[cifs-protocol] [MS-NRPC] interaction with SYSVOLReady =0
Stefan Metzmacher
metze at samba.org
Fri Sep 8 09:05:37 UTC 2017
Hi DocHelp,
I had the situation where a Windows 2012 DC returns
NT_STATUS_ACCESS_DENIED for all NetrLogonSamLogonEx requests.
I finally managed to find that the DC didn't provide SYSVOL and NETLOGON
shares, this led to checking the SYSVOLReady key and it was 0.
(Under HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters)
After manually changing SYSVOLReady to 1 (just for short term testing)
NetrLogonSamLogonEx() worked fine.
I guess the following section in [MS-NRPC] 3.5.4.5.1 NetrLogonSamLogonEx
is supposed to describe this:
If the server cannot service the request due to an
implementation-specific condition, the server SHOULD
return STATUS_ACCESS_DENIED.
Can this please be extended maybe with a windows behavior note,
proposing SYSVOLReady = 0 as a possible reason for this behavior.
Is there more affected by this registry key than
all NetrLogonSamLogon* calls.
I'm wondering why [MS-ADTS] 6.3.3 LDAP Ping or 6.3.5 Mailslot Ping
would still return "normal" results in that case. As Samba made
use of such a DC, I'd guess yes, but I haven't verified if we just
ignore a LOGON_SAM_PAUSE_RESPONSE* response.
Thanks!
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20170908/affb5107/signature.sig>
More information about the cifs-protocol
mailing list