0 Replies Latest reply on Jul 25, 2017 3:00 AM by Cheeseboard

    LEM Backup fails - SMBv1

    Cheeseboard

      We recently tried configuring the backup functionality in a newly installed instance of LEM but couldn't get it to connect to the target network share, If you're have a similar problem, perhaps after disabling SMBv1 in the wake of Wannacry this is for you.

       

      The following messages were displayed when we tried to run the backup:

       

      protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

      Share credentials validated.

       

      Backup configured to run daily.

       

      Would you like to run the backup now? <y/N> y

      Running backup, please wait...

      20170718: Checking for other running processes

       

      2017/07/18 14:52:34: Checking archive schedule with daily...

       

      2017/07/18 14:52:34: Not checking schedule, assuming on-demand archive.

       

      2017/07/18 14:52:34: unmounting old shares, in case any stale shares exist.

      umount: /tmp/smb: not mounted

       

      2017/07/18 14:52:34: mounting share //share/share with user USER on domain DOMAIN to mount point /tmp/smb

      Trying ntlmsspi

      Mount failed for //share/share as user USER ntlmsspi

      Trying ntlmssp

      Mount failed for //share/share as user USER ntlmssp

      Trying ntlmv2

      Mount failed for //share/share as user USER ntlmv2

      Trying ntlm2

      Mount failed for //share/share as user USER ntlm2

      Trying ntlm

      Mount failed for //share/share as user USER ntlm

      Trying insecure communication

      Mount failed for //share/share as user USER insecure communication

      2017/07/18 14:52:35: Beginning dump of alertdb to /tmp/smb/SolarWindsLEMAlertDBArchive

      2017/07/18 14:52:35: First I will do a touch test of SolarWindsLEMAlertDBArchive.test to see if I can create a file

      2017/07/18 14:52:35: Starting archive to SolarWindsLEMAlertDBArchive

       

      2017/07/18 14:52:46: done with archive. Result (if any): Success

       

      2017/07/18 14:52:46: Cleaning Up.

      umount: /tmp/smb: not mounted

       

      2017/07/18 14:52:46: done!

       

      We raised a case with Solarwinds support and the cause of the failure is that LEM can only use SMBv1 for backup, it doesn't support SMBv2 or 3. As we've disabled SMBv1 due to it's known security vulnerabilities we can't backup our LEM. SW support advise that a fix will be included in the next major release (possibly 6.4) but cannot give even an estimate as to timescales for a release date so we are unable to backup our LEM for the time being unless we choose to compromise security on our file storage system and the word on that is "no".

       

      Given that SMBv1 has been known to be vulnerable for several years you might have thought LEM would by now support something more secure. Apparently not.