[cifs-protocol] [MS-PKCA] 2.2.3: paChecksum2 includes KERB-ALGORITHM-IDENTIFIER, which is undefined - TrackingID#2501220040012025
Julien Rische
jrische at redhat.com
Thu Jan 23 11:00:48 UTC 2025
Thank you Jeff.
Could you also provide the list of the object identifiers (OIDs)
accepted as "algorithm" element?
--
Julien Rische
On Wed, Jan 22, 2025 at 7:41 PM Jeff McCashland (He/him)
<jeffm at microsoft.com> wrote:
>
> Hi Julien,
>
> We have created SR 2501220040012025 to track this new question. I will file a document update request to add the definition of KERB-ALGORITHM-IDENTIFIER.
>
> It will look something like this:
>
> KERB-ALGORITHM-IDENTIFIER::= SEQUENCE {
> algorithm OBJECT IDENTIFIER,
> parameters NOCOPYANY OPTIONAL
> }
>
> Let us know if you find anything else.
>
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
>
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
>
> Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
>
>
>
> ________________________________
> From: Julien Rische <jrische at redhat.com>
> Sent: Wednesday, January 22, 2025 3:01 AM
> To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> Subject: Re: [EXTERNAL] Re: Server 2025 PKINIT regression: ECDH works for SHA2 w/p paChecksum2 - TrackingID#2501140040014216
>
> Hi Jeff,
>
> Thank you for confirming this.
>
> Just a last question on this topic: You mentioned section 2.2.3 from
> MS-PKCA[1] where PAChecksum2 is defined. However, this definition
> references the KERB-ALGORITHM-IDENTIFIER type which is not defined
> anywhere in Open Specifications. Is this type actually referring to
> AlgorithmIdentifier from X.509-88 (or RFC5280[2])?
>
> AlgorithmIdentifier ::= SEQUENCE {
> algorithm OBJECT IDENTIFIER,
> parameters ANY DEFINED BY algorithm OPTIONAL
> }
>
> If so, could you list the OIDs currently accepted by Windows Server
> 2025 for the "algorithm" element? Are they the OIDs from RFC5754[3]?
>
> --
> Julien Rische
>
> [1] https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-pkca%2F8270b791-0201-4231-9d89-e5074459be2f&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417808125%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=6ilICf%2BH8gXcsgiC9qjOCpCt9xDH3NG%2F%2FzD4iWLzn5g%3D&reserved=0
> [2] https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc5280%23section-4.1.1.2&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417821813%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OvBXWFVhg5Kzc6nsjqT%2BBIxYeza0fUfbv5YfYpAlW78%3D&reserved=0
> [3] https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc5754%23section-2&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417830071%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=%2BPrQDPuqLOE%2BSMWFwzR3%2F1w7zOpzSizZUl%2Fb3e3Qui4%3D&reserved=0
>
> On Tue, Jan 21, 2025 at 8:25 PM Jeff McCashland (He/him)
> <jeffm at microsoft.com> wrote:
> >
> > Hi Julien,
> >
> > I was able to confirm in our source code that ECDH is a singular exception. If you're using ECDH, Windows will not check for paChecksum2, only paChecksum. As for what will be required in the future, I wouldn't be able to say.
> >
> > I will file a request to update the documentation and follow up. Let us know if you have any other questions.
> >
> > Best regards,
> > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> >
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> >
> > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417845033%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Jxh7OPWldGRSkRdW9CEvjTrx%2FIqRwrGoOIIqXsnUnxE%3D&reserved=0 | Extension 1138300
> >
> >
> >
> > ________________________________
> > From: Julien Rische <jrische at redhat.com>
> > Sent: Friday, January 17, 2025 3:27 AM
> > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > Subject: [EXTERNAL] Re: Server 2025 PKINIT regression: ECDH works for SHA2 w/p paChecksum2 - TrackingID#2501140040014216
> >
> > Hi Jeff,
> >
> > I just re-uploaded these files from #2412190040009154, as they already
> > demonstrate this behavior:
> >
> > [02_lsass_pkinit_ecdh_p256.zip] Compressed LSASS trace of a successful
> > pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> > signature.
> > [02_pkinit_ecdh_p256.pcap] Network trace of a successful
> > pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> > signature.
