Home » Microsoft Technologies

SMB2 Specification for Durable Open (Specs conflict)

Hello All,

I would just like to know what will server do if a client tries to reconnect (after network disruption) and then tries to recover a durable file (using SMB2_CREATE_DURABLE_HANDLE_RECONNECT create context).


From Handling a Transport Disconnect (http://msdn.microsoft.com/en-us/library/cc246790%28v=PROT.13%29.aspx)


If Open.OplockLevel is equal to SMB2_OPLOCK_LEVEL_BATCH, Open.OplockState is equal to Held, and Open.IsDurable is TRUE, the open MUST be preserved for a reconnect. The open MUST be removed from Session.OpenTable , Open.Connection is set to NULL, Open.Session is set to NULL, Open.TreeConnect is set to NULL, and Open.DurableOpenTimeOut is set to the current time plus an implementation-specific<297> default value.


This clearly specifies that " Open.Connection is set to NULL" however in: Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context (http://msdn.microsoft.com/en-us/library/cc246784%28v=PROT.13%29.aspx)


The processing changes involved for this create context are:

The server MUST look up an existing open in the GlobalOpenTable by doing a lookup with the FileId.Persistent portion of the create context.

If the lookup fails, the server MUST fail the request with STATUS_OBJECT_NAME_NOT_FOUND and proceed as specified in "Failed Open Handling" in section .

If Open.IsDurable is FALSE and Open.IsResilient is FALSE or unimplemented, the server MUST fail the request with STATUS_OBJECT_NAME_NOT_FOUND and proceed as specified in "Failed Open Handling" in section .

If Open.Connection is NULL, the server MUST fail the request with STATUS_OBJECT_NAME_NOT_FOUND and proceed as specified in "Failed Open Handling" in section .

.... ....




Upon disconnection, the server will set Open.Connection to NULL but maintain that Open object.

But when client [reconnects and] sends SMB2_CREATE request (with SMB2_CREATE_DURABLE_HANDLE_RECONNECT create context) the server will check if that Open object has Connection. If non, the operation fails.



Is my understanding wrong?


Thank you very much!



6 Answers Found


Answer 1

Hi Z33p_it,

Thank you for your question  regarding [MS-SMB2] Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context.  One of the Open Specifications team will contact you shortly to discuss your questions.

Best regards,

Tom Jebo
Senior Support Escalation Engineer
Microsoft Open Specifications


Answer 2

Hello Sir Tom,

Thank you very much for your support!

This is a great help for me.





Answer 3



[MS-SMB2] section “Handling a transport  Disconnect” has undergone some maintenance.  The paragraph you cited has been removed  and replaced with “If the open  is not being preserved  for a reconnect, then Open.LocalOpen MUST be closed. The open is removed from Session.OpenTable, and the open is freed. Then the session  MUST be removed from GlobalSessionTable and freed.”


                We propose that Section read in a future release, in its entirety, the text below.  The first bullet point remains the same, but the last three were added, including the last point, which is the new text related to your issue. Handling a Transport Disconnect


When the transport indicates a disconnect, the server  MUST enumerate the sessions established over this connection  in GlobalSessionTable.

For every such session in the table, the server MUST deregister every tree connect object  in Session.TreeConnectTable by invoking the event, as specified in [MS-SRVS] section The tree connect MUST then be removed from Session.TreeConnectTable and freed.

For every open in Session.OpenTable:


-If the server implements SMB 2.1 and supports leasing and if Open.IsResilient is TRUE, the open MUST be preserved for a reconnect. The open MUST be removed from Session.OpenTable, Open.Connection is set  to NULL, Open.Session is set to NULL, Open.TreeConnect is set to NULL, and Open.ResilientOpenTimeOut is set to the current  time plus Open.ResiliencyTimeout.


- If Open.OplockLevel is equal  to SMB2_OPLOCK_LEVEL_LEASE, Lease.LeaseState contains SMB2_LEASE_HANDLE_CACHING, Open.OplockState is equal to Held, and Open.IsDurable is TRUE, the open MUST be preserved for a reconnect. The open MUST be removed from Session.OpenTable, Open.Connection is set to NULL, Open.Session is set to NULL, Open.TreeConnect is set to NULL, and Open.DurableOpenTimeOut is set to the current time  plus an implementation-specific<295> default  value.


