SMB Session Setup Multi Channel Error
SMB Session Setup Multi Channel Error
1. What is SMB Multichannel?
SMB Multichannel allows a single SMB session to use multiple TCP connections (channels) simultaneously between a client and a server.
Its goals are:
Higher throughput (aggregate bandwidth across NICs)
Fault tolerance (survive NIC / path failure)
Lower latency (parallel I/O)
Multichannel was introduced in SMB 3.0 (Windows Server 2012 / Windows 8 era).
It is not supported in SMB 2.0 / 2.1, even though the Session Setup command exists there.
Important: Multichannel is a session-level feature, but the actual channel creation happens after Session Setup, during capability negotiation and subsequent connection binding.
2. Where Multichannel fits in the SMB protocol flow
High-level SMB connection flow:
TCP connection established
SMB NEGOTIATE
SMB SESSION_SETUP
SMB TREE_CONNECT
File operations
Multichannel is negotiated and enabled across steps 2–4, not only in Session Setup.
3. SMB NEGOTIATE: Multichannel capability discovery
During SMB NEGOTIATE:
Client and server exchange capabilities
SMB 3.x clients advertise:
SMB2_GLOBAL_CAP_MULTI_CHANNEL
If both sides support Multichannel, the session becomes eligible for multiple channels.
This is the first prerequisite.
4. SMB SESSION_SETUP: Session establishment (security context)
What Session Setup does
The SMB2 SESSION_SETUP request is used to:
Authenticate the user (Kerberos / NTLM)
Establish a Session ID
Bind a security context to the session
Key point
⚠️ Multichannel is NOT created inside a single SESSION_SETUP exchange
Instead:
Session Setup creates a logical SMB session
Multichannel allows multiple transport connections to bind to that same session later
5. How Multichannel actually works after Session Setup
Once the session is authenticated:
5.1 First channel (primary connection)
The initial TCP connection becomes the first channel
It carries:
Session ID
Authentication context
Initial credits
5.2 Additional channels (extra TCP connections)
The client may then open additional TCP connections and:
Send SMB2 NEGOTIATE
Send SMB2 SESSION_SETUP with:
The existing Session ID
The SMB2_SESSION_FLAG_BINDING flag set
This is called Session Binding.
Session binding means:
“This new TCP connection is an additional channel for an existing SMB session.”
No re-authentication is required.
6. Channel selection and usage
Once multiple channels exist:
SMB uses per-request channel selection
Reads/writes are distributed across channels
Credit management is per channel
Failure of one channel does not tear down the session
�Key confirmation point
Multichannel is enabled by negotiation, not by session setup.
❗ Important
There is no multichannel flag in SESSION SETUP
SESSION SETUP is about authentication, not transport paths
�Multichannel activation — SMB2 IOCTL (critical step)
Multichannel becomes visible after SESSION SETUP, using IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO.
1 Client → Server: IOCTL Request
Look for:
SMB2 IOCTL Request
Expand:
SMB2 IOCTL Request
└── CtlCode: FSCTL_QUERY_NETWORK_INTERFACE_INFO (0x001401fc)
�This is the trigger for multichannel.
Meaning:
“Server, tell me all your network interfaces that can be used for SMB.”
2 Server → Client: IOCTL Response
Expand:
SMB2 IOCTL Response
You will see one or more interface entries, each with:
Interface Index
Capability Flags
RSS capable
RDMA capable
Link Speed
IP Address
Example:
Network Interface Info:
- IP: 10.10.1.10 Speed: 25 Gbps RSS
- IP: 10.10.2.10 Speed: 25 Gbps RSS
�This tells the client how many channels it should create.
3 New TCP connections appear (proof multichannel is active)
Immediately after the IOCTL response:
Observe new TCP handshakes
You will see additional TCP 3-way handshakes:
Client:49152 → Server:445
Client:49153 → Server:445
Client:49154 → Server:445
Each connection:
Uses a different local port
Often maps to different NICs / IPs
Shares the same SMB Session ID
How to prove multichannel in Wireshark (quick checklist)
✅ Must see
NEGOTIATE:
SMB2_GLOBAL_CAP_MULTI_CHANNEL on both sides
IOCTL:
FSCTL_QUERY_NETWORK_INTERFACE_INFO
Multiple TCP connections to port 445
Same Session ID across connections
❌ If multichannel is NOT working
Missing IOCTL
Only one TCP connection
Server capability flag missing
RSS disabled on NIC