> > [02_ad2025.keytab] All Kerberos keys in the AD domain.
> >
> > --
> > Julien Rische
> > On Thu, Jan 16, 2025 at 8:43 PM Jeff McCashland (He/him)
> > <jeffm at microsoft.com> wrote:
> > >
> > > Hi Julien,
> > >
> > > Please collect an LSASS TTT trace as before showing the ECDH succeeding and upload it to this new link (below). Let me know if you need the tools or collection instructions again.
> > >
> > > Upload link: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Ffiles%3Fworkspace%3DeyJhbGciOiJSUzI1NiIsImtpZCI6IjgxMTA4NjE5MTQzMTQ1NTc0QUYxMjI3NjhGMEIzNDkyRkYyNTczNEYiLCJ0eXAiOiJKV1QifQ.eyJ3c2lkIjoiMGY0NjFjYmQtMDllYi00ZDRlLWIyYTgtZmU1YzhjMGEzNDExIiwic3IiOiIyNTAxMTQwMDQwMDE0MjE2Iiwic3YiOiJ2MSIsInJzIjoiRXh0ZXJuYWwiLCJ3dGlkIjoiMjk4MGY4N2ItMTc3NC00MDRkLTk4NGQtMzRhZjQ3Y2I0NWNjIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJuYmYiOjE3MzcwNTY1MzgsImV4cCI6MTc0NDgzMjUzOCwiaWF0IjoxNzM3MDU2NTM4LCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMifQ.erfTbhyGZ3w3mCMMOeOLnziYzAbaQZgodpaGpq56E1GKFb3MDlFpOs9nFTVDeSGtGAIGT-DyCvCDs9uudYHxqjE5zT1pCiVo9LGpPm9J7y0Thdm41F78tFnqtupKNRjHx7xfid8e4Vflwfw-hXuOVk_E91GbN15YTck4lDnV0W1u8jMTqdEuJ0VeDvotz4gz9yvDQHXkgHnlBZuRKXK8xhjc9YRO4-uKgvYCoO-n-yHXvyULc0Ngd-7pMX1dubWGheqRHTCSwFe-qEDB4Gy5VuVNQ5nnvxew0joDz_ZMRphMOXgubnUqaqWnU535Al-TSnBQZJLmmnMZgz8dm_EBSw%26wid%3D0f461cbd-09eb-4d4e-b2a8-fe5c8c0a3411&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417853250%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=dIfxvxOGvP%2FW7QQ7l3Fc%2FRGaBne6syAzvaVL2valL6s%3D&reserved=0
> > >
> > > Best regards,
> > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > >
> > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > >
> > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417861715%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=h2uTrIArE6OVBClY5vAY9F5mo7V3JBoJGU4u8UJI0QU%3D&reserved=0 | Extension 1138300
> > >
> > >
> > >
> > >
> > > ________________________________
> > > From: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > Sent: Tuesday, January 14, 2025 3:06 PM
> > > To: Julien Rische <jrische at redhat.com>
> > > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > Subject: Server 2025 PKINIT regression: ECDH works for SHA2 w/p paChecksum2 - TrackingID#2501140040014216
> > >
> > > Hi Julien,
> > >
> > > Thank you for reminding me of that outstanding question. We have created SR 2501140040014216 to track the question of why ECDH with SHA2 works without paChecksum2. I will dig into this and let you know what I find.
> > >
> > > Best regards,
> > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > >
> > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > >
> > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417869689%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OdsVxuHW27L95Nv2S55Kb4lOr7r9d32fZIhEl6WkT6M%3D&reserved=0 | Extension 1138300
> > >
> > >
> > >
> > > ________________________________
> > > From: Julien Rische <jrische at redhat.com>
> > > Sent: Tuesday, January 14, 2025 2:26 AM
> > > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > >
> > > Hello Jeff,
> > >
> > > Thank you for your answers.
> > >
> > > As demonstrated in one of the traces, it seems that AD accepts PKINIT
> > > AS-REQ without paChecksum2 when SHA-256 is used with ECDH (contrary to
> > > FFDH). Is this behavior here to stay, or will paChecksum2 be required
> > > for ECDH+RSA/SHA-2 too in Windows Server 2025 eventually?
