Can't connect to Time Capsule if SMB1 is off

Question

Can't connect to Time Capsule if SMB1 is off

I have a Windows 7 computer that is running the AirPort software so I can connect to my Time Capsules drives. I turned the SMB1 client off and now can't connect. After reboot I get an AirPort Disk login window. I enter my password and then get two different errors. One is "Unknown user, incorrect password, or login is disabled" error 58. The other is "Could not connect to the disk. Make sure NetBIOS is enabled" error 53. If I re-enable the SMB1 client it works fine.

As you know SMB1 is cryptographically broken and a significant security risk. Apple needs to fix the Time Capsule to not require SMB1.

Is this a known issue? Please let me know if you need more information.

Thanks,

Eric

null-OTHER, Time Capsule 2 TB and 3 TB

Posted on Oct 8, 2017 9:10 AM

Reply

Answer 1

Tesserax

Level 10

157,860 points

Oct 9, 2017 12:54 PM in response to erickoolbrown

I haven't had a opportunity yet to verify which SMB dialects are used between the various Windows clients and the TC so I can't verify that the TC only uses SMB1 for files sharing with PCs. If you are familiar with Wireshark you can do this yourself.

If not, and if I remember correctly there is a PowerShell command that you can use to verify the SMB version that a Windows client is using to connect to a file server. That command is: Get-SmbConnection

The results of this command should show the server name, share name, dialect, and a few other things in a table-like format. Dialect would be the SMB version that was negotiated between the client and the server.

Ref: Which version of SMB protocol are you using on your File Server? - Microsoft TechNet

Reply

Answer 2

Oct 8, 2017 1:07 PM in response to erickoolbrown

Exactly which model TC is it.. and I presume running the latest firmware.

For Apple computer it is not a problem because it uses AFP for time machine backups.

But there is a good chance it needs SMB1 for windows.

Tesserax did some testing and he found Time Machine from a Mac can use SMB2 or SMB3 to a NAS like Synology.

But the design of the TC is very old now and it is possible that is why it is still using AFP for backups.

Reply

Answer 3

Oct 8, 2017 11:29 PM in response to erickoolbrown

Product feedback is here.

Product Feedback - Apple

You could copy files directly from PC to the Mac.. but it is pretty ordinary to keep running SMB1 on the TC.. but as I said the Mac does not use it at least for Time Machine.. and Apple only built it for Time Machine.

There has been a flurry of complaints about the TC and windows since win10 with apple aware of problems but clearly uninterested in the windows world at the present time. The utility is still ancient and is not even considered suitable for later Extreme or TC. So far Apple have not updated it and I suspect now with the product reaching over 4 years old and since design is over 5 years.. nothing much more is coming.

Reply

Answer 4

Oct 8, 2017 9:02 PM in response to LaPastenague

I have two Time Capsules. The model numbers are A 1470 and A 1409. The firmware of both is up-to-date according to my Mac's AirPort Utility.

Maybe the AirPort for Windows software is what requires SMB1. And the issue is not with Time Machine, it is with shared drives. I use the TC shared drives to move files between my Macs and Windows machines.

Apple, please fix this so that the SMB1 client on Windows can be turned off without breaking TC disk sharing. SMB1 is 20 years old now and cryptographically broken. Stop relying on it!

Is there a formal way to file a bug with Apple?

Thanks

Reply