[cifs-protocol] [EXTERNAL] Re: Meaning of 'RoleStandalone' in [MS-GPOL] 3.2.5.1.4 Site Search - TrackingID#2401050040009225

Andreas Schneider asn at samba.org
Thu Jan 25 09:04:21 UTC 2024


On Wednesday, 24 January 2024 19:46:11 CET Obaid Farooqi wrote:
> Hi Anreas:
> Can you please run this test against the client machine and let me know if
> it works or fails?

Hi Obaid,

if I turn off the firewall on Windows 11 client an do a dsr_getsitename, it 
works.

bin/rpcclient ncacn_np:win-cli01.earth.milkyway.site -
UAdministrator at EARTH.MILKYWAY.SITE%Secret007! -c 'dsr_getsitename win-cli01'
Computer win-cli01 is on Site: Default-First-Site-Name

Note that this is about [MS-GPOL] 3.2.5.1.4 Site Search. We have an AD DC 
installed and also installed AD CS on that machine!
So the call is going to a DC and not a domain member. I guess that normally 
you install AD CS not on a domain controller.


> Regards,
> Obaid Farooqi
> Escalation Engineer | Microsoft
> 
> -----Original Message-----
> From: Andreas Schneider <asn at samba.org>
> Sent: Monday, January 22, 2024 4:36 AM
> To: cifs-protocol at lists.samba.org; Obaid Farooqi <obaidf at microsoft.com>
> Cc: cifs-protocol at lists.samba.org; Microsoft Support
> <supportmail at microsoft.com>; David Mulder <dmulder at samba.org> Subject: Re:
> [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in [MS-GPOL]
> 3.2.5.1.4 Site Search - TrackingID#2401050040009225
> On Friday, 19 January 2024 21:27:50 CET Obaid Farooqi wrote:
> > Hi Andreas:
> Hi Obaid,
> 
> > You can use you version of tttracer if it is not too old. Otherwise,
> > download it from the following link.
> > 
> > I have uploaded a zip file named PartnerTTDRecorder_x86_x64.zip to the
> > following folder.
> > 
> > https://supp/
> > ort.microsoft.com%2Ffiles%3Fworkspace%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
> > &data=05%7C02%7Cobaidf%40microsoft.com%7Cf7738e00b1e54559f13208dc1b35f
> > 308%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638415165733231063%7C
> > Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h
> > aWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8fAe7tFUIsKzhtYegGggpcK4c3fsZ
> > 2i06uzlQyCxQU0%3D&reserved=0
> > I1NiJ9.eyJ3c2lkIjoiYzQwNDk4MzEtZjM0Yy00M2VhLTliNzYtYzFmYWJiOTI4MmE4Iiw
> > ic3IiO
> > iIyNDAxMDUwMDQwMDA5MjI1IiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1
> > lYTNiZ
> > DZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJiMDE3ODY1Zi0
> > 1NzA3L
> > TQzOWMtYWIyMi1kNDc2ODllODNjYTUiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGE
> > ubWljc
> > m9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE3MTM0NzA2MDUsIm5iZiI
> > 6MTcwN
> > TY5NDYwNX0.uErnrXnaLbt5H-XVFC-5dZthblmzO0cShii9Zi-onyO3IwbQoo-culRB-wy
> > ftbSzI
> > HZvZbPIsV9CaCKXbBkM1VzXXahC3qazkppFm5hq_crFe9q2allAiFEz31mMCsNy6N6LcT3
> > U1BkRV
> > YFI_PejFbfZskveXwQx0yge32tYgs2Um8ZId-Mkc6QzV8YgBEsHY7Nhqxu3l4ruxWUbmAF
> > LYl-td
> > js7ffqjnnzoNeUTjqD8zvU8X2v7GhY-1kZr-p9FYG2Mh0waIVMjYqRWoYohp9gimDPSdXk
> > 0syMEz
> > f7GqO2HlAWTNx1kOOMAjPI1sgG_Dsd8IBcGDJBLJW-7TREwQw&wid=c4049831-f34c-43
> > ea-9b7
> > 6-c1fabb9282a8
> 
> I've uploaded the trace to the workspace.
> 
> 
> Best regards
> 
> 
>         Andreas
> 
> > Username: 2401050040009225_noemail at dtmxfer.onmicrosoft.com
> > Password: pvSf(EIv
> > 
> > Please open the link in a private browser window and download the
> > file, using credentials provided. Extract the content of amd64\ttd
> > folder in a folder on your DC in c:\ttt and execute the following steps:
> > 
> > 1. open an elevated cmd (run as administrator) windows 2. execute the
> > following command to get the PID of the lsass process
> > 
> >         C:\ttt>tasklist | findstr /I lsass 3. From the output of the
> > 
> > above command, please note the number. The number is the PID of lsass
> > 4. Now execute the following command to start tracing lsass
> > 
> >         C:\ttt>tttracer.exe -attach PID
> >     
> >     where Pid is the number obtained in step 2 5. Wait for a little
> > 
> > windows to pop up in the top left coner of your display, titled
