Microsoft has announced the launch of Windows 11 Insider Preview Build 25381 to the Canary Channel. The latest build has introduced SMB signing requirement changes. Microsoft has revealed that SMB signing is required by default for all connections starting with Windows 11 Insider Preview Build 25381 Enterprise editions. This functionality is added to enhance the security of Windows and Windows Server for the modern landscape. Going forward, all versions of Windows and Windows Server provide support for SMB signing but a third-party could disable it.
The system will throw error messages such as 0xc000a000, -107370086, STATUS_INVALID_SIGNATURE, and The cryptographic signature is invalid. These messages will be displayed if you attempt to establish connectivity with a remote share on a third-party SMB server that does not allow SMB signing.
As per Microsoft’s official recommended guidance, you should configure your third-party SMB server to support SMB signing to resolve the errors. You should not disable SMB signing in Windows or make use of SMB1 to work around this behavior. AN SMB device will not provide support for interception and relay attacks from malicious parties. You should note that SMB signing can reduce the performance of SMB copy operations. You can mitigate with additional physical CPU cores or virtual CPUs including faster CPUs.
You can execute the following PowerShell commands to view the current SMB signing settings
Get-SmbClientConfiguration | fl requiresecuritysignature
Get-SmbClientConfiguration | fl requiresecuritysignature
You should run the below PowerShell command as an elevated administrator to disable the SMB sign-in requirement in client connections.
Set-SmbClientConfiguration -RequireSecuritySignature $false
You should run the below PowerShell command as an elevated administrator to disable the requirement for SMB signing in server running on Windows 11 Insider Preview Build 25381 and higher with Enterprise edition devices.
Set-SmbServerConfiguration -RequireSecuritySignature $false
The reboot is not required by existing SMB connections will continue to use signing until they are closed.
The Windows 11 Insider Preview Build 25381 also adds a pop-up dialog with the required recommendation to launch the automated Get Help troubleshooter, This will resolve a camera streaming issue such as camera failing to start or a closed camera shutter.
Microsoft also launched Cumulative Update for the Windows 11 Insider Build 25381.1200 via KB5027849. This update is being pushed to test the servicing pipeline for builds in the Canary Channel without any new features.
The Canary Channel builds are hot off the presses. Microsoft will publish blog posts or documentation only if there are new features included with the Canary Channel build. The Canary Channel is the place to preview platform modifications that require longer-lead time before global release. This includes changes to the Windows Kernel, new APIs, and much more. Microsoft has warned that there will be major issues that could result in your PC not working properly. There can be situations where you need to reinstall Windows.