[cifs-protocol] [REG:115012312316449] Re: Protocol changes in KB2992611 
edgaro at microsoft.com
Tue Feb 10 15:13:13 MST 2015
I will take care of this case while my colleage (Obaid in cc) is out of office.
Let's me review the issue and narrow the scope. I gather that you want to determine whether there's any protocol effect resulting from KB2992611, and the current lead you have been exploring are protected_storage, MS-BKRP, DPAPI regarding the use of Credential manager connected to Samba's DC.
Please share any current information that may help me speed up investigation.
I will follow-up as soon as I have an update.
From: "Andrew Bartlett" <abartlet at samba.org>
Sent: Tuesday, February 10, 2015 12:56 AM
To: "Obaid Farooqi" <obaidf at microsoft.com>
Cc: "MSSolve Case Email" <casemail at microsoft.com>; "cifs-protocol at samba.org" <cifs-protocol at samba.org>
Subject: [REG:115012312316449] Re: [cifs-protocol] Protocol changes in KB2992611 
On Fri, 2015-02-06 at 23:23 +1300, Andrew Bartlett wrote:
> On Wed, 2015-02-04 at 16:08 +0000, Obaid Farooqi wrote:
> > Hi Andrew:
> > I have a fully patched system, Windows 8.1 enterprise. I verified
> > the updates include kb2992611. I joined the machine to Samba domain
> > before patching though.
> Please do it the other way around. That would match our steps. It
> certainly appears to be an issue in new profiles, after the patches.
> It may be enough to create a new user after patching, but you suggest
> below that this doesn't help.
> > I still do not see the problem. I also created a new user using
> > directory users and computers from my Windows machine. No issues.
> > Logged in as the newly created user and tried credentials manger
> > still not issues.
> > Is your setup on hyper-v virtual machines? Maybe you can send me
both the VHDs and I can just debug on my side to see what is happening?
> > I am not sure if opening credential manager generates any network
traffic from workstation to DC. I did not see any when I opened credentials manager.
> The issue when reproduced should show protected_storage traffic. You
> will see some during the first login in the unpatched case, and much
> more of it in the patched case, per the traces I included.
> I hope this is enough to help you reproduce. Otherwise, I'll see
> we can do.
Are you still unable to reproduce, following these directions exactly?
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the cifs-protocol