It's a common complaint that in recent versions of Mac OS 10.x, browsing Windows-hosted SMB shares is incredibly slow. Not every solution works, but here are 3 simple fixes that completely solved the issue for me (Using Windows Server 2012 & 2012R2 with Mac OS X 10.9 & 10.10).
Dec 25, 2019 How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows.; 8 minutes to read; In this article Summary. This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), and SMB version 3 (SMBv3) on the SMB client and server components. SMB 3.0 was introduced in Windows Server 2012 and further enhanced in Windows Server 2012 R2 (SMB 3.02) and Windows Server 2016 (SMB 3.1.1). This version introduced technologies that may significantly improve performance and availability of the file server. For more info, see SMB in Windows Server 2012 and 2012 R2 2012 and What's new in SMB 3.1.1.
On the Mac, open up Terminal and enter the following command:
Microsoft SQL Server over SMB. SQL Server can store user database files on SMB file shares. Currently, this is supported with SQL Server 2008 R2 for stand-alone SQL servers. Upcoming versions of SQL Server will add support for clustered SQL servers and system databases. Traditional storage for end-user data. The SMB 3.0 protocol provides. Server Message Block provides file sharing, network browsing, printing services, and interprocess communication over a network. The SMB protocol relies on lower-level protocols for transport. The Microsoft SMB protocol was often used with NetBIOS over TCP/IP (NBT) over UDP, using port numbers 137 and 138, and TCP port numbers 137 and 139. Mar 13, 2015 If you're already using IP try the hostname and include the username and share name in there when you attempt to connect - SMB://DOMAIN;User@servername/sharename - if you have spaces in the share name, get rid of them. Also verify that ports 137, 138, 139 and 445 (used by SMB) are not blocked on mac or pc. Apr 20, 2017 This requires the use of Microsoft’s file-sharing protocol, Server Message Block (SMB), which presents significant compatibility issues in mixed Mac/Windows environments. Apple has its own protocol for network file sharing – Apple Filing Protocol (AFP) – but most NAS devices and Windows file servers natively communicate only via SMB.
defaults write com.apple.desktopservices DSDontWriteNetworkStores true
Adapter Properties -> IPv4 properties -> Advanced -> WINS tab -> Enable NetBIOS over TCP/IP
Make sure this setting is enabled.
On the Windows server, open Powershell as an administrator and run:
get-smbserverconfiguration
Look for the values for smb2creditsmin and smb2creditsmax. On my server, the defaults were 128 and 2048 respectively. To change these settings, run
set-smbserverconfiguration -smb2creditsmin 512 -smb2creditsmax 8192
and respond Y to the confirmation prompt.
Following these three steps instantly fixed the issue for me and others, and my Macs are now browsing the file shares just as fast as their Windows counterparts.
Hey Chris, could you confirm that read and write speeds over SMB 3 on OSX 10.10 are the same as read and write speeds over SMB 3 on windows 8.1? Are you using 10gbe or 1gbe?
We are using 10gbe and are seeing great read speeds (850MB/s) but not so great write speeds (400MB/s) even though our RAID can easily go up to 3,500MB/s.
Thanks,
Philipp
Hi OSXUser, most (all?) RAID setups have inherently better read speeds compared to write speeds, and this has to do with the mechanics of RAID itself (see: http://www.raid-calculator.com/raid-types-reference.aspx). I suspect that if you benchmarked your Windows machines, you'd see a similar result to your Macs.
Hi Chris,
No the RAID actually gets 3,000 MB/s write. I can also hit it with multiple Macs each at 400MB/s write. The Windows server also has a PCI SSD with 2000MB/s read and write. The throttle seems to be on the LAN side.
When connection one Mac Pro to another Mac Pro we get 800 MB/s read and write. But when connecting from Mac Pro to Windows Server the write is much slower than tge read.
Any ideas?
This solved the issue for me too. However, if use Hamachi to access the file shares from another country, I have to wait 2 or 3 minutes for the folders to show up. Then when the folders do show up and I open another folder, I have to wait again for those folders to show up.
However, using Hamachi from a windows computer, there is no wait time for folders to show up.
Any resolution for this?
