from “Integrated AD authentication” to LDAP/LDAPS and that solved the problem.
In vCSA 6.5 SMB2 is enabled, so this does not have this problem.
You can enable SMB2 in vCSA 6.0 (I have not check on 5.5), but it is as far as i know not supported, only try this at your own risk.
To check to see if SMB2 is enbled use this commend for bash shell on vCSA 6.0.
/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'
The output you see, looks like this:
EchoInterval" REG_DWORD 0x0000012c (300) "EchoTimeout" REG_DWORD 0x0000000a (10) "IdleTimeout" REG_DWORD 0x0000000a (10) "MinCreditReserve" REG_DWORD 0x0000000a (10) "Path" REG_SZ "/opt/likewise/lib64/librdr.sys.so" "ResponseTimeout" REG_DWORD 0x00000014 (20) "SigningEnabled" REG_DWORD 0x00000001 (1) "SigningRequired" REG_DWORD 0x00000000 (0) "Smb2Enabled" REG_DWORD 0x00000000 (0)
To enable SMB 2, use this command:
/opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]' Smb2Enabled 1
And afterwards restart lwio service, with this command:
/opt/likewise/bin/lwsm restart lwio
Not sure what happens after en update/upgrade with this settings.
Confirmed this works on vcsa 5.5 update 3e.