The risks of using the deprecated SMBv1 feature on a Windows Server. Potential collisions with Continuity Engine functionality.

The risks of using the deprecated SMBv1 feature on a Windows Server. Potential collisions with Continuity Engine functionality.

Summary

This knowledgebase article provides information regarding the risks of using SMBv1 feature which was deprecated and superseded by SMBv2 on Windows Server operating system starting with 2019 version. And how this bad-practice interacts with Continuity Engine File Server plugin functionality.

Description

How SMBv1 may get enabled on Windows Server 2019 (or higher)?

Windows Server 2019 no longer has enabled by default the SMBv1 client or server by default after a clean installation. However, SMBv1 can still be installed at a later time via Add Roles and Features. Also, SMBv1 configuration is preserved in case of an in-place upgrade to Windows Server 2019.

Continuity Engine interaction with SMBv1

The Computer Browser service relies on the SMBv1 protocol to populate the Windows Explorer Network node (also known as "Network Neighborhood"). This legacy protocol is long deprecated, doesn't route, and has limited security. Because the service cannot function without SMBv1, it is removed at the same time starting WS2019. But what happens on systems where this feature gets enabled? 
Computer Browser service depends directly on Server  service, which is protected by Continuity Engine via the File Server plugin. The target state of the Server service on active is Restarted whilst protected by the File Server plugin (i.e. Server  service is bounced each time an Engine node is made active). Consequently, Computer Browser service is also bounced as dependent service. This behavior is by design and has no undesired impact on the operating systems supporting SMBv1. But, starting with WS2019, bouncing this deprecated service (if present) may lead to bowser.sys driver failing to unload properly. And this could lead to BSOD.
In other words Engine is nothing more than the "usual suspect" for system instability. Just because it triggers a regular operation which in a deprecated scenario misbehaves.

Recommendation

Using SMBv1 feature makes your system both unsecure and unstable disregarding if Engine is in the picture or not. So better leave it disabled.
Microsoft's official recommendation about SMBv1: We strongly recommend that you don't reinstall SMBv1. This is because this older protocol has known security issues regarding ransomware and other malware.

Workaround (only if recommendation is ignored)

Remove Server (lanmanserver) service from FileServer plugin's protected list: this will eliminate the risk of Computer Browser (browser) service being bounced at switchover, but creates a potential risk for newly added file shares not being visible on new active after the switchover (till lanmanserver is restarted).
  1.  Attention: This workaround just prevents Engine from bouncing browser service. The BSOD may still happen in the case Computer Browser  is bounced by any other component. 

Applies to

Continuity Engine 9.x (or newer) protecting WS2019 (or newer) File Server with SMB1 and Computer Browser features installed

    • Related Articles

    • Continuity Engine Product Architecture

      Learning objectives At the completion of this session, you should be able to: Identify major components of the Neverfail Continuity Engine product architecture. Describe major component configuration. Identify advantages of the Neverfail Continuity ...
    • Using the Neverfail Continuity Engine Management Service

      Summary This Knowledgebase article provides an introduction to the Neverfail Continuity Engine Management Service. More Information Using the Engine Management Service User Interface The Engine Management Service is the primary tool used for ...
    • Continuity Engine Features and Benefits

      Neverfail offers a High Availability & Disaster Recovery solution focused on continuous availability. To ensure continuous availability, Neverfail uses fully redundant servers including a Primary server and the Secondary server. Each server is ...
    • Continuity Engine Troubleshooting - Application Slowdowns

      This artcle discusses application slowdowns that you may encounter under routine operations. Neverfail Continuity Engine is designed to provide robust continuous application support and a slowdown of protected applications is considered an abnormal ...
    • Reference: Continuity Engine Product Architecture

      Summary This Quick Reference provides an overview of the key concepts and components of Neverfail Continuity Engine product architecture: More Information Key Concepts and Components Component / Concept Description Active-Passive Server Pair ...