OSXUser, that's strange- but you're right, sounds like it's LAN stuff. And it sounds like you're not the only guy noticing this. I googled and found this- might have some ideas: https://social.technet.microsoft.com/forums/windowsserver/en-US/46898c7f-92e0-4c99-98d2-18a7458a7d2d/slow-network-write-speeds-via-smb-cifs
Oscar3097, have you poked around to see if other Hamachi users have experienced the same issues? Sounds like a Hamachi issue to me.
Chris, I thought this was a Hamachi issue but I discarded that idea because I can browse without a problem from windows computers. I have this problem when browsing from macs in Argentina, Puerto Rico, Panama, Brazil Mexico but not if they use windows. I had the same problem in the local lan, but using your fix we can now browse fast from all macs in the office.
Hi Chris,
I know this is an older thread but it is something I need to fix for two clients. I followed your excellent instructions and was successful for my Windows 2012 client, but when I run the set-smb.. on a Windows 2008 R2 it says it isn't a recognized cmdlet. Any help that you could give me would be greatly appreciated.
Hi kimcassidy, just saw this now- sorry for the late reply. I know that the ability to manipulate SMB through PowerShell was added with Server 2012; I'm not sure if you can upgrade your version of PowerShell or import the SMB module into 2008. Others might have more experience with this..
I don't think this this is possible on Server 2008 R2. is it??
I just made an account to praise you for writing this little article. It made my home theater set up go from struggling w/ 720p to streaming remux 1080p bluray with only occasional hiccups.
It's still slower than I would think it would be given the pipes it's coming through, but at least it can handle the 2.77MB/s required to stream this big video.
This seemed to do the trick here too.
OSX users instantly noticing improved browse and file transfer speeds after applying the 3 steps above.
This worked for me..Took my searches from 3-5 minutes down to about 16 seconds. I'll take it!
Jan 26, 2019 Drop down menus not working in Office for Mac 2016, neither in Word or in Excel. Just recently got MS Office for Mac 2016 (version 15 it says in About.) but none of the pull-down menus actually work so (for example) I can't change the font color in Word or put borders around a cell in Excel. Mac microsoft office no drop down. Nov 30, 2018 Mac office 2016 drop down menu not displaying. I have tried installing back over the top and there are no updates for the os or office available. I hope someone has seen this before? Thanks very much. Popular Topics in Microsoft Office.
This worked for me, but then it didnt :/
I was trying out a direct connection between my MBP and consumer Win10 machine connected direct via thunderbolt.
They connected up nice and easily, and when running a test of disk speed from the MBP (with Blackmagic disk speed test) the internal drives on the Win machine tested at their full speed for around 500MB/s.
However, external drives did not work - I was getting write speeds of around 5MB/s
I ran across this page and when I enabled NetBIOS over TCP/IP this seemed to fix the issue - external drives mounted on the Win side would test at their capacity of 320MB/s when testing from the MBP.
However, I have connected again a couple of weeks later and the network speeds have dropped back down to 5-6MB/s.
I cannot for the life of me fathom what has changed, everything is still enabled on the windows side, and crucially this is only for externally mounted drives. The internal drives on the Windows machine still test at their full speed.
Do you have any ideas?
Hi,
Any chance someone could provide some details on what each of these commands do.
We are an office of some 100 users and i am hesitant to make changes to fix the issues for our 1 mac user if there is any negative effect for the 99 windows users.
Thanks,
Could someone confirm that this is still an issue with the newest Mac OSx?
Applies to: Windows Server 2012 R2, Windows Server 2012, Windows Server 2016
This topic explains the SMB security enhancements in Windows Server 2012 R2, Windows Server 2012, and Windows Server 2016.
SMB Encryption provides end-to-end encryption of SMB data and protects data from eavesdropping occurrences on untrusted networks. You can deploy SMB Encryption with minimal effort, but it may require small additional costs for specialized hardware or software. It has no requirements for Internet Protocol security (IPsec) or WAN accelerators. SMB Encryption can be configured on a per share basis or for the entire file server, and it can be enabled for a variety of scenarios where data traverses untrusted networks.
Note
SMB Encryption does not cover security at rest, which is typically handled by BitLocker Drive Encryption.
