[cifs-protocol] [EXTERNAL] Re: Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Obaid Farooqi obaidf at microsoft.com
Wed Jan 24 18:46:11 UTC 2024 

Hi Anreas:
Can you please run this test against the client machine and let me know if it works or fails?

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

-----Original Message-----
From: Andreas Schneider <asn at samba.org>
Sent: Monday, January 22, 2024 4:36 AM
To: cifs-protocol at lists.samba.org; Obaid Farooqi <obaidf at microsoft.com>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>; David Mulder <dmulder at samba.org>
Subject: Re: [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

On Friday, 19 January 2024 21:27:50 CET Obaid Farooqi wrote:
> Hi Andreas:

Hi Obaid,

> You can use you version of tttracer if it is not too old. Otherwise,
> download it from the following link.
>
> I have uploaded a zip file named PartnerTTDRecorder_x86_x64.zip to the
> following folder.
>
> https://supp/
> ort.microsoft.com%2Ffiles%3Fworkspace%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
> &data=05%7C02%7Cobaidf%40microsoft.com%7Cf7738e00b1e54559f13208dc1b35f
> 308%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638415165733231063%7C
> Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h
> aWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8fAe7tFUIsKzhtYegGggpcK4c3fsZ
> 2i06uzlQyCxQU0%3D&reserved=0
> I1NiJ9.eyJ3c2lkIjoiYzQwNDk4MzEtZjM0Yy00M2VhLTliNzYtYzFmYWJiOTI4MmE4Iiw
> ic3IiO
> iIyNDAxMDUwMDQwMDA5MjI1IiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1
> lYTNiZ
> DZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJiMDE3ODY1Zi0
> 1NzA3L
> TQzOWMtYWIyMi1kNDc2ODllODNjYTUiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGE
> ubWljc
> m9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE3MTM0NzA2MDUsIm5iZiI
> 6MTcwN
> TY5NDYwNX0.uErnrXnaLbt5H-XVFC-5dZthblmzO0cShii9Zi-onyO3IwbQoo-culRB-wy
> ftbSzI
> HZvZbPIsV9CaCKXbBkM1VzXXahC3qazkppFm5hq_crFe9q2allAiFEz31mMCsNy6N6LcT3
> U1BkRV
> YFI_PejFbfZskveXwQx0yge32tYgs2Um8ZId-Mkc6QzV8YgBEsHY7Nhqxu3l4ruxWUbmAF
> LYl-td
> js7ffqjnnzoNeUTjqD8zvU8X2v7GhY-1kZr-p9FYG2Mh0waIVMjYqRWoYohp9gimDPSdXk
> 0syMEz
> f7GqO2HlAWTNx1kOOMAjPI1sgG_Dsd8IBcGDJBLJW-7TREwQw&wid=c4049831-f34c-43
> ea-9b7
> 6-c1fabb9282a8

I've uploaded the trace to the workspace.


Best regards


        Andreas

> Username: 2401050040009225_noemail at dtmxfer.onmicrosoft.com
> Password: pvSf(EIv
>
> Please open the link in a private browser window and download the
> file, using credentials provided. Extract the content of amd64\ttd
> folder in a folder on your DC in c:\ttt and execute the following steps:
>
> 1. open an elevated cmd (run as administrator) windows 2. execute the
> following command to get the PID of the lsass process
>         C:\ttt>tasklist | findstr /I lsass 3. From the output of the
> above command, please note the number. The number is the PID of lsass
> 4. Now execute the following command to start tracing lsass
>         C:\ttt>tttracer.exe -attach PID
>     where Pid is the number obtained in step 2 5. Wait for a little
> windows to pop up in the top left coner of your display, titled
> lsass01.run 6. start network capture 7. reproduce the error 8. after
> repro is done, please click on "Tracing off" button in the window
> lsass01.run 9. this will create lsass01.run file.
> 10. save network capture.
> 11. zip lsass01.run and network capture and upload to the workspace above.
>
> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
>
> -----Original Message-----
> From: Andreas Schneider <asn at samba.org>
> Sent: Friday, January 19, 2024 2:22 PM
> To: cifs-protocol at lists.samba.org; Obaid Farooqi
> <obaidf at microsoft.com>
> Cc: cifs-protocol at lists.samba.org; Microsoft Support
> <supportmail at microsoft.com>; David Mulder <dmulder at samba.org> Subject: Re:
> [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in
> [MS-GPOL]
> 3.2.5.1.4 Site Search - TrackingID#2401050040009225 On Friday, 19
> January 2024 20:30:17 CET Obaid Farooqi wrote:
> > Hi Andreas:
> > I'll need some traces from you. Let me see what processes runs these
> > methods and then I'll send you bits and instructions to collect traces.
>
> I can send you traces on Monday. I have a TTracer here.
>
> > Regards,
> > Obaid Farooqi
> > Escalation Engineer | Microsoft
> >
> > -----Original Message-----
> > From: Andreas Schneider <asn at samba.org>
> > Sent: Friday, January 19, 2024 5:42 AM
> > To: Obaid Farooqi <obaidf at microsoft.com>;
> > cifs-protocol at lists.samba.org
> > Cc: cifs-protocol at lists.samba.org; Microsoft Support
> > <supportmail at microsoft.com>; David Mulder <dmulder at samba.org> Subject:
> > [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in
> > [MS-GPOL]
> > 3.2.5.1.4 Site Search - TrackingID#2401050040009225
> >
> > On Thursday, 18 January 2024 21:37:59 CET David Mulder via
> > cifs-protocol
> >
> > wrote:
> > > On 1/11/24 12:42 PM, Obaid Farooqi wrote:
> > > > Hi David:
> > > > The definition of 'DsRole_RoleStandaloneWorkstation' and
> > > > 'DsRole_RoleStandaloneServer' (and others) is in MS-DSSP section
> > > > 2.2.2.
> > > >
> > > > Please review that and let me know if that information resolves
> > > > your question. If it does not, please rephrase your question in
> > > > the light of the information about the roles.
> > > >
> > > > Although MS-DSSP is listed in the normative references in
> > > > MS-GPOL, I'll file a bug to add a reference to section 2.2.2 of
> > > > MS-DSSP in MS-GPOL for further clarity.
> > >
> > > Sorry for the slow response. In that case, based on those
> > > descriptions, the server *is* returning an unexpected response.
> > > The spec says it should return ERROR_NO_SITENAME, but it is
> > > actually returning INVALID_COMPUTERNAME.
> >
> > Hi,
> >
> > here is how to reproduce it:
> >
> > * I've installed a Windows Server with Active Directory (win-dc01)
> > * I installed a Windows 11 machine (win-cli01) and joined it to AD
> > * I used Samba's rpcclient to do a DsrGetSitename request:
> >
> > bin/rpcclient ncacn_np:win-dc01.earth.milkyway.site \
> >
> >   -UAdministrator at EARTH.MILKYWAY.SITE -c 'dsr_getsitename win-cli01'
> >
> > rpccli_netlogon_dsr_gesitename returned
> > NT_STATUS_INVALID_COMPUTER_NAME result was WERR_INVALID_COMPUTERNAME
> >
> > [MS-NRPC] 3.5.4.3.6 DsrGetSiteName only documents ERROR_NO_SITENAME
> >
> > --
> > Andreas Schneider                      asn at samba.org
> > Samba Team                             http://www.samba.org/
> > GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
>
> --
> Andreas Schneider                      asn at samba.org
> Samba Team                             http://www.samba.org/
> GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D


--
Andreas Schneider                      asn at samba.org
Samba Team                             http://www.samba.org/
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the cifs-protocol mailing list