-If Open.OplockLevel is equal to SMB2_OPLOCK_LEVEL_LEASE, but Lease.LeaseState does not contain SMB2_LEASE_HANDLE_CACHING, Open.OplockState is equal to Held, and Open.IsDurable is TRUE, the open MUST be preserved for a reconnect. The open MUST be removed from Session.OpenTable, Open.Connection is set to NULL, Open.Session is set to NULL, Open.TreeConnect is set to NULL, and Open.DurableOpenTimeOut is set to the current time plus an implementation-specific<296> default value.


-If the Open is not being preserved for a reconnect, then Open.LocalOpen MUST be closed. The open is removed from Session.OpenTable, and the open is freed. Then the session MUST be removed from GlobalSessionTable and freed.


Any requests in Connection.RequestList MUST be canceled and freed.


Finally, the connection MUST be freed.


End of


Answer 4

Hello Sir Bryan,


Thank you very much for your answer.

I have follow-up question. I apologize for the inconvenience.



For an example scenario, a durable  open was requested (without combination with lease) and was granted, but then disconnection  happened...

(NOTE: Dialect only being used is 2.002 NOT 2.1 -so no support with Leasing and file  resiliency)


Then under the new [proposed] Section, such scenario will be handled by the cases below:

  "Any requests in Connection.RequestList MUST be canceled and freed.

   Finally, the connection  MUST be freed."


I assume that in this case, "Open.Connection" will still be freed.

(should I assume that this will be set  to NULL?)


Therefore it may still fail  in SMB2_CREATE_DURABLE_HANDLE_RECONNECT.

Because according to the specification  of DURABLE HANDLE RECONNECT, server  must fail if the corresponding "connection" of the open  object (being referred by the FID in the DURABLE HANDLE RECONNECT request) is NULL.


Thank you very much in advance!




Answer 5


I'll research this for you and respond as soon as I can.


Answer 6



We have completed our review.  You are correct that if connection  is freed, then it shouldn’t be maintained as Open.Connection, since it wouldn’t be valid if freed.  Instead of the solution you proposed (to set  Open.Connection to NULL), we propose changing the text at “Handling a Transport Disconnect” from “Finally, the Connection MUST be freed” To “Finally, the Connection MUST be freed, if it is not referenced by any object.”  We also propose removing bullet #4 at “Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context” that reads “4.  If Open.Connection is NULL, the server  MUST fail  the request  with STATUS_OBJECT_NAME_NOT_FOUND and proceed  as specified in "Failed Open Handling" in section”  We would also add these two bullet points to “Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context” (I included the existing  step before and after the new text for reference):


7.  The server MUST set the Open.Connection to refer to the connection that received this request

<new text>

8.  The server MUST set the Open.Session to refer to the session  that received this request.

9.  The server MUST set the Open.TreeConnect to refer to the tree connect that received this request.

<end new text>

11.The server MUST regenerate Open.FileId (the volatile portion  of the SMB2_FILEID).




Hello again,



I have another question.

Microsoft's SMB2 is a patented technology.

And according to MS-SMB2's first page, developers may refer to Microsoft Open Specification Promise / Community Promise.

However, the problem is that those promise's do not cover MS SMB2.


Open Specification Promise

(Published Sept 12, 2006  Updated Feb 1, 2007)



Community Promise

(Published Sept 12, 2007)



Is my understanding correct?

Again, thank you very much in advance!


To all developers, happy coding!




A year or so ago I created an import specification for importing an Excel
spreadsheet into Access 2007. So far it works on the monthly import, but if
they change the spreadsheet in the future it isn't going to work any more.
Where are the settings for the columns and field types, etc saved so that it
will be easy to modify them if needed? Becuase if I had to rewrite the
specs now for the current one I have completely forgotten what my parameters
and specs were! All I can find is a place to edit the description of the
specs i.e. "This imports the monthly cost report".

As a commercial developer, if I wish to develop a commercial email client that can talk to Exchange using the Exchange  and ActiveSync Open Specifications do I need to get an IP licence?

How do I pay for that if I haven't yet developed or sold any copies? Is
 it purely royalty based?

Who do I contact?

Hi Experts,
                   it was declared that pst file format specification will be available in first half of this year . Only draft specification for the same is available till now. Is it available now or any exact date of availability for the specification?

Thanks & Regards


In [MS-ODRAW].pdf document,

In section, pVertices field is "The number of bytes of data in the pVertices_complex property".

In section, pVertices_complex is an IMsoArray record.

In section 2.2.51, IMsoArray record specifies 4 components (nElems, nElemsAlloc, cbElem and data). The data size should be (cbElem * nElems) bytes or if cbElem equals 0xFFF0, data size should be (4 * nElems) bytes.