> > >
> > > --
> > > Julien Rische
> > >
> > > On Mon, Jan 13, 2025 at 8:39 PM Jeff McCashland (He/him)
> > > <jeffm at microsoft.com> wrote:
> > > >
> > > > Hi Alexander,
> > > >
> > > > Excellent observation. The paChecksum2 value follows the freshness token.
> > > >
> > > > typedef struct PKAuthenticator {
> > > > union {
> > > > ASN1uint16_t bit_mask;
> > > > ASN1octet_t o[1];
> > > > };
> > > > ASN1uint32_t cusec;
> > > > KERB_TIME client_time;
> > > > ASN1uint32_t nonce;
> > > > # define paChecksum_present 0x80
> > > > ASN1octetstring_t paChecksum;
> > > > # define freshnessToken_present 0x40
> > > > ASN1octetstring_t freshnessToken;
> > > > # define paChecksum2_present 0x20
> > > > PAChecksum2 paChecksum2;
> > > > } PKAuthenticator;
> > > >
> > > > I will follow up and request any needed documentation updates.
> > > >
> > > > Best regards,
> > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > > >
> > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > > >
> > > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417877549%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=zkGnWWsU%2BimK7NcEMeIPgmzEG6Nv%2Bs2SCMuIm9J0Aok%3D&reserved=0 | Extension 1138300
> > > >
> > > >
> > > >
> > > > ________________________________
> > > > From: Alexander Bokovoy <ab at samba.org>
> > > > Sent: Monday, January 13, 2025 11:33 AM
> > > > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > Cc: Julien Rische <jrische at redhat.com>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > >
> > > > Hi Jeff,
> > > >
> > > > On Пан, 13 сту 2025, Jeff McCashland (He/him) wrote:
> > > > > Hi Julien and Alexander,
> > > > >
> > > > > What I found in the trace is that the server is finding a paChecksum, but no paChecksum2, which is required when using anything other than SHA-1:
> > > > >
> > > > > [MS-PKCA] 2.2.3 PA-PK-AS-REQ
> > > > > The PA-PK-AS-REQ message format is specified in [RFC4556] section
> > > > > 3.2.1.<10> PKAuthenticator in [RFC4556] is extended to add the
> > > > > following PAChecksum2<11>. If a checksum algorithm other than SHA-1 is
> > > > > used, this message MUST be present. If this field is present, it will
> > > > > always be validated even if it is SHA-1.
> > > > > PAChecksum2 ::= SEQUENCE {
> > > > > checksum [0] OCTET STRING,
> > > > > algorithmIdentifier [1] KERB-ALGORITHM-IDENTIFIER
> > > > > }
> > > > > <11> Section 2.2.3: The extension of PKAuthenticator in PA-PK-AS-REQ
> > > > > is only applicable to Windows Server 2022, 23H2 operating system.
> > > > > Windows Server 2022, 23H2 DCs will send back
> > > > > TD-CMS-DIGEST-ALGORITHMS-DATA as described in [RFC8636] section 4. CMS
> > > > > Digest Algorithm Agility.
> > > > >
> > > > > I believe the solution is to add a paChecksum2 to the PA-PK-AS-REQ. Let me know if you have any questions.
> > > >
> > > > Thank you for pointing this out.
> > > >
> > > > There is one problem, though. RFC 8070 extends PKAuthenticator as well,
> > > > by adding freshnessToken right after paChecksum:
> > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8070%23section-4&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417885432%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=aOE6%2FInPJTDuRT7awYrvWKrJI%2BO0q3Kdf04aetOAjvg%3D&reserved=0
> > > >
> > > > PKAuthenticator ::= SEQUENCE {
> > > > cusec [0] INTEGER (0..999999),
> > > > ctime [1] KerberosTime,
> > > > -- cusec and ctime are used as in [RFC4120], for
> > > > -- replay prevention.
> > > > nonce [2] INTEGER (0..4294967295),
> > > > -- Chosen randomly; this nonce does not need to
> > > > -- match with the nonce in the KDC-REQ-BODY.
> > > > paChecksum [3] OCTET STRING OPTIONAL,
> > > > -- MUST be present.
> > > > -- Contains the SHA1 checksum, performed over
> > > > -- KDC-REQ-BODY.
