[cifs-protocol] [REG:115012312316449] Re: Protocol changes in KB2992611 [115012312316449]

Andrew Bartlett abartlet at samba.org
Tue Feb 10 16:27:13 MST 2015

On Tue, 2015-02-10 at 22:13 +0000, Edgar Olougouna wrote:
> Andrew,
> I will take care of this case while my colleage (Obaid in cc) is out of office.
> Let's me review the issue and narrow the scope. I gather that you want to determine whether there's any protocol effect resulting from KB2992611, and the current lead you have been exploring are protected_storage, MS-BKRP, DPAPI regarding the use of Credential manager connected to Samba's DC.
> Please share any current information that may help me speed up investigation.

In particular, we now see more calls to BACKUPKEY_BACKUP_GUID, that is
ServerWrap, vs the ClientWrap that we did have implemented.  In the
past, our failure to implement this had no user-visible impact, and
happened only once per login, now it prevents operation of credentials
manager and is repeated often.  It looks like it has gone from a soft to
a hard error in the client code, essentially. 

> I will follow-up as soon as I have an update.
> Regards,
> Edgar
> -----Original Message-----
> From: "Andrew Bartlett" <abartlet at samba.org> 
> Sent: Tuesday, February 10, 2015 12:56 AM
> To: "Obaid Farooqi" <obaidf at microsoft.com>
> Cc: "MSSolve Case Email" <casemail at microsoft.com>; "cifs-protocol at samba.org" <cifs-protocol at samba.org>
> Subject: [REG:115012312316449] Re: [cifs-protocol] Protocol changes in KB2992611 [115012312316449]
> On Fri, 2015-02-06 at 23:23 +1300, Andrew Bartlett wrote: 
> > On Wed, 2015-02-04 at 16:08 +0000, Obaid Farooqi wrote: 
> > > Hi Andrew: 
> > > I have a fully patched system, Windows 8.1 enterprise. I verified
> that 
> > > the updates include kb2992611. I joined the machine to Samba domain 
> > > before patching though.
> > 
> > Please do it the other way around.  That would match our steps.  It 
> > certainly appears to be an issue in new profiles, after the patches.
> > 
> > It may be enough to create a new user after patching, but you suggest 
> > below that this doesn't help.
> > 
> > > I still do not see the problem. I also created a new user using
> active 
> > > directory users and computers from my Windows machine. No issues. 
> > > Logged in as the newly created user and tried credentials manger
> but 
> > > still not issues. 
> > > 
> > > Is your setup on hyper-v virtual machines? Maybe you can send me
> both the VHDs and I can just debug on my side to see what is happening?
> > > 
> > > I am not sure if opening credential manager generates any network
> traffic from workstation to DC. I did not see any when I opened credentials manager. 
> > 
> > The issue when reproduced should show protected_storage traffic.  You 
> > will see some during the first login in the unpatched case, and much 
> > more of it in the patched case, per the traces I included.
> > 
> > I hope this is enough to help you reproduce.  Otherwise, I'll see
> what 
> > we can do. 
> Are you still unable to reproduce, following these directions exactly? 
> Thanks, 
> Andrew Bartlett 

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list