[cifs-protocol] [EXTERNAL] Re: Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Obaid Farooqi obaidf at microsoft.com
Fri Jan 19 20:27:50 UTC 2024 

Hi Andreas:
You can use you version of tttracer if it is not too old. Otherwise, download it from the following link.

I have uploaded a zip file named PartnerTTDRecorder_x86_x64.zip to the following folder.

https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiYzQwNDk4MzEtZjM0Yy00M2VhLTliNzYtYzFmYWJiOTI4MmE4Iiwic3IiOiIyNDAxMDUwMDQwMDA5MjI1IiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJiMDE3ODY1Zi01NzA3LTQzOWMtYWIyMi1kNDc2ODllODNjYTUiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE3MTM0NzA2MDUsIm5iZiI6MTcwNTY5NDYwNX0.uErnrXnaLbt5H-XVFC-5dZthblmzO0cShii9Zi-onyO3IwbQoo-culRB-wyftbSzIHZvZbPIsV9CaCKXbBkM1VzXXahC3qazkppFm5hq_crFe9q2allAiFEz31mMCsNy6N6LcT3U1BkRVYFI_PejFbfZskveXwQx0yge32tYgs2Um8ZId-Mkc6QzV8YgBEsHY7Nhqxu3l4ruxWUbmAFLYl-tdjs7ffqjnnzoNeUTjqD8zvU8X2v7GhY-1kZr-p9FYG2Mh0waIVMjYqRWoYohp9gimDPSdXk0syMEzf7GqO2HlAWTNx1kOOMAjPI1sgG_Dsd8IBcGDJBLJW-7TREwQw&wid=c4049831-f34c-43ea-9b76-c1fabb9282a8

Username: 2401050040009225_noemail at dtmxfer.onmicrosoft.com
Password: pvSf(EIv

Please open the link in a private browser window and download the file, using credentials provided.
Extract the content of amd64\ttd folder in a folder on your DC in c:\ttt and execute the following steps:

1. open an elevated cmd (run as administrator) windows
2. execute the following command to get the PID of the lsass process
        C:\ttt>tasklist | findstr /I lsass
3. From the output of the above command, please note the number. The number is the PID of lsass
4. Now execute the following command to start tracing lsass
        C:\ttt>tttracer.exe -attach PID
    where Pid is the number obtained in step 2
5. Wait for a little windows to pop up in the top left coner of your display, titled lsass01.run
6. start network capture
7. reproduce the error
8. after repro is done, please click on "Tracing off" button in the window lsass01.run
9. this will create lsass01.run file.
10. save network capture.
11. zip lsass01.run and network capture and upload to the workspace above.

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Andreas Schneider <asn at samba.org>
Sent: Friday, January 19, 2024 2:22 PM
To: cifs-protocol at lists.samba.org; Obaid Farooqi <obaidf at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>; David Mulder <dmulder at samba.org>
Subject: Re: [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

On Friday, 19 January 2024 20:30:17 CET Obaid Farooqi wrote:
> Hi Andreas:
> I'll need some traces from you. Let me see what processes runs these
> methods and then I'll send you bits and instructions to collect traces.

I can send you traces on Monday. I have a TTracer here.

> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: Andreas Schneider <asn at samba.org>
> Sent: Friday, January 19, 2024 5:42 AM
> To: Obaid Farooqi <obaidf at microsoft.com>;
> cifs-protocol at lists.samba.org
> Cc: cifs-protocol at lists.samba.org; Microsoft Support
> <supportmail at microsoft.com>; David Mulder <dmulder at samba.org> Subject:
> [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in
> [MS-GPOL]
> 3.2.5.1.4 Site Search - TrackingID#2401050040009225
>
> On Thursday, 18 January 2024 21:37:59 CET David Mulder via
> cifs-protocol
>
> wrote:
> > On 1/11/24 12:42 PM, Obaid Farooqi wrote:
> > > Hi David:
> > > The definition of 'DsRole_RoleStandaloneWorkstation' and
> > > 'DsRole_RoleStandaloneServer' (and others) is in MS-DSSP section 2.2.2.
> > >
> > > Please review that and let me know if that information resolves
> > > your question. If it does not, please rephrase your question in
> > > the light of the information about the roles.
> > >
> > > Although MS-DSSP is listed in the normative references in MS-GPOL,
> > > I'll file a bug to add a reference to section 2.2.2 of MS-DSSP in
> > > MS-GPOL for further clarity.
> >
> > Sorry for the slow response. In that case, based on those
> > descriptions, the server *is* returning an unexpected response. The
> > spec says it should return ERROR_NO_SITENAME, but it is actually
> > returning INVALID_COMPUTERNAME.
>
> Hi,
>
> here is how to reproduce it:
>
> * I've installed a Windows Server with Active Directory (win-dc01)
> * I installed a Windows 11 machine (win-cli01) and joined it to AD
> * I used Samba's rpcclient to do a DsrGetSitename request:
>
> bin/rpcclient ncacn_np:win-dc01.earth.milkyway.site \
>   -UAdministrator at EARTH.MILKYWAY.SITE -c 'dsr_getsitename win-cli01'
>
> rpccli_netlogon_dsr_gesitename returned
> NT_STATUS_INVALID_COMPUTER_NAME result was WERR_INVALID_COMPUTERNAME
>
> [MS-NRPC] 3.5.4.3.6 DsrGetSiteName only documents ERROR_NO_SITENAME
>
> --
> Andreas Schneider                      asn at samba.org
> Samba Team                             http://www.samba.org/
> GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D


--
Andreas Schneider                      asn at samba.org
Samba Team                             http://www.samba.org/
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the cifs-protocol mailing list