[cifs-protocol] [REG:115012312316449] Re: Protocol changes in KB2992611 [115012312316449]
Edgar Olougouna
edgaro at microsoft.com
Tue Feb 10 15:13:13 MST 2015
Andrew,
I will take care of this case while my colleage (Obaid in cc) is out of office.
Let's me review the issue and narrow the scope. I gather that you want to determine whether there's any protocol effect resulting from KB2992611, and the current lead you have been exploring are protected_storage, MS-BKRP, DPAPI regarding the use of Credential manager connected to Samba's DC.
Please share any current information that may help me speed up investigation.
I will follow-up as soon as I have an update.
Regards,
Edgar
-----Original Message-----
From: "Andrew Bartlett" <abartlet at samba.org>
Sent: Tuesday, February 10, 2015 12:56 AM
To: "Obaid Farooqi" <obaidf at microsoft.com>
Cc: "MSSolve Case Email" <casemail at microsoft.com>; "cifs-protocol at samba.org" <cifs-protocol at samba.org>
Subject: [REG:115012312316449] Re: [cifs-protocol] Protocol changes in KB2992611 [115012312316449]
On Fri, 2015-02-06 at 23:23 +1300, Andrew Bartlett wrote:
> On Wed, 2015-02-04 at 16:08 +0000, Obaid Farooqi wrote:
> > Hi Andrew:
> > I have a fully patched system, Windows 8.1 enterprise. I verified
that
> > the updates include kb2992611. I joined the machine to Samba domain
> > before patching though.
>
> Please do it the other way around. That would match our steps. It
> certainly appears to be an issue in new profiles, after the patches.
>
> It may be enough to create a new user after patching, but you suggest
> below that this doesn't help.
>
> > I still do not see the problem. I also created a new user using
active
> > directory users and computers from my Windows machine. No issues.
> > Logged in as the newly created user and tried credentials manger
but
> > still not issues.
> >
> > Is your setup on hyper-v virtual machines? Maybe you can send me
both the VHDs and I can just debug on my side to see what is happening?
> >
> > I am not sure if opening credential manager generates any network
traffic from workstation to DC. I did not see any when I opened credentials manager.
>
> The issue when reproduced should show protected_storage traffic. You
> will see some during the first login in the unpatched case, and much
> more of it in the patched case, per the traces I included.
>
> I hope this is enough to help you reproduce. Otherwise, I'll see
what
> we can do.
Are you still unable to reproduce, following these directions exactly?
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol
mailing list