SMB Encryption should be considered for any scenario in which sensitive data needs to be protected from man-in-the-middle attacks. Possible scenarios include:
Important
You should note that there is a notable performance operating cost with any end-to-end encryption protection when compared to non-encrypted.
You can enable SMB Encryption for the entire file server or only for specific file shares. Use one of the following procedures to enable SMB Encryption:
To enable SMB Encryption for an individual file share, type the following script on the server:
To enable SMB Encryption for the entire file server, type the following script on the server:
To create a new SMB file share with SMB Encryption enabled, type the following script:
By default, when SMB Encryption is enabled for a file share or server, only SMB 3.0 clients are allowed to access the specified file shares. This enforces the administrator's intent of safeguarding the data for all clients that access the shares. However, in some circumstances, an administrator may want to allow unencrypted access for clients that do not support SMB 3.0 (for example, during a transition period when mixed client operating system versions are being used). To allow unencrypted access for clients that do not support SMB 3.0, type the following script in Windows PowerShell:
The secure dialect negotiation capability described in the next section prevents a man-in-the-middle attack from downgrading a connection from SMB 3.0 to SMB 2.0 (which would use unencrypted access). However, it does not prevent a downgrade to SMB 1.0, which would also result in unencrypted access. To guarantee that SMB 3.0 clients always use SMB Encryption to access encrypted shares, you must disable the SMB 1.0 server. (For instructions, see the section Disabling SMB 1.0.) If the –RejectUnencryptedAccess setting is left at its default setting of $true, only encryption-capable SMB 3.0 clients are allowed to access the file shares (SMB 1.0 clients will also be rejected).
Note
SMB 3.0 is capable of detecting man-in-the-middle attacks that attempt to downgrade the SMB 2.0 or SMB 3.0 protocol or the capabilities that the client and server negotiate. When such an attack is detected by the client or the server, the connection is disconnected and event ID 1005 is logged in the Microsoft-Windows-SmbServer/Operational event log. Secure dialect negotiation cannot detect or prevent downgrades from SMB 2.0 or 3.0 to SMB 1.0. Because of this, and to take advantage of the full capabilities of SMB Encryption, we strongly recommend that you disable the SMB 1.0 server. For more information, see Disabling SMB 1.0.
The secure dialect negotiation capability that is described in the next section prevents a man-in-the-middle attack from downgrading a connection from SMB 3 to SMB 2 (which would use unencrypted access); however, it does not prevent downgrades to SMB 1, which would also result in unencrypted access. For more information on potential issues with earlier non-Windows implementations of SMB, see the Microsoft Knowledge Base.
SMB 3.0 uses a more recent encryption algorithm for signing: Advanced Encryption Standard (AES)-cipher-based message authentication code (CMAC). SMB 2.0 used the older HMAC-SHA256 encryption algorithm. AES-CMAC and AES-CCM can significantly accelerate data encryption on most modern CPUs that have AES instruction support. For more information, see The Basics of SMB Signing.
The legacy computer browser service and Remote Administration Protocol features in SMB 1.0 are now separate, and they can be eliminated. These features are still enabled by default, but if you do not have older SMB clients, such as computers running Windows Server 2003 or Windows XP, you can remove the SMB 1.0 features to increase security and potentially reduce patching.
Note
SMB 2.0 was introduced in Windows Server 2008 and Windows Vista. Older clients, such as computers running Windows Server 2003 or Windows XP, do not support SMB 2.0; and therefore, they will not be able to access file shares or print shares if the SMB 1.0 server is disabled. In addition, some non-Microsoft SMB clients may not be able to access SMB 2.0 file shares or print shares (for example, printers with “scan-to-share” functionality).
Before you start disabling SMB 1.0, you'll need to find out if your SMB clients are currently connected to the server running SMB 1.0. To do this, enter the following cmdlet in Windows PowerShell:
Note
You should run this script repeatedly over the course of a week (multiple times each day) to build an audit trail. You could also run this as a scheduled task.
To disable SMB 1.0, enter the following script in Windows PowerShell:
Note
If an SMB client connection is denied because the server running SMB 1.0 has been disabled, event ID 1001 will be logged in the Microsoft-Windows-SmbServer/Operational event log.
Here are some additional resources about SMB and related technologies in Windows Server 2012.