
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:Gulim;

        panose-1:2 11 6 0 0 1 1 1 1 1;}

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Aptos;}

@font-face

        {font-family:"Segoe UI";

        panose-1:2 11 5 2 4 2 4 2 2 3;}

@font-face

        {font-family:"\@Gulim";

        panose-1:2 11 6 0 0 1 1 1 1 1;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        font-size:12.0pt;

        font-family:"Gulim",sans-serif;

        mso-fareast-language:KO;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

span.EmailStyle20

        {mso-style-type:personal-reply;

        font-family:"Aptos",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;

        mso-ligatures:none;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">Hi Jones,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US">I’m following up on this case with regards to

</span><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black">signing of Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO requests as my last email was inaccurate. After the engineering team conducted further research, they determined that Windows

 (operating as a server) does not *require* that these incoming requests from the client are signed. Windows clients do, however, sign these requests. As a result, there will not be any update to the [MS-SMB2] document.<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black">Sorry for any confusion this may have caused.</span><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<div>

<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white;mso-fareast-language:EN-US">Regards,</span></b><span style="font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="margin-top:4.0pt"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white;mso-fareast-language:EN-US">Kristian Smith</span></b><span style="font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="margin-top:4.0pt"><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white;mso-fareast-language:EN-US">Support Escalation Engineer | Microsoft® Corporation</span><span style="font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p></o:p></span></p>

<p class="MsoNormal" style="margin-top:4.0pt"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white;mso-fareast-language:EN-US">Office phone</span></b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white;mso-fareast-language:EN-US">:

 +1 425-421-4442</span><span style="font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p></o:p></span></p>

</div>

<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white;mso-fareast-language:EN-US">Email</span></b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white;mso-fareast-language:EN-US">:

</span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black;background:white;mso-fareast-language:EN-US"><a href="mailto:kristian.smith@microsoft.com">kristian.smith@microsoft.com</a><o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Kristian Smith <Kristian.Smith@microsoft.com>

<br>

<b>Sent:</b> Monday, April 22, 2024 1:50 PM<br>

<b>To:</b> Jones Syue </span><span lang="KO" style="font-size:11.0pt">薛懷宗</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> <jonessyue@qnap.com>; cifs-protocol@lists.samba.org<br>

<b>Cc:</b> Microsoft Support <supportmail@microsoft.com><br>

<b>Subject:</b> Re: [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704<o:p></o:p></span></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black">Hi Jones,<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black">Your suspicion is correct that this is the expected behavior. Signing of Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO requests is indeed required by the server. I will

 request a modification to the [MS-SMB2] document to reflect this fact. The changes will be found in an upcoming version of the document.<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black">Thanks for reaching out and helping us improve the doc! <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div id="Signature">

<p><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Regards,</span></b><o:p></o:p></p>

<p style="margin-top:4.0pt"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Kristian Smith</span></b><o:p></o:p></p>

<p style="margin-top:4.0pt"><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Support Escalation Engineer | Microsoft® Corporation</span><o:p></o:p></p>

<p style="margin-top:4.0pt"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Office phone</span></b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">: +1 425-421-4442</span><o:p></o:p></p>

<p><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Email</span></b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">:

</span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black;background:white"><a href="mailto:kristian.smith@microsoft.com">kristian.smith@microsoft.com</a></span><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div class="MsoNormal" align="center" style="text-align:center">

<hr size="2" width="98%" align="center">

</div>

<div id="divRplyFwdMsg">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Kristian Smith <<a href="mailto:Kristian.Smith@microsoft.com">Kristian.Smith@microsoft.com</a>><br>

<b>Sent:</b> Wednesday, April 17, 2024 8:19 AM<br>

<b>To:</b> Jones Syue </span><span lang="KO" style="font-size:11.0pt;color:black">薛懷宗</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> <<a href="mailto:jonessyue@qnap.com">jonessyue@qnap.com</a>>;

<a href="mailto:cifs-protocol@lists.samba.org">cifs-protocol@lists.samba.org</a> <<a href="mailto:cifs-protocol@lists.samba.org">cifs-protocol@lists.samba.org</a>><br>

<b>Cc:</b> Microsoft Support <<a href="mailto:supportmail@microsoft.com">supportmail@microsoft.com</a>><br>

<b>Subject:</b> Re: [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO - TrackingID#2404170040007704</span>

<o:p></o:p></p>

<div>

<p class="MsoNormal"> <o:p></o:p></p>

</div>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"> [Case number in subject]<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"> [Casemail to cc]<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"> [Dochelp to bcc]<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"> <o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"> Hi Jones,<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black">Thank you for your request. The case number 2404170040007704 has been created for this inquiry. One of our team members will follow up with you soon.<o:p></o:p></span></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div id="x_Signature">

<p><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Regards,</span></b><o:p></o:p></p>

<p style="margin-top:4.0pt"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Kristian Smith</span></b><o:p></o:p></p>

<p style="margin-top:4.0pt"><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Support Escalation Engineer | Azure DevOps, Windows Protocols | Microsoft® Corporation</span><o:p></o:p></p>

<p style="margin-top:4.0pt"><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Office phone</span></b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">: +1 425-421-4442</span><o:p></o:p></p>

<p><b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">Email</span></b><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:#2F2F2F;background:white">:

</span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black;background:white"><a href="mailto:kristian.smith@microsoft.com">kristian.smith@microsoft.com</a></span><o:p></o:p></p>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Aptos",sans-serif;color:black"><o:p> </o:p></span></p>

</div>

<div class="MsoNormal" align="center" style="text-align:center">

<hr size="2" width="98%" align="center">

</div>

<div id="x_divRplyFwdMsg">

<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Jones Syue

</span><span lang="KO" style="font-size:11.0pt;color:black">薛懷宗</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> <<a href="mailto:jonessyue@qnap.com">jonessyue@qnap.com</a>><br>

