[cifs-protocol] RE: 600169 - RE: DCE/RPC
PFC_SUPPORT_HEADER_SIGN not optional
Richard Guthrie
rguthrie at microsoft.com
Tue Sep 23 21:37:24 GMT 2008
Stefan/Andrew,
I wanted to update you on progress to this issue. The error messages that you sent from the extended error information imply either an encrypted message failing to be decrypted or a signed message failing to verify. This can happen when the message was modified at transit (a RPC error) or the shared session key does not match between the client and the server (an SSPI issue). I wanted to try and get some additional information from the windows machine. I have attached a registry key that will enable additional logging in lsass.exe. If you could apply the attached registry entries, reboot the windows machine and then run the issue again with a packet capture, it will help to figure out what is going wrong. Once that is complete please send us the packet capture along with the lsass log file which can be found under %WINDIR%\system32 and should be called lsass.log. To disable the logging, delete the keys from the registry that we added previously.
I will continue to work on this issue and we can also spend a little time in the lab next week if we can't get more details from the lsass log.
Richard Guthrie
Open Protocols Support Team
Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
Tel: +1 (469) 775-7794
E-mail: rguthrie at microsoft.com
We're hiring http://members.microsoft.com/careers/search/details.aspx?JobID=A976CE32-B0B9-41E3-AF57-05A82B88383E&start=1&interval=10&SortCol=DatePosted
-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
Sent: Tuesday, September 09, 2008 4:22 AM
To: Richard Guthrie
Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [cifs-protocol] RE: 600169 - RE: DCE/RPC PFC_SUPPORT_HEADER_SIGN not optional
Richard Guthrie schrieb:
> Stefan,
>
> The traces you sent seems to show a correct security context negotiation but something is failing when we go to use that context which is why we see RPC_NT_SEC_PKG_ERROR. I would like to start with getting some more detailed error info from the windows machine by doing the following:
>
> Enabling Extended Error Information. You can do this by following the steps in this msdn article http://msdn.microsoft.com/en-us/library/aa373803(VS.85).aspx and taking a network capture again. This is going to add some additional information in the response that will lead us to a more precise error message. If you can send me that trace with the associated keytab file, I can get further into what the problem is.
See the attached capture...
The error is this (windows 2003 generates the same, but with status = WERROR_ACCESS_DENIED (0x00000005))
decode_ExtendedErrorInfo: struct decode_ExtendedErrorInfo
in: struct decode_ExtendedErrorInfo
ptr: struct ExtendedErrorInfoPtr
info: *
info: struct ExtendedErrorInfo
next: NULL
computer_name: struct ExtendedErrorComputerName
present: EXTENDED_ERROR_COMPUTER_NAME_PRESENT (1)
n: union ExtendedErrorComputerNameU(case 1)
name: struct ExtendedErrorUString
__size: 0x0009 (9)
string: *
string: 'w2k8-211'
pid : 0x000000000000023c (572)
time : Tue Sep 9 11:43:22 2008 CEST
generating_component : 0x00000003 (3)
status : DOS code 0x00000721
detection_location : 0x0082 (130)
flags : 0x0000 (0)
num_params : 0x0003 (3)
params: ARRAY(3)
params: struct ExtendedErrorParam
type : EXTENDED_ERROR_PARAM_TYPE_UINT32 (3)
p : union ExtendedErrorParamU(case 3)
uint32 : 0x8009030f (2148074255)
params: struct ExtendedErrorParam
type : EXTENDED_ERROR_PARAM_TYPE_UINT32 (3)
p : union ExtendedErrorParamU(case 3)
uint32 : 0x00000009 (9)
params: struct ExtendedErrorParam
type : EXTENDED_ERROR_PARAM_TYPE_UINT32 (3)
p : union ExtendedErrorParamU(case 3)
uint32 : 0x00000005 (5)
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: negodbg.zip
Type: application/x-zip-compressed
Size: 367 bytes
Desc: negodbg.zip
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080923/80e86742/negodbg.bin
More information about the cifs-protocol
mailing list