[cifs-protocol] [REG:115012312316449] Re: Protocol changes in KB2992611 [115012312316449]
Andrew Bartlett
abartlet at samba.org
Tue Feb 10 16:27:13 MST 2015
On Tue, 2015-02-10 at 22:13 +0000, Edgar Olougouna wrote:
> Andrew,
> I will take care of this case while my colleage (Obaid in cc) is out of office.
> Let's me review the issue and narrow the scope. I gather that you want to determine whether there's any protocol effect resulting from KB2992611, and the current lead you have been exploring are protected_storage, MS-BKRP, DPAPI regarding the use of Credential manager connected to Samba's DC.
> Please share any current information that may help me speed up investigation.
In particular, we now see more calls to BACKUPKEY_BACKUP_GUID, that is
ServerWrap, vs the ClientWrap that we did have implemented. In the
past, our failure to implement this had no user-visible impact, and
happened only once per login, now it prevents operation of credentials
manager and is repeated often. It looks like it has gone from a soft to
a hard error in the client code, essentially.
> I will follow-up as soon as I have an update.
>
> Regards,
> Edgar
>
> -----Original Message-----
> From: "Andrew Bartlett" <abartlet at samba.org>
> Sent: Tuesday, February 10, 2015 12:56 AM
> To: "Obaid Farooqi" <obaidf at microsoft.com>
> Cc: "MSSolve Case Email" <casemail at microsoft.com>; "cifs-protocol at samba.org" <cifs-protocol at samba.org>
> Subject: [REG:115012312316449] Re: [cifs-protocol] Protocol changes in KB2992611 [115012312316449]
>
> On Fri, 2015-02-06 at 23:23 +1300, Andrew Bartlett wrote:
> > On Wed, 2015-02-04 at 16:08 +0000, Obaid Farooqi wrote:
> > > Hi Andrew:
> > > I have a fully patched system, Windows 8.1 enterprise. I verified
> that
> > > the updates include kb2992611. I joined the machine to Samba domain
> > > before patching though.
> >
> > Please do it the other way around. That would match our steps. It
> > certainly appears to be an issue in new profiles, after the patches.
> >
> > It may be enough to create a new user after patching, but you suggest
> > below that this doesn't help.
> >
> > > I still do not see the problem. I also created a new user using
> active
> > > directory users and computers from my Windows machine. No issues.
> > > Logged in as the newly created user and tried credentials manger
> but
> > > still not issues.
> > >
> > > Is your setup on hyper-v virtual machines? Maybe you can send me
> both the VHDs and I can just debug on my side to see what is happening?
>
> > >
> > > I am not sure if opening credential manager generates any network
> traffic from workstation to DC. I did not see any when I opened credentials manager.
>
> >
> > The issue when reproduced should show protected_storage traffic. You
> > will see some during the first login in the unpatched case, and much
> > more of it in the patched case, per the traces I included.
> >
> > I hope this is enough to help you reproduce. Otherwise, I'll see
> what
> > we can do.
>
> Are you still unable to reproduce, following these directions exactly?
>
> Thanks,
>
> Andrew Bartlett
>
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list