We just purchased the Branch Repeater and Wanscaler.
our logs on the branch repeater have a lot of this entry
CIFS Session from client <ip> to server <ip> cannot be accelerated for CIFS due to server security settings.
unfortunately our domain controllers are also file servers, i know not the best practice. In any case the documentation gives me a link how to disable this. I have two questions on doing this. 1. Disabling Digitally sign communcations on the domain controllers is that a bad idea and 2. Do I have to disable this setting on every server that talks to the branch repeater?
5.14.2 CIFS Security and AccelerationWindows file servers have two security modes, “signing” and “sealing.” Both inhibitCIFS acceleration.By default, Windows file servers offer signing but do not require it, except for domainservers, which require it by default.To achieve CIFS acceleration with systems that require signing, you must change thesystem security settings to disable this requirement. This is done from “Local SecuritySettings.”Windows 2003 Server (see Figure 5-22):• Set “Microsoft network client: Digitally sign communications (always)” to“Disabled”• Set “Microsoft network server: Digitally sign communications (always)” to“Disabled”Windows 2000 Server (see Figure 5-23):• Set “Digitally sign server communication (always)” to “Disabled”• Set “Digitally sign client communication (always)” to “Disabled”
1. Disabling Digitally sign communcations on the domain controllers is that a bad idea and
I guess it depends how secure you need your network to be. What does your "security team" say? (or are YOU that person too? ).
2. Do I have to disable this setting on every server that talks to the branch repeater?
I suspect you'll probabably only need to do this on the DCs.
(If you STILL get the error appearing, you'll know I got it wrong!)
Paul
hmmm the whole point of asking is because we are not sure. Not a fan of testing things in our production environment. Anyone have any experience with this