I recently enabled SMB signing for security reasons, but it completely broke our Remote Desktop Farm setup. The farm includes Brokers, Session Hosts, and a File Server that manages the User Profile Disks (UPDs). After the change, users were unable to log in at all, and I had to revert the changes to restore functionality. I'm looking for advice on how to resolve this issue without reverting the SMB signing change.
4 Answers
Never sing to RDP!
Before implementing any changes, it's really important to test them first. Once you apply changes in a production environment, you should also test them immediately rather than waiting for users to notice problems. Additionally, take a look at the Windows event logs for more insights. And remember, when seeking help, it’s crucial to provide specific details about your environment.
Did you enable SMB signing on all the RDS servers, the connecting clients, and the file server that handles user profiles? Check the Group Policy: go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options, and make sure both 'Digitally sign communications (always)' for clients and servers are enabled.
What version of the OS is your farm running? We rolled out SMB signing across various OS versions a while back without issues. It’s strange that you're facing problems now. I've not encountered similar complaints regarding SMB signing until your post.
We're using Windows Server 2022.