Microsoft names and shames software vendors who still demand SMB v1 support

Google is not the only company still releasing software which demands the old SMB v1 file sharing protocol to be available on a Windows network.

In fact, a wide variety of applications still demands this legacy protocol, which Microsoft has deprecated since 2014, and which Microsoft is disabling completely in the next version of Windows 10.

Microsoft has now taken to naming and shaming the software vendors, and have created a list of applications which need updating.

The list includes:

Vendor – Product – Documentation

• Aerohive – HiveManager, HiveOS (domain join) – https://community.aerohive.com/aerohive/topics/unable-to-join-activedirectory-with-smbv1-disabled-on-domain-controller
• Aruba – Clearpass, when using MSCHAP for domain join – https://community.arubanetworks.com/t5/Security/Clearpass-V6-6-2-SMB-version-supported/td-p/296384
• AVM – Fritz!Box – https://www.avforums.com/threads/windows-10-network-share-problem.2043190/page-2#post-23956280
• Barracuda – SSL VPN – https://campus.barracuda.com/product/sslvpn/article/SSLVPN/CreateNetworkPlace/
• Barracuda – Web Security Gateway backups – https://community.barracudanetworks.com/forums.php?url=/topic/29561-backup-via-smb/
• Canon (& Océ) – Printers via “print to share” – https://support.usa.canon.com/kb/index?page=content&id=ART143573& https://files.lfpp.csa.canon.com/media/Assets/PDFs/TSS/external/WF_PrintDrivers/Documentation/Oce_LF_Systems_Connectivity_information_for_Windows_environment_Administration_guide_en.GB.pdf
• Cisco – Web Security Appliance/WSAv – https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuo70696/?referring_site=bugquickviewredir & https://supportforums.cisco.com/discussion/13295496/wsav-supports-smbv1-only
• Cisco – Wide Area Application Services/WAAS 5.0 & older – http://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.html
• DataAccess – legacy Dataflex embedded DB (vendor also offers many alternative ways to not need SMB1) –http://www.dataaccess.com/KBasePublic/Files/2476.Tuning%20Microsoft%20Networks%20for%20the%20Legacy%20Embedded%20Database_PDF_FMT.PDF
• F5 – RDP client gateway, Microsoft Exchange Proxy – https://support.f5.com/csp/article/K55889450
• Forcepoint (Raytheon) – “some Forcepoint products”, Content Gateway proxy authentication – https://support.forcepoint.com/KBArticle?id=000012832
• HP – Various printers (many do support SMB2)
• HPE – ArcSight (Legacy Unified Connector, not latest version)
• IBM – NetServer V7R2 or below – http://www-01.ibm.com/support/docview.wss?uid=nas8N1011878
• IBM – QRadar Vulnerability Manager 7.2.x or below (7.3 has been updated) – http://www-01.ibm.com/support/docview.wss?uid=swg22004178
• Infusion Business Software – Infusion (requires disabling SMB2)
• Lexmark – Firmware eSF 2.x & eSF 3.x MFPs (scan to network) – http://support.lexmark.com/index?page=content&id=FA716&locale=en&userlocale=EN_US
• Linux Kernel – CIFS client 2.5.42 to 3.5.x (3.7 added first SMB2 client implementation) – https://wiki.samba.org/index.php/LinuxCIFSKernel
• McAfee – Web Gateway – https://kc.mcafee.com/corporate/index?page=content&id=KB89350
• Microsoft – Windows XP, Windows Server 2003 (and older), Windows Embedded Standard 2009
• MYOB – Accountants Office & Accountants Enterprise (states requirement for disabling opportunistic locking, i.e. SMB1 behavior option)– https://www.myob.com/au/accountants-and-partners/support/minimum-system-requirements
• NetApp – Versions of ONTAP prior to 8.3.2P5, 9.0P1 & 9.1 require SMB1 for domain join (not client connections). ONTAP 8.3.2P5, 9.0P1, 9.1 can instead utilize SMB2 for domain join as well as client connections via SMB2 & 3, and ONTAP 9.2 allows for complete disabling of any SMB1 connections – http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=786189& https://averageguyx.blogspot.com/2017/06/does-ontap-need-smb1-no.html?m=1 
