[cifs-protocol] [MS-NRPC] Problem encrypting data when use AES based Netlogon SChannel

Moh Yen Liew mohyen.liew at wesoft.com
Mon Jul 4 22:01:44 MDT 2011

Hi Mike:
   According to MS-NRPC pg 111, bit 17 (indicated as  bit R) of  negotiable flag is actually referring to  "supports the NetrServerPasswordSet2 functionality".  
In the packet trace that attached earlier, I had successfully negotiated the session key (from pkt 519-523) with the DC using unprotected RPC and established the SChannel.    
However, when sending the encrypted message (encrypted with AES-key derived from the session key) over Schannel to DC, DC   responded with DCE RPC fault with error = 0x00000721. 

And,  I also tried to use the initialization vector constructed using the last block (size=8 bytes) of the encrypted Confounder field, same error code returned from DC. 

There's no problem if only integrity is negotiated.   
So, I suppose the ivec mentioned in the MS-NRPC spec  to encrypt the message might not correct  ?   


-----Original Message-----
From: Michael B Allen [mailto:ioplex at gmail.com] 
Sent: Tuesday, July 05, 2011 3:43 AM
To: Moh Yen Liew
Cc: cifs-protocol at cifs.org
Subject: Re: [cifs-protocol] [MS-NRPC] Problem encrypting data when use AES based Netlogon SChannel

On Sun, Jul 3, 2011 at 8:47 PM, Moh Yen Liew <mohyen.liew at wesoft.com> wrote:
> Hi:
>                 I am trying to implement AES-based Netlogon SChannel with
> Windows 2k8R2 server.
>                 However, the server always return 0x00721 status code to me.
> Please see  attached network trace:
> -          pkt 531, which contain the encrypted data
> -          Pkt 532, server return 0x721 status code .
>                 If AES is negotiated, decrypt using an initialization vector
> constructed by concatenating twice the sequence number ( thus getting 16
> bytes of data)

Hi Yen,

Is bit 17 in NegotiateFlags of NetrServerAuthenticate3 supposed to be
off like it is in your capture?


Michael B Allen
Java Active Directory Integration

More information about the cifs-protocol mailing list