Network Attached Storage​

 View Only

 smb2.0 error messages

  • Network Attached Storage
  • Hitachi Network Attached Storage NAS
Tony Ortiz's profile image
Tony Ortiz posted 02-02-2018 18:09

Hello, we are using HNAS with Windows Server domain controllers for authentication. After switching to Corporates new domain controllers we are receiving the following messages every 2 hours. Share Access seems to be working as Normal the messages are getting more annoying. Is this an HNAS thing or Windows Server. Dont know were to start looking.

From the HNAS event logs:

"SMB2.0: Response received with an invalid signature from 10.35.19.21: this event, Id 6558, happened 667 times in the

last 120.1 min on the MMB1."

Cause:

A packet with an invalid signature field in the header was received on an SMB2 connection.Resolution:The packet was discarded.
#HitachiNetworkAttachedStorageNAS
Jan Iwan Mokken's profile image
Jan Iwan Mokken posted 07-02-2018 12:14

The error seems to related to the issue decribed in KB2686098. (https://support.microsoft.com/en-us/help/2686098/system-error-2148073478-extended-error-or-invalid-signature-error-mess )

Basically the HNAS needs a firmware upgrade that resolves the SMB secure negotionation error

Simon Crosland's profile image
Simon Crosland posted 07-02-2018 17:01

The HNAS has supported SMB 2 and 3 secure negotiation for a long time. I would suggest opening a support case so that Hitachi Vantara support can help you understand the cause.

Nathan Buck's profile image
Nathan Buck posted 08-30-2018 21:41

The error message is indicating that you have a client system (10.35.19.21) that is attempting to access a share in one of your EVS using SMB2 (the protocol, not necessarily the dialect, could be smb2, smb3, etc) but it is not providing valid signing against the current Domain.

Most likely it is providing credentials that do not valid in the current/new Active Directory.  The message also indicates that it is attempting this access once every 10 seconds (120 min / 666 attempts).  Best bet would be to review your client at 10.35.19.21 for automated/scheduled tasks or applications that attempt to access UNC paths and double check the credentials being used. 

Related Content