• NetGear – ReadyNAS (when used as backup target) – https://kb.netgear.com/24923/ReadyNAS-OS-6-SMB-Plus-App
• Oracle – Solaris 11.3 and older – http://docs.oracle.com/cd/E86824_01/html/E54775/smb-4.html
• Pulse Secure – PCS devices running 8.1R9 / 8.2R4 and below or PPS devices running 5.1R9 / 5.3R4 and below – https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB40602/?q=smb&l=en_US&fs=Search&pn=1&atype= 
• QNAP – all storage devices using firmware lower than 4.1 – https://www.qnap.com/en-us/support/con_show.php?cid=11
• RedHat – RHEL 5, RHEL 6 domain join; earliest SMB2+ CIFS client documented is in RedHat 7.2 (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/file_systems.html); RedHat server provide by Samba, see Samba note below – https://access.redhat.com/solutions/3037961
• Ricoh (Ricoh/Savin/Gestetner/Lanier) – all MFP printers (supporting Scan to Folder, Fax Transmission backup to Folder, Fax Forwarding) except SP C220S / C222SF, SP C231SF / C232SF, SP C240SF / C242SF, SP C250SF / C252SF, SP 3400SF / 3410SF, SP 3000SF / 3510SF – Announce-19-05-17-WannaCry-Ransomware-and-SMB-v1.0-exploit
• RSA – Authentication Manager Server – https://community.rsa.com/thread/191171
• Samba – versions older than 3.5.0 (note: all supported versions of Samba support SMB2+, see https://wiki.samba.org/index.php/Samba_Release_Planning#Discontinued) – https://wiki.samba.org/index.php/Samba_3.6_Features_added/changed#SMB2_support & https://wiki.samba.org/index.php/Samba_3.5_Features_added/changed#Protocol_changes
• Sharp – Subset of MFP printers (many do support SMB2 and 3)
• Sonos – Wireless speakers – https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-20-protocol-6739642/index1.html
• Sophos – Sophos UTM, Sophos XG firewall, Sophos Web Appliance – https://community.sophos.com/kb/en-us/126733 & https://community.sophos.com/kb/en-us/126757
• SUSE – SUSE Linux Enterprise Server 11 and older (note: 10 and older versions are unsupported, regardless) – https://www.suse.com/support/kb/doc/?id=7019892
• Synology – Diskstation Manager (management, not client connection) – https://www.synology.com/en-us/knowledgebase/DSM/tutorial/File_Sharing/Why_do_I_receive_an_error_message_when_trying_to_join_a_Windows_Domain_with_my_Synology_NAS
• Thompson Reuters – CS Professional Suite – http://cs.thomsonreuters.com/ua/acct_pr/csa/cs_us_en/kb/how-to-disable-opportunistic-locking-or-file-caching.htm
• Tintri – Tintri OS, Tintri Global Center
• VMware Vcenter VMware vCenter Server Appliance, VMware vRealize Automation Identity Appliance – https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2134063&sliceId=1&docTypeID=DT_KB_1_1&dialogID=479220377&stateId=0 (note: steps to configure SMB2 for VCenter, at least on latest versions, until VMware updates their KB – https://virtualizationnation.com/2017/04/17/enabling-vcenter-server-appliance-vcsa-to-use-smb2/)
• VMware – Older than ESXI 6.0 –#2663902 & https://communities.vmware.com/message/2668266#2668266
• Worldox – Worldox GX3 DMS (SMB1 recommended but supports SMB2 under some circumstances; note that GX3 is end of life, per vendor)
• Xerox – SMB Workflow Scanning on printers not running ConnectKey Firmware, such as WC75XX models) – http://forum.support.xerox.com/t5/Copying-Faxing-Scanning/Xerox-Machines-and-SMBv2-V3-Scanning-Support/td-p/204802/highlight/true/page/2

Microsoft is regularly updating the list, which is not comprehensive and is taking submissions at [email protected] or tweet @nerdpyle with hashtag #StillNeedsSMB1.

See the latest version of the list here.