We had several Windows Server which contained a hyphen in their Hostname. For example, vm-hostname1
We enabled UNC Hardening via GPO for all shares on the relevant hosts and want to ensure that Encryption (Privacy) is activated.
\\vm-hostname1.example.domain\* RequireMutualAuthentication=1, RequireIntegrity=1, RequirePrivacy=1
When we check the SMB session details from the client via Powershell:
Get-SmbConnection | Select-Object -Property *
SmbInstance : Default
ContinuouslyAvailable : False
Credential : xxxx\xxxx
Dialect : 3.1.1
Encrypted : False
NumOpens : 1
Redirected : False
We also had some hosts without a hyphen in their hostname. On these Hosts the UNC Hardening with Privacy is working. SMB Session is encrypted.
After struggling a bit around with the Problem, we located the hyphen in the Hostname. When a hyphen is present in the hostname, the UNC Hardening settings are ignored and encryption is not activated.
I know Encryption could also be activated global on a server with
Set-SmbServerConfiguration -EncryptData $true. It seems to be a Bug and the Registry Values are not parsed correct.
Our prefered way is to enable encryption via UNC Hardening GPO. But it seems to be a bug.