[cifs-protocol] [MS-NRPC] Session-Key Negotiation lacking details - TrackingID#2309080040007879

Jeff McCashland (He/him) jeffm at microsoft.com
Fri Sep 8 20:45:51 UTC 2023

[support on CC, updated Subject with new SR ID]

Hi Metze,

We have created SR 2309080040007879 to track this issue. I will look into it and get back to you. 

Best regards,
Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300

-----Original Message-----
From: Stefan Metzmacher <metze at samba.org> 
Sent: Thursday, September 7, 2023 11:27 PM
To: Jeff McCashland (He/him) <jeffm at microsoft.com>; Ralph Böhme <slow at samba.org>
Cc: cifs-protocol at lists.samba.org
Subject: [EXTERNAL] Re: [MS-NRPC] DCERPC_NCA_S_FAULT_INVALID_TAG returned instead of STATUS_INVALID_LEVEL - TrackingID#2307200040007944

Hi Jeff,

> We have updated [MS-NRPC] for the next release to address this issue. We have added the following Behavior Note to section
> <197> Section Windows RPC layer may return its own error code instead of STATUS_INVALID_LEVEL. The error code that a client gets depends on where the calling application is getting the error from:
> 1. If the client is running on Windows and calling Windows RPC APIs, they may get the Win32 error code RPC_S_INVALID_TAG ([MS-ERREF] section 2.2).
> 2. If the client is running on third-party operating systems or getting the error code from the wire, they may get nca_s_fault_invalid_tag (0x1C000006). ([C706-RSCP] DCE 1.1: Remote Procedure Call - Reject Status Codes and Parameters).
> 3. The conversion between the on-the-wire nca_s_fault_invalid_tag and Win32 error code RPC_S_INVALID_TAG is specified in [MS-RPCE] Section
> I hope that helps.

Yes, thanks!

In addition I think Session-Key Negotiation could be much more verbose in a way that it would describe how safe downgrade is possible and how an unsafe downgrade is detected.


More information about the cifs-protocol mailing list