"System error 2148073478," "extended error," or "Invalid Signature" error message on SMB connections in Windows Server 2012 or Windows 8
- When you use a DIR command that has a UNC path: Invalid Signature
- When you run a NET USE command: System error 2148073478 has occurred
- When you try to browse to the UNC path: An extended error has occurred
- A live migration of Hyper-V servers (running either Hyper-V Server 2012 or Windows Server 2012 and Window 8) fails. This occurs because the storage is required to be hosted on an SMB share.
- You cannot map network drives to an SAN in a Window 8-Windows Server 2012 environment.
For more information about the importance of secure negotiation, see http://blogs.msdn.com/b/openspecification/archive/2012/06/28/smb3-secure-dialect-negotiation.aspx.
The ability to disable secure negotiate functionality may be removed in future operating systems.
To work around this problem, use either of the following methods:
- Require signing on the third-party file server
To require signing on the SMB client or the SMB server, turn on the "RequireSecuritySignature" setting. See your vendor’s documentation for instructions to set the signing setting to "required" on the vendor’s SMB server.
You can enable signing by using PowerShell on a Windows Server 2012 or Windows 8 client. To do this, run the following command:
Set-SmbClientConfiguration -RequireSecuritySignature $true
- Disable "Secure Negotiate" on the client
You can disable the Secure Negotiate option by using PowerShell on a Windows Server 2012 or Windows 8 client. To do this, run the following command:Note This command may wrap to multiple lines in your web browser.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force
Article ID: 2686098 - Last Review: 03/02/2015 19:46:00 - Revision: 12.0