[cifs-protocol] [EXTERNAL] [MS-LSAD] Need help with LsarCreateTrustedDomainEx3 - TrackingID#2312050040012372

Jeff McCashland (He/him) jeffm at microsoft.com
Tue Dec 5 22:40:12 UTC 2023 

Hi Andreas,

I would like to collect LSASS TTT traces to troubleshoot the failure.

The LSASS traces can be quite large, but are highly compressible, so please add them to a .zip archive before uploading (file transfer workspace credentials are below). Please log into the workspace and find PartnerTTDRecorder_x86_x64.zip available for download. The x64 tool can be staged onto the Windows server in any location (instructions below assume C:\TTD).

To collect the needed traces:
        1. From a PowerShell prompt, execute:
                C:\TTD\tttracer.exe -Attach ([int](Get-Process -NAME lsass | Format-Wide -Property ID).formatEntryInfo.formatPropertyField.propertyValue)
        2. Wait for a little window to pop up in top left corner of your screen, titled "lsass01.run"
        3. start a network trace using netsh or WireShark, etc.
        4. Repro the attempted operation
        5. Stop the network trace and save it
        6. CAREFULLY: uncheck the checkbox next to "Tracing" in the small "lsass01.run" window. Do not close or exit the small window or you will need to reboot.
        7. The TTTracer.exe process will generate a trace file, then print out the name and location of the file.
Compress the *.run file into a .zip archive before uploading with the matching network trace. It is a good idea to reboot the machine at the next opportunity to restart the lsass process.

Workspace credentials:
Log in as: 2312050040012372_andreas at dtmxfer.onmicrosoft.com
1-Time: 3fjE7C5Q

Workspace link: https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiMmFkNGE3MjEtZDBjMS00YzFkLTlhMzItY2ZlMGE1YmI0MWJmIiwic3IiOiIyMzEyMDUwMDQwMDEyMzcyIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiI0YzNmODcyOS1iZGY3LTQ5MzUtYjE3My02ZGVmY2Q5ODY3ZTAiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE3MDk1OTE2NjQsIm5iZiI6MTcwMTgxNTY2NH0.aoqsUChbv4ldUIHza-JNdUpjPPE6iosBaQpCZ49SyHTSanGlhty-H-f_2tlGEFYqPmDkt5SsQ9_fyOTERFuxtCYbfNeFZSVyWyI_AW_mLy06ymrLISZamM0GObMwd8xkSJrl6sMHiQd6pBtoQ4tIaA3yebDax4mrbJbSjgolCVFcXhwMVOdSocmTwwV5jnC4gKalHF6H-UKMHkZbKnAqyui2Eg4tAT9sNTlrUDaxznIMuA1s0Z2YT2X6jVGMugeJHf5NiO0N6DOlEcQOyeCSXsWoLxJoF6CT3Q1eo5otojkQv3QD-IrpZU2RHpPTpWcH9TAcus-fH2KdDD-670wxHw&wid=2ad4a721-d0c1-4c1d-9a32-cfe0a5bb41bf

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Jeff McCashland (He/him)
Sent: Tuesday, December 5, 2023 11:50 AM
To: Andreas Schneider <asn at samba.org>; cifs-protocol <cifs-protocol at lists.samba.org>
Cc: Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] [MS-LSAD] Need help with LsarCreateTrustedDomainEx3 - TrackingID#2312050040012372

[Michael to BCC]

Hi Andreas,

I will dig into your question and let you know what I find.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Michael Bowen <Mike.Bowen at microsoft.com>
Sent: Tuesday, December 5, 2023 11:25 AM
To: Andreas Schneider <asn at samba.org>; cifs-protocol <cifs-protocol at lists.samba.org>
Cc: Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] [MS-LSAD] Need help with LsarCreateTrustedDomainEx3 - TrackingID#2312050040012372

[DocHelp to BCC]
Hi Andreas,

Thank you for your question about MS-LSAD. Case number 2312050040012372 has been created to track this issue, one of our engineers will contact you soon.

Best regards,
Mike Bowen
Escalation Engineer - Microsoft Open Specifications

-----Original Message-----
From: Andreas Schneider <asn at samba.org>
Sent: Tuesday, December 5, 2023 5:34 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol <cifs-protocol at lists.samba.org>
Subject: [EXTERNAL] [MS-LSAD] Need help with LsarCreateTrustedDomainEx3

Hi Dochelp Team!

I'm currently trying to write an smbtorture test for LsarCreateTrustedDomainEx3. My test doesn't work against Windows Server 2022.

     lsa_CreateTrustedDomainEx3: struct lsa_CreateTrustedDomainEx3
        out: struct lsa_CreateTrustedDomainEx3
            trustdom_handle          : *
                trustdom_handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     :
00000000-0000-0000-0000-000000000000
            result                   : NT_STATUS_INVALID_PARAMETER

The test is more or less the same as we have for LsarCreateTrustedDomainEx2, but it fails for LsarCreateTrustedDomainEx3 with NT_STATUS_INVALID_PARAMETER.
Another Samba Team member did check the code I wrote and could find anything wrong.

I've tried to turn on debug logging for the netlogon service on windows, but it doesn't log anything useful. So I'm not able to figure out what value the server thinks is invalid.

Could someone of the Dochelp Team help me if I create a Time Trace and figure out on which input value the server chokes?


Thanks for your help.


Best regards


        Andreas Schneider

--
Andreas Schneider                      asn at samba.org
Samba Team                             http://www.samba.org/
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the cifs-protocol mailing list