diff --git a/SMBLibrary/Server/SMB1/SessionSetupHelper.cs b/SMBLibrary/Server/SMB1/SessionSetupHelper.cs
index 89f4df5..c63b4b1 100644
--- a/SMBLibrary/Server/SMB1/SessionSetupHelper.cs
+++ b/SMBLibrary/Server/SMB1/SessionSetupHelper.cs
@@ -38,7 +38,7 @@ namespace SMBLibrary.Server.SMB1
             object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
             bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
 
-            if (sessionKey.Length > 16)
+            if (sessionKey != null && sessionKey.Length > 16)
             {
                 // [MS-CIFS] 3.3.5.43 If the session key is equal to or longer than 16 bytes, only the least significant 16 bytes MUST be stored in Server.Session.SessionKey
                 sessionKey = ByteReader.ReadBytes(sessionKey, 0, 16);
@@ -128,7 +128,7 @@ namespace SMBLibrary.Server.SMB1
                 object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
                 bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
 
-                if (sessionKey.Length > 16)
+                if (sessionKey != null && sessionKey.Length > 16)
                 {
                     // [MS-CIFS] 3.3.5.43 If the session key is equal to or longer than 16 bytes, only the least significant 16 bytes MUST be stored in Server.Session.SessionKey
                     sessionKey = ByteReader.ReadBytes(sessionKey, 0, 16);
diff --git a/SMBLibrary/Server/SMB2/SessionSetupHelper.cs b/SMBLibrary/Server/SMB2/SessionSetupHelper.cs
index 902a8c5..8e39337 100644
--- a/SMBLibrary/Server/SMB2/SessionSetupHelper.cs
+++ b/SMBLibrary/Server/SMB2/SessionSetupHelper.cs
@@ -71,7 +71,7 @@ namespace SMBLibrary.Server.SMB2
                 object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken);
                 bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?;
 
-                if (sessionKey.Length > 16)
+                if (sessionKey != null && sessionKey.Length > 16)
                 {
                     // [MS-SMB2] 3.3.1.8 SessionKey MUST be set to the first 16 bytes of the cryptographic key queried from the GSS protocol for this authenticated context.
                     sessionKey = ByteReader.ReadBytes(sessionKey, 0, 16);