<b>Sent:</b> Tuesday, April 16, 2024 8:52 PM<br>

<b>To:</b> Interoperability Documentation Help <<a href="mailto:dochelp@microsoft.com">dochelp@microsoft.com</a>>;

<a href="mailto:cifs-protocol@lists.samba.org">cifs-protocol@lists.samba.org</a> <<a href="mailto:cifs-protocol@lists.samba.org">cifs-protocol@lists.samba.org</a>><br>

<b>Subject:</b> [EXTERNAL] [MS-SMB2] sign for 3.3.5.15.11 FSCTL_QUERY_NETWORK_INTERFACE_INFO</span>

<o:p></o:p></p>

<div>

<p class="MsoNormal"> <o:p></o:p></p>

</div>

</div>

<div>

<p class="MsoNormal"><span style="font-size:11.0pt">[Some people who received this message don't often get email from

<a href="mailto:jonessyue@qnap.com">jonessyue@qnap.com</a>. Learn why this is important at

<a href="https://aka.ms/LearnAboutSenderIdentification">https://aka.ms/LearnAboutSenderIdentification</a> ]<br>

<br>

Hello Dochelp,<br>

<br>

Per multichannel test[1] and wireshark packet[2], windows client would sign<br>

request/response pair of SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO.<br>

Both [MS-SMB2] 3.3.5.15.11 and 3.2.5.14.11 looks like not mention about it,<br>

please help clarify:<br>

1. sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO is expected?<br>

2. if expected, could we update [MS-SMB2] to document this behavior? a bit<br>

   like what Tree Connect[3] and Session Setup[4] did.<br>

<br>

Thank you :)<br>

<br>

[1] smb server is ws2022, account is 'administrator' with password.<br>

| smb client   | sign for SMB2 Ioctl FSCTL_QUERY_NETWORK_INTERFACE_INFO?<br>

| ------------ + ---<br>

| ws2022       | yes<br>

| ws2016       | yes<br>

| ws2016       | yes<br>

| ws2012r2     | yes<br>

| ws2012       | yes<br>

<br>

[2] smb server is ws2022, smb client is ws2016, account is 'administrator'.<br>

No.  |Time      |Prot|Signature                       |Info<br>

-----+----------+----+--------------------------------+----<br>

35467 16:47:09.9 SMB                                   Negotiate Protocol Request<br>

35468 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response<br>

35469 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Request<br>

35470 16:47:09.9 SMB2 00000000000000000000000000000000 Negotiate Protocol Response<br>

35472 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_NEGOTIATE<br>

35473 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE<br>

35474 16:47:09.9 SMB2 00000000000000000000000000000000 Session Setup Request, NTLMSSP_AUTH, User: \administrator<br>

35475 16:47:09.9 SMB2 73182d37759c7741ae0caced9ef04185 Session Setup Response<br>

35476 16:47:09.9 SMB2 ec1d8a66ebea6120e5f8c44be2ba0dc4 Tree Connect Request Tree:

<a href="file://$%7bMY_IP%7d/IPC$">\\${MY_IP}\IPC$</a><br>

35477 16:47:09.9 SMB2 ad4572986b7fae36168ea18c87bb8a9b Tree Connect Response<br>

35478 16:47:09.9 SMB2 d31c1cb4e3ca5df3766faf76a3b6da8a Ioctl Request FSCTL_QUERY_NETWORK_INTERFACE_INFO<br>

35479 16:47:09.9 SMB2 790b171573367693323aa73ddf4de49f Ioctl Response FSCTL_QUERY_NETWORK_INTERFACE_INFO<br>

35480 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \${MY_IP}\ramdisk<br>

35482 16:47:09.9 SMB2 00000000000000000000000000000000 Ioctl Response, Error: STATUS_FS_DRIVER_REQUIRED<br>

<br>

[3] 3.3.5.7 Receiving an SMB2 TREE_CONNECT Request<br>

<a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/652e0c14-5014-4470-999d-b174d7b2da87">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-smb2%2F652e0c14-5014-4470-999d-b174d7b2da87&data=05%7C02%7CKristian.Smith%40microsoft.com%7C15aca1f4e4e2478d01a408dc5e91e302%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638489227933111100%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=qHtprlLjT3XJIrCPRdYjIyZSsxxe6qLJxzxAZNDf%2Bqg%3D&reserved=0</a><br>

If Connection.Dialect is "3.1.1" and Session.IsAnonymous and<br>

Session.IsGuest are set to FALSE and the request is not signed or not<br>

encrypted, then the server MUST disconnect the connection.<br>

<br>

[4] 3.3.5.5.3 Handling GSS-API Authentication<br>

<a href="https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5ed93f06-a1d2-4837-8954-fa8b833c2654">https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-smb2%2F5ed93f06-a1d2-4837-8954-fa8b833c2654&data=05%7C02%7CKristian.Smith%40microsoft.com%7C15aca1f4e4e2478d01a408dc5e91e302%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638489227933117857%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=xQG04ktvc7q%2FVcHXtl8oxif9EARayQwNht3QFrZ0DGw%3D&reserved=0</a><br>

12. If the SMB2_SESSION_FLAG_IS_GUEST bit is not set in the SessionFlags<br>

field, and Session.IsAnonymous is FALSE, the server MUST sign the final<br>

session setup response before sending it to the client, as follows:<br>

<br>

--<br>

<br>

Regards,<br>

Jones Syue | <span lang="KO">薛懷宗</span><br>

QNAP Systems, Inc.<o:p></o:p></span></p>

</div>

</div>

</body>

</html>