none
SMB2 server sends a TCP RST ACK to the client (Windows 2008 Server R2 Enterprise) RRS feed

  • Question

  • The client program first sends a NegotiateProtocol packet to the server and says it's a SMB2 client. The server responds back normally with a NegotiateProtocol Response with it's capabilities.

    Now we keep our client silent by not sending a SessionSetup Request. This results in our client sending an TCP ACK acknowledging the NegotiateProtocol Response. (We don't do it, the the TCP stack sends it).

    After exactly 30 seconds, the server responds with a RST, ACK packet and we can't communicate with the server again without starting over again.

    Is this expected behaviour from an SMB2 server. If so? How do we increase this time limit.

    We tried the "ConnectionNoSessionsTimeout" registry fix described in http://technet.microsoft.com/en-us/library/cc957471.aspx.  But this doesn't work. I believe this works only for Windows Server 2003 and not Windows Server 2008 R2 Enterprise.

    Any help received will be very welcome.

    Thursday, March 21, 2013 3:09 PM

Answers

  • Venkat,

    As mentioned in my previous response, the connection object is being scavenged because the session table remains empty for a period of time more than the session expiration timer cycle. This behavior extends to any incomplete connection which does not have an active (not in-progress) session. This includes cases where no negotiation, no authentication was completed.

    The protocol documents will be updated to reflect the following:

    -         In Connection ADM, store the time at which a connection is established.

    -         At session expiration timer event, the server should also check for incomplete connections which have past the timeout and disconnect them.

    Thanks,

    Edgar

    Thursday, April 4, 2013 4:32 PM
    Moderator

All replies

  • Hi venkat.thirumal,

    Thanks for your question.

     

    Someone from our team will get in touch with you shortly.

     

    Thanks and regards,

     

     


    SEBASTIAN CANEVARI - MSFT Escalation Engineer Protocol Documentation Team

    Friday, March 22, 2013 1:14 AM
  • ConnectionNoSessionsTimeout only applies to SMB.

    Your scenario is a special case where a Connection object has been created, but the SessionTable remains empty. As a result, the connection is being scavenged.

    MS-SMB2 3.3.2.3   Session Expiration Timer

    This timer controls the periodic scheduling of searching for sessions that have passed their expiration time. The server SHOULD<164> schedule this timer such that sessions are expired in a timely manner.

    <164> Section 3.3.2.3: Windows-based servers implement this timer with a constant value of 45 seconds.

    In a quick test with W2k8r2, the server disconnected the connection and sent the TCP RST in a little bit over 45 seconds.

    Thanks,

    Edgar

    Friday, March 22, 2013 9:47 PM
    Moderator
  • Venkat,

    As mentioned in my previous response, the connection object is being scavenged because the session table remains empty for a period of time more than the session expiration timer cycle. This behavior extends to any incomplete connection which does not have an active (not in-progress) session. This includes cases where no negotiation, no authentication was completed.

    The protocol documents will be updated to reflect the following:

    -         In Connection ADM, store the time at which a connection is established.

    -         At session expiration timer event, the server should also check for incomplete connections which have past the timeout and disconnect them.

    Thanks,

    Edgar

    Thursday, April 4, 2013 4:32 PM
    Moderator