Microsoft Server: Unable to join Active Directory domain due to SMB version mismatch

Summary: Attempting to join an Active Directory domain results in an error that mentions a file share and "the obsolete SMB1 protocol." This occurs if newer versions of Server Message Block (SMB) have been disabled on domain controllers. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Symptoms

The following error message appears when joining a machine to the domain:

You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack. Your system requires SMB2 or higher.

SMB1-related error when joining a domain

This condition prevents joining the domain.

Cause

As the error indicates, this issue occurs if the system joining the domain requires SMB2 or higher, but the domain controller (DC) only supports SMB1. All supported Windows Server versions include support for SMB2 and higher, so this should only occur if those versions have been explicitly disabled.

Resolution

Disabling SMB2 and higher is not recommended on any Windows machine, as SMB1 is an old and insecure protocol. Instead, SMB2 and SMB3 should be enabled on the DCs in the domain. To do so, follow these steps:

From an elevated PowerShell prompt, run Get-SmbServerConfiguration and check the value of EnableSMB2Protocol in the output. If it shows Disabled, both SMB2 and SMB3 are disabled.
To enable SMB2 (which also enables SMB3), run Set-SmbServerConfiguration -EnableSMB2Protocol $true.
Attempt to join the domain again. The issue should be resolved, but it may be necessary to enable SMB2 and SMB3 on other DCs as well.

Affected Products

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2

Article Number: 000216676

Article Type: Solution

Last Modified: 18 Dec 2024

Version: 3

Check if your device is covered by Support Services.

Microsoft Server: Unable to join Active Directory domain due to SMB version mismatch

Summary: Attempting to join an Active Directory domain results in an error that mentions a file share and "the obsolete SMB1 protocol." This occurs if newer versions of Server Message Block (SMB) have been disabled on domain controllers. ...

Symptoms

Cause

Resolution

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Microsoft Server: Unable to join Active Directory domain due to SMB version mismatch

Summary: Attempting to join an Active Directory domain results in an error that mentions a file share and "the obsolete SMB1 protocol." This occurs if newer versions of Server Message Block (SMB) have been disabled on domain controllers. ... View More View Less

Detailed Article

Symptoms

Cause

Resolution

Affected Products

Symptoms

Cause

Resolution

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Summary: Attempting to join an Active Directory domain results in an error that mentions a file share and "the obsolete SMB1 protocol." This occurs if newer versions of Server Message Block (SMB) have been disabled on domain controllers. ...