> > lsass01.run 6. start network capture 7. reproduce the error 8. after
> > repro is done, please click on "Tracing off" button in the window
> > lsass01.run 9. this will create lsass01.run file.
> > 10. save network capture.
> > 11. zip lsass01.run and network capture and upload to the workspace above.
> > 
> > Regards,
> > Obaid Farooqi
> > Escalation Engineer | Microsoft
> > 
> > -----Original Message-----
> > From: Andreas Schneider <asn at samba.org>
> > Sent: Friday, January 19, 2024 2:22 PM
> > To: cifs-protocol at lists.samba.org; Obaid Farooqi
> > <obaidf at microsoft.com>
> > Cc: cifs-protocol at lists.samba.org; Microsoft Support
> > <supportmail at microsoft.com>; David Mulder <dmulder at samba.org> Subject: Re:
> > [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in
> > [MS-GPOL]
> > 3.2.5.1.4 Site Search - TrackingID#2401050040009225 On Friday, 19
> > 
> > January 2024 20:30:17 CET Obaid Farooqi wrote:
> > > Hi Andreas:
> > > I'll need some traces from you. Let me see what processes runs these
> > > methods and then I'll send you bits and instructions to collect traces.
> > 
> > I can send you traces on Monday. I have a TTracer here.
> > 
> > > Regards,
> > > Obaid Farooqi
> > > Escalation Engineer | Microsoft
> > > 
> > > -----Original Message-----
> > > From: Andreas Schneider <asn at samba.org>
> > > Sent: Friday, January 19, 2024 5:42 AM
> > > To: Obaid Farooqi <obaidf at microsoft.com>;
> > > cifs-protocol at lists.samba.org
> > > Cc: cifs-protocol at lists.samba.org; Microsoft Support
> > > <supportmail at microsoft.com>; David Mulder <dmulder at samba.org> Subject:
> > > [EXTERNAL] Re: [cifs-protocol] Meaning of 'RoleStandalone' in
> > > [MS-GPOL]
> > > 3.2.5.1.4 Site Search - TrackingID#2401050040009225
> > > 
> > > On Thursday, 18 January 2024 21:37:59 CET David Mulder via
> > > cifs-protocol
> > > 
> > > wrote:
> > > > On 1/11/24 12:42 PM, Obaid Farooqi wrote:
> > > > > Hi David:
> > > > > The definition of 'DsRole_RoleStandaloneWorkstation' and
> > > > > 'DsRole_RoleStandaloneServer' (and others) is in MS-DSSP section
> > > > > 2.2.2.
> > > > > 
> > > > > Please review that and let me know if that information resolves
> > > > > your question. If it does not, please rephrase your question in
> > > > > the light of the information about the roles.
> > > > > 
> > > > > Although MS-DSSP is listed in the normative references in
> > > > > MS-GPOL, I'll file a bug to add a reference to section 2.2.2 of
> > > > > MS-DSSP in MS-GPOL for further clarity.
> > > > 
> > > > Sorry for the slow response. In that case, based on those
> > > > descriptions, the server *is* returning an unexpected response.
> > > > The spec says it should return ERROR_NO_SITENAME, but it is
> > > > actually returning INVALID_COMPUTERNAME.
> > > 
> > > Hi,
> > > 
> > > here is how to reproduce it:
> > > 
> > > * I've installed a Windows Server with Active Directory (win-dc01)
> > > * I installed a Windows 11 machine (win-cli01) and joined it to AD
> > > * I used Samba's rpcclient to do a DsrGetSitename request:
> > > 
> > > bin/rpcclient ncacn_np:win-dc01.earth.milkyway.site \
> > > 
> > >   -UAdministrator at EARTH.MILKYWAY.SITE -c 'dsr_getsitename win-cli01'
> > > 
> > > rpccli_netlogon_dsr_gesitename returned
> > > NT_STATUS_INVALID_COMPUTER_NAME result was WERR_INVALID_COMPUTERNAME
> > > 
> > > [MS-NRPC] 3.5.4.3.6 DsrGetSiteName only documents ERROR_NO_SITENAME
> > > 
> > > --
> > > Andreas Schneider                      asn at samba.org
> > > Samba Team                             http://www.samba.org/
> > > GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
> > 
> > --
> > Andreas Schneider                      asn at samba.org
> > Samba Team                             http://www.samba.org/
> > GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
> 
> --
> Andreas Schneider                      asn at samba.org
> Samba Team                             http://www.samba.org/
> GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D


-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D





More information about the cifs-protocol mailing list