So the data size of IMsoArray record plus 6 bytes (of 3 initial fields of IMsoArray) must equal to the pVertices field of section

But MS Office PowerPoint 2003 is not storing the data in file according to the specification. Version 2007 is also behaving in same way.

I mean that data size according to IMsoArray record is not matching with the data size according to OfficeArtFOPT property value. With this inconsistency, we are not able to skip unnecessary fields and we are not able to get proper data for required fields.

There are other complex properties of type IMsoArray. They are also causing similar differences.

Example: If "Circular Arrow" or "No symbol" is created through autoshapes and saved the file, we can find at least one of the complex properties with inconsistent behavior.

I like to know whether the specification document is missing some data or I am missing some information. Please provide the required information to complete my implementation.



Hi all !

I've been coding in vb.net for a while an automated Excel files from vb.net for some projects. However, I have a problem in all my apps (that automates Excel) that I never solved (wasn't a big issue at that time) and now I just can't live with it anymore !! Here's my problem :

So I have a vb.net program that opens many Excel files (one by one) and gets data from those file. This process can take up to 20 minutes (a lot of data !!!!). All of this is made in "backgroud" (the user can't see the excel files being opened and everything). However, my main problem is that as soon as the user gets bored of waiting and opens an Excel file and starts working with it, it conflicts with my app.

When I used lines like oxlApp.ActiveWorkBook.Name, well, if the user opened an Excel file, the active workbook became the one the user just opened and not the one my code was reading at that time. So, I modified my code to always be like this :

oxlWorkbook = oxlApp.Workbooks.Open("blablabla.xls", False, True)

oxlworkbook.name="New Name"...

This way I could avoid conflict with the "active" thing. However, even with this, I get conflict when the user gets a message box from Excel in the file he opened (like a save file dialog) or when he is modifying a cell value. It's like if my oxlApp object would become unavailable until the dialog box is closed or the cell editing is finished. However, this is enough for my app to crash. What I understand is that the user opens his file in the same instance of Excel as the one I'm automating in background (oxlApp) and then a conflict can arise. Is there a way to avoid this ?


Thank you very much !



I have found several articles referring to the issue of the "Name Conflict" dialog box popping up when you open certain Excel 2003 files with Excel 2007.  One example is when using 2003 if the user sets a row or column to repeat, saves the workbook, then the workbook is opened in 2007 there is an Excel based modal dialog box that opens with the title "Name Conflict".  Apparently in 2003 a named region was created with the name "Print_Titles".  In 2007 Excel won't ignore this duplicate built-in named region and pops up a modal dialog box for the user to give this reserved name "Print_Titles" a new name.  The user can simply type in a unique string of characters, hit enter, and the workbook opens just fine.

Now for my problem: I use Interop to open multiple workbooks, retrieve information, and close them.  All as a "background" process by setting the Excel Application object in code to Visible = False.  In this situation the user never sees Excel opening/closing.  This process has worked flawlessly when all users had Office 2003 installed.  Now that they have upgraded to 2007 this "Name Conflict" modal dialog box is stopping the process from working, when it's encountered.  When my program executes the .Open method myWorkBook = myExcelApp.Workbooks.Open(FilePath) the application hangs.  Technically Excel is waiting on the user to respond to the modal dialog box and rename the Print_Titles region.  However the application is not visible so they can't.  To compound the problem it only happens on some Excel 2003 files, not all of them.  So just making excel visible means 80% to 90% of the time users still doesn't need to see the Excel file opening and closing, but 10% to 20% of the time they need to see it so they can answer the modal dialog box.

Is there any way that I am not finding that allows me to first even know for a fact that the modal dialog box is opened?  The .Open method just hangs in code execution.  If I can figure out that the problem is the modal dialog box is there any way to answer it, in code?

Thank you,
Jeremy Collins


If I host a workflow service in IIS, will persisted workflows with expired timers be reliably and automatically reloaded? What about if I host it with WorkflowServiceHost in my own app?

I haven't been able to find a clear answer to this question - all I found were old posts referring to the betas, where apparently you needed Workflow Management Service to do this, but this isn't in the shipping version of Workflow Foundation. I'd greatly appreciate a clear unambiguous answer.


Hello, I am looking into Rx to see if it can help me implement a fairly simple thread safe publish/subscribe scenario.

I need to allow a subscriber object to subscribe to a 'keyed collection feed' wherein:

    a) immediately upon subscribing the subscriber receives all current collection items.

    b) after subscribing, the subscriber receives notification about newly added items and newly deleted keys.

    c) publisher(s) may add/remove items from any thread and there is typically only one publisher modifying the collection at a time.

