[cifs-protocol] [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040006898

Jeff McCashland (He/him) jeffm at microsoft.com
Thu Jul 13 21:01:45 UTC 2023

[Mike to BCC]

Hi Ralph,

I will look into these questions and let you know what I find.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Michael Bowen <Mike.Bowen at microsoft.com>
Sent: Thursday, July 13, 2023 8:46 AM
To: Ralph Böhme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040006898

[DocHelp to BCC]

Hi Ralph.

Thank you for your inquiry. The case 2307130040006898 has been created to track this issue. One of our team members will contact you soon.

Best regards,
Mike Bowen
Escalation Engineer - Microsoft Open Specifications

-----Original Message-----
From: Ralph Boehme <slow at samba.org>
Sent: Thursday, July 13, 2023 2:11 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC?

Hello dochelp,

we're receiving numerous user reports that after installing KB5028166 related updates applications on Windows clients can't authenticate anymore against Samba AD DCs.


It looks like the Windows update introduced changes to netlogon that are not implemented in Samba and also not documented in MS-NRPC.

The logs on the Samba DC tells us the problem is a new NETLOGON_CAPABILITIES type "2":

[2023/07/12 18:04:47.063445,  1, pid=11202, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_function_debug)
        netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
           out: struct netr_LogonGetCapabilities
               return_authenticator     : *
                   return_authenticator: struct netr_Authenticator
                       cred: struct netr_Credential
                           data                     : XXXXXXXXXXXXXXXX
                       timestamp                : (time_t)0
               capabilities             : *
                   capabilities             : union
netr_Capabilities(case 2)
                   UNKNOWN LEVEL 2
               result                   : NT_STATUS_NOT_SUPPORTED

MS-NRPC only documents type 1:


Please read my description with a grain of salt, I'm not the netlogon expert on our team, just wanted to set the ball rolling... :)


Ralph Boehme, Samba Team                      https://samba.org/
SerNet Samba Team Lead                     https://sernet.de/en/

More information about the cifs-protocol mailing list