[cifs-protocol] [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040006898

Jeff McCashland (He/him) jeffm at microsoft.com
Wed Jul 19 17:44:59 UTC 2023 

Hi Ralph,

The updates have been published in an Errata document for later inclusion in [MS-NRPC]:

Windows Protocols Errata: [MS-NRPC]: Netlogon Remote Protocol
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-winerrata/69ffd0ac-a0dd-49f2-96ad-6720441b0a93

Please let us know if this does not address the issue below.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Jeff McCashland (He/him)
Sent: Monday, July 17, 2023 2:03 PM
To: Ralph Böhme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040006898

Hi Ralph,

We expect to publish an updated [MS-NRPC] release this week with changes related to the 7/11 updates.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Jeff McCashland (He/him)
Sent: Thursday, July 13, 2023 2:02 PM
To: Ralph Böhme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040006898

[Mike to BCC]

Hi Ralph,

I will look into these questions and let you know what I find.

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Michael Bowen <Mike.Bowen at microsoft.com>
Sent: Thursday, July 13, 2023 8:46 AM
To: Ralph Böhme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
Subject: RE: [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC? - TrackingID#2307130040006898

[DocHelp to BCC]

Hi Ralph.

Thank you for your inquiry. The case 2307130040006898 has been created to track this issue. One of our team members will contact you soon.

Best regards,
Mike Bowen
Escalation Engineer - Microsoft Open Specifications

-----Original Message-----
From: Ralph Boehme <slow at samba.org>
Sent: Thursday, July 13, 2023 2:11 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] KB5028166 introduced undocumented changes to MS-NRPC?

Hello dochelp,

we're receiving numerous user reports that after installing KB5028166 related updates applications on Windows clients can't authenticate anymore against Samba AD DCs.

https://bugzilla.samba.org/show_bug.cgi?id=15418

It looks like the Windows update introduced changes to netlogon that are not implemented in Samba and also not documented in MS-NRPC.

The logs on the Samba DC tells us the problem is a new NETLOGON_CAPABILITIES type "2":

[2023/07/12 18:04:47.063445,  1, pid=11202, effective(0, 0), real(0, 0), class=rpc_parse] ../../librpc/ndr/ndr.c:490(ndr_print_function_debug)
        netr_LogonGetCapabilities: struct netr_LogonGetCapabilities
           out: struct netr_LogonGetCapabilities
               return_authenticator     : *
                   return_authenticator: struct netr_Authenticator
                       cred: struct netr_Credential
                           data                     : XXXXXXXXXXXXXXXX
                       timestamp                : (time_t)0
               capabilities             : *
                   capabilities             : union
netr_Capabilities(case 2)
                   UNKNOWN LEVEL 2
               result                   : NT_STATUS_NOT_SUPPORTED

MS-NRPC only documents type 1:

<https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/f03cad67-077f-4042-80b0-cdc38dca9968>

Please read my description with a grain of salt, I'm not the netlogon expert on our team, just wanted to set the ball rolling... :)

Thanks!
-slow

--
Ralph Boehme, Samba Team                      https://samba.org/
SerNet Samba Team Lead                     https://sernet.de/en/

More information about the cifs-protocol mailing list