I'd like a concrete example that is done in Rx. Also, I don't necessarily need a keyed collection if subscribers are going to receive one update at a time, which is totally OK.

I have implemented my own solution that includes a subscriber interface, a 'change set' publication interface, a keyed-collection-feed class that wraps a dictionary, an immutable stack of removed keys and an immutable stack of subscribers, but I'm looking for something cleaner.

Here is some semi-psuedo code to demonstrate exactly what I mean.


/// Class that subscribers subscribe to.class KeyedCollectionFeed<TKey, TItem>
	publicvoid Add(TItem item)
		var key = GetKey(item);

		lock(sync) { AddToCollection(key, item); SendAdditionToSubscribers(item); }

	publicvoid Remove(TItem item)
		var key = GetKey(item);

		lock(sync) { RemoveItem(key); SendRemovalToSubscriber(item); }

	public IDisposable Subscribe(ISubscriber<TKey, TItem> subscriber)
		var subscription = new Subscription(subscriber);

		lock(sync) { AddSubscription(subscription ); SendAllCurrentItems(subscriber); }

		return subscription;

/// Class that subscribes to keyed collection feed./// (Assume Foo is a class with int property Id and string property Name./// Server.FooFeed is an instance of KeyedCollectionFeed<int, Foo>)class FooSubscriber : ISubscriber<int, Foo>

IDisposable _subscription;

	publicvoid Subscribe()
_subscription = Server.FooFeed.Subscribe(this);

	publicvoid Receive(IPublication<int, Foo> setOfChanges)
		var update = new FooUpdate();

		update.AddOrUpdatedItems = setOfChanges.AddedOrUpdatedItems.ToArray();

		update.RemovedKeys = setOfChanges.RemovedKeys.ToArray();


publicvoid Unsubscribe() { _subscription.Dispose(); }





is it possible in the method marked as DurableOperation(CanCreateInstance = true) on WCF side to decide whether the persistent object should be actually created (in sql server for example) or not?

Many thanks




I've created WCF durable service (service class marked as DurableService) with SQL persistent provider. The client invokes the service method marked as DurableOperation(CanCreateInstance:=True), after this - service successfully creates entry in the InstanceData table in sql database. Inside the service I can access the token id by using



If I understand the concept of WCF durable services, client could get this token and use it later to recreate the service state. Here I have:

Dim proxyActionParserService AsNew ActionParserService.ActionParserWorkerServiceClient

Dim contextManager As IContextManager = proxyActionParserService.InnerChannel.GetProperty(Of IContextManager)()


however when I try contextManager.getContext() I am getting empty collection. Is there something wrong in my code or should I get this information other way? I am using netTcpContextBinding.

Many Thanks


In a large legacy application, a lot of multiuser synchronisation is happening using a simple system whereby a workstation makes a file on the network and expects other workstations to see this file.  The original workstation deletes the file when other workstations are free to proceed.  A sort of rudimentary cross-workstation Mutex in other words.

This worked well enough so far, but is now broken when SMB2.0 is in use (Server 2008 + Vista clients).

Due to this being legacy, I can't afford to rewrite and spend a lot of time on this.

Now... while a lot of places this sort of checks are done, there's only a few places that are actually trying to prevent access.  So I see several ways out of this...

1) Disable SMB2.0 caching for the application only.  Disabling SMB2 entirely is a performance penalty I'm not sure we can impose upon the users (I doubt it)...  Is this possible ?
2) Somehow 'force' a reread of the cache, But since checking happens a lot, I can't afford just waiting the timeout period here. It does need to force a reread "now".  Is this possible ?
3) Is it possible to detect that connection to a specific server is happening with SMB2 ?  Since the actions that impose restrictions are rather limited, I could get my way out with a simple messabox and a disclaimer and some minor tweaks to the code (not ideal, but acceptable in this case).  But I don't want to give this messagebox when I don't have to.

Hi all

I'm developing smb2 protocol, but I have problems with authentication. I get the error message Error: STATUS_INVALID_PARAMETER no matter what I try. I have used wireshark to capture traffic. I have this problem with NTLMSSP AUTH (authentication) message.

LM and NTLM hashed are calculated correctly, I have checked them with other resources, but is there something that I'm missing in the packet structure, or something is wrong??

Is there a some way how I could debug in the server side (Windows Vista) what is going wrong with the session setup?

Please, if someone could help me with this I would be very thankful.

