SMB 2 protocol over Zywall VPN

SMB 2 protocol over Zywall VPN
Links: home · search · speed test · login · more ·

Links: Reply New Topic
Forums » Hardware By Brand » ZyXEL » SMB 2 protocol over Zywall VPN

mudtoe @ 6th Oct 01:27AM:
SMB 2 protocol over Zywall VPN

Hi folks:

I'm having an issue with the SMB 2 protocol and doing file copies over a VPN with a Z35 on one end and a USG 100 on the other.

By way of background if you do file sharing between two Vista machines, two Windows Server 2008 machines (including SBS 2008), or a Vista and Windows Server 2008 machine, by default the SMB connection between the two is SMB 2. If WinXP, or Windows Server 2003 or earlier is on at least one end of the connection then the connection is the original SMB (aka SMB 1), even if one of the partners is Vista or Windows 2008.

The problem occurs only with file copies across the VPN between machines using SMB 2. Directory listings show up fine, but when files are copied, the copy operation basically hangs and never finishes. There is a way to disable SMB 2 in Vista, Server 2008, and SBS 2008 such that it will only connect using SMB 1 regardless of who is on the other end, and if I do that everything works fine.

I'm not sure if this is a Zywall issue, or is somehow an issue across all VPNs. I haven't had much luck searching the internet for this problem; the closest I've come across is a registry tweak to disable the "calculating time" function that Vista and Server 2008 do when copying files, however that didn't fix anything.

If anyone has a VPN using two Zywalls and has a Vista or combination of Vista and Server 2008 on either end I'd be interested if you could run a test and see what results you get.

Thoughts and suggestions welcome.

mudtoe
reply

Brano @ 6th Oct 08:25AM:
Re: SMB 2 protocol over Zywall VPN

Sounds like a bug.
Report it to ZyXel directly and you may try to post to direct ZyXel forum here »forum.zyxel.com
--
openSUSE 11.1, KDE 4.2
reply

lorennerol @ 6th Oct 11:46AM:
Re: SMB 2 protocol over Zywall VPN

I've had a similar problem transferring large files over wireless connections (3Com and Apple APs) to/from Win2008 servers and Vista/Win7 PCs.

Not much help, I know, but it adds some info to the issue.
reply

eugenek @ 6th Oct 03:04PM:
Re: SMB 2 protocol over Zywall VPN

Doing a search for 'file copy' and windows 2008 in the microsoft kb turned up these SMB2 articles.

However these problems should show up between 2 PCs on the same network too (the WAN/VPN latency would magnify the problem).

»support.microsoft.com/kb/973554
»support.microsoft.com/kb/950836
»support.microsoft.com/kb/955427
»support.microsoft.com/kb/958702
reply

mudtoe @ 9th Oct 01:04PM:
Re: SMB 2 protocol over Zywall VPN

I've seen some of those, but not all. I'll have to check them out. However, I'm somewhat skeptical about them working because first, the copy never works at all in the situation I described, it's not just slow. Second, I transfer files back and forth between my Vista laptop and SBS 2008 over the internet all the time, but I'm using OpenVPN, not the router's Ipsec VPN, and the bandwidth in those situations is even less than the situation that caused the problem, because the laptop is typically using one of those mobile broadband cards.

That said, it does seem like it's going to be necessary to conduct a more rigorous test in order to lock in on the issue. I'm not real hot on the idea of applying all those hot fixes to my customer's SBS 2008 server (I was originally having the problem copying files from my SBS 2008 server to my customer's SBS 2008 server using a VPN with Zywall's on both ends), but maybe I can use my Vista laptop at my customer's site (using their VPN instead of OpenVPN) to test the hot fixes on my own copy of SBS 2008. First I'll need to establish that the problem can be recreated between my laptop and my SBS server if I connect the laptop to my customer's network.

I just love doing these "extra" projects that I'm not going to get paid for :uhh:

mudtoe
reply

ullerdk @ 15th Nov 06:44AM:
Re: SMB 2 protocol over Zywall VPN

Interesting thread this one.

For some months now my users have been experiencing very slow boot ups on their Windows Vista (and now also Windows 7) notebooks. Extreme cases shows 30-60 min waiting time before CTRL+ALT+DEL screen shows up and even after typing in the password it could take 20-30 min. before getting into the computers desktop. This ONLY happens when booting the computer connected to a LAN that have a VPN-connection to the HQ. (Zywall 5 to USG300). All 3 domain controllers is running Windows 2008.
Could this SMB2 issue maybe be the cause for this problem or is SMB2 not used for the login process on Windows?

Update: Thinking about it - every now and then, I experience that connecting to a server with RDP over the VPN to a Windows 2008 server cannot be completed. It just hangs while trying to connect. I can ping the server, and I can also connect by RDP to another server with Windows 2003. If I reboot my Zywall5 (so the VPN-tunnel gets down and up), I can immediately after connect again to the Windows 2008 server. As I see it, this cannot be related to the SMB2 problem, but maybe there is a generic bug with VPN between USG boxes and Zywall ZyNOS boxes.
Regards
Ulrik
reply