You can find the pcap from:



In SMB1, NTCreateAndX can return notify the client when the base file name has no alternate data streams by setting the FileStatusFlags appropriately (MS-SMB 2.2.9). I can't see any equivalent functionality in MS-SMB2 ... is it there?


We have had some major problems with our application running in an environment with Windows 2008 SP1 (or later) and Windows Vista SP1 (or later). The problems seemed to be some kind of caching in SMB2 – and it was seen in our application when we created database-files with the Pervasive PSQL engine and afterwards tried to see if it was created with a FindFirstFile (Kernel32.dll). The FindFirstFile returns false even though the file exists but if we wait for approximately 6 seconds – the result from FindFirstFile is true.

Disabling SMB2 on the server or on the client machine fixed the issue. However we have also found one single document on the internet which mentions some registry setting which allow us to only disable some of the “features” in SMB2. Can anyone direct us to any kind of information/documentation on the following registry settings?




They are all DWord values located under: HKEY_LOCAL_MACHINE\SYSTEM

\CurrentControlSet\Services\LanmanWorkstation\Parameters and seems to be enough to fix the problem in our case.


Hello all,


I am attempting to study how SMB2 is working on Windows Server 2008 by programatically making some changes to SMB2 file transfer. I have encountered a problem where while transferring files that require large amounts of Read commands (say, 2Mb files), data transfer stops until the TCP connection is reset, then it continues without any problems.


I have been attempting to understand why this occurs but did not manage to. Do fileservices provide some SMB2 logs which could shed some light on this?




Hello there.


I am recently working on a project that modifies the received SMB/SMB2 packets and transfer them out to the network. Now I am looking for some tools that can check with the opcodes with SMB/SMB2 commands, so that I can try to figure out if the SMB/SMB2 commands are bypassing or not. I found that a tools named "smbtorture" from Samba Team can help me testing them in Linux environments, but how about Windows platform? Do we have a specific tool that helps us to verify the command opcode operations in an automatic way? 


Thanks in advance and sorry for my poor English. :D




I've noticed that the maximum transfer size in an SMB2 read request seems to be limited to 65536 bytes. So if I perform a read on a remote share for 1M this gets translated into 16 separate SMB2 read requests.

I've tried to debug this with WireShark and have come to the following conclusions. I think that when the share is set up the server tells the client the maximum transfer size it can handle is 65536 bytes. So when the client wants more data than this it sends out multiple read requests. Then on the server side I have 16 separate read requests going to the disc. Ideally for one 1M read I'd expect one SMB2 READ and one read request to the disc.

So, how can I increase this buffer size on the server, if at all? I thought one of the features of SMB2 was increased buffer sizes from the 16 bit limit in the SMB protocol. But I don't seem to be getting the benefits.


Server : Windows Server 2008 x86 (and I've seen same behaviour with x64).

Client : Windows 7 x86







I am implementing an SMB2 server. I have been struggling to understand the Async Cancel messages that the Windows client sends to the server. I now have these working, but the protocol doc did not help. It turns out (on tracing two windows boxes with NetMon), that the Cancel messages are intended to cancel the Notifications that have been set previously. If STATUS_CANCELLED is not returned for the outstanding Notify messages (within about a minute) the Windows client resets the TCP connection.

However the SMB2 headers sent by the Win 7 client do not agree with the description in the MS-SMB2 pdf. To quote from the doc:

2.2.30 SMB2 CANCEL Request
The SMB2 CANCEL Request packet is sent by the client to cancel a previously sent message on the same SMB2 transport connection.
The MessageId of the request to be cancelled MUST be set in the SMB2 header of the request. Receiving an SMB2 CANCEL Request
If SMB2_FLAGS_ASYNC_COMMAND is set in the Flags field of the SMB2 header of the cancel request, the server MUST search for a request in Connection.AsyncCommandList that matches both the MessageId and the AsyncId of the incoming cancel request. 

However the MessageId of the cancel messages sent by the Windows client all have MessageId set to zero.

Further, the semantics of the SessionID in the Async Header are not clear - this is set by the Windows Client, yet the doc states: SMB2 Packet Header - ASYNC
SessionId SHOULD<2> be set to 0 for the following commands:
SMB2 CANCEL request

6 Appendix A: Product Behavior
<2> Section Windows-based clients always set the SessionId field to 0 for these commands, and Windows-based servers will ignore SessionId for these commands.

So the doc and Windows do not match.

Any clarification would be gratefully received.



James Westland Cain, Ph.D.
Principal Software Architect
Quantel Research & Development



<< Previous      Next >>

Microsoft   |   Windows   |   Visual Studio   |   Sharepoint   |   Azure