> > > > ...,
> > > > freshnessToken [4] OCTET STRING OPTIONAL,
> > > > -- PA_AS_FRESHNESS padata value as received from the
> > > > -- KDC. MUST be present if sent by KDC
> > > > ...
> > > > }
> > > >
> > > > Can you please expand on whether paChecksum2 is added after or before
> > > > the freshnessToken? e.g. does paChecksum2 has index [5] or [4]?
> > > >
> > > > If it is indeed paChecksum2 [5], then a reference to RFC 8070 is missing
> > > > in the MS-PKCA 2.2.3.
> > > >
> > > > I think MS-PKCA would need an update about this detail as MS-PKCA 3.1.5
> > > > explicitly states:
> > > >
> > > > PKCA SHOULD<14> support the PKINIT Freshness Extension [RFC8070].
> > > >
> > > > so MS-PKCA 2.2.3 would need to refer to RFC8070, not just to RFC4556.
> > > >
> > > >
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > > > >
> > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > > > >
> > > > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417893356%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=uXWwn4gk6QNK1qEhGYc%2F6DHjBf9Gqs0M1RxyLiKDg5w%3D&reserved=0 | Extension 1138300
> > > > >
> > > > >
> > > > >
> > > > > ________________________________
> > > > > From: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > Sent: Tuesday, January 7, 2025 1:16 PM
> > > > > To: Julien Rische <jrische at redhat.com>
> > > > > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > >
> > > > > Thank you for the rapid response and for uploading the additional traces. I will dig into these and let you know what I find.
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > > > >
> > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > > > >
> > > > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417901120%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YAdpfq9DAxBANXgMx4ly5DIXYh3hplZ804EmS%2B%2Bbsxo%3D&reserved=0 | Extension 1138300
> > > > >
> > > > >
> > > > >
> > > > > ________________________________
> > > > > From: Julien Rische <jrische at redhat.com>
> > > > > Sent: Tuesday, January 7, 2025 11:33 AM
> > > > > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > >
> > > > > Hello Jeff,
> > > > >
> > > > > I uploaded 5 additional files, including the LSASS traces obtained
> > > > > following the procedure described in your previous message:
> > > > >
> > > > > [02_lsass_pkinit_ffdh_modp14.zip] Compressed LSASS trace of a failing
> > > > > pre-authentication process for FFDH with MODP group 14 (2046-bit) and
> > > > > RSA/SHA-256 signature.
> > > > > [02_pkinit_ffdh_modp14.pcap] Network trace of a failing
> > > > > pre-authentication process for FFDH with MODP group 14 (2046-bit) and
> > > > > RSA/SHA-256 signature.
> > > > > [02_lsass_pkinit_ecdh_p256.zip] Compressed LSASS trace of a successful
> > > > > pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> > > > > signature.
> > > > > [02_pkinit_ecdh_p256.pcap] Network trace of a successful
> > > > > pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> > > > > signature.
> > > > > [02_ad2025.keytab] All Kerberos keys in the AD domain.
> > > > >
> > > > > --
> > > > > Julien Rische
> > > > >
> > > > > On Mon, Jan 6, 2025 at 9:03 PM Jeff McCashland (He/him)
> > > > > <jeffm at microsoft.com> wrote:
> > > > > >
> > > > > > Hi Julien,
> > > > > >
> > > > > > Thank you for uploading the net traces and information. Please follow the instructions below to collect an LSASS trace of the scenario where you get the KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED error ('unknown' error code 79 from Alexander's original description).
> > > > > >
> > > > > > The LSASS traces can be quite large, but are highly compressible, so please add them to a .zip archive before uploading (file transfer workspace link is below). Please log into the workspace and find PartnerTTDRecorder_x86_x64.zip available for download. The x64 tool can be staged onto the Windows server in any location (instructions below assume C:\TTD).
> > > > > >
> > > > > > To collect the needed traces:
> > > > > > 1. From a PowerShell prompt, execute:
> > > > > > C:\TTD\tttracer.exe -Attach ([int](Get-Process -NAME lsass | Format-Wide -Property ID).formatEntryInfo.formatPropertyField.propertyValue)
> > > > > > 2. Wait for a little window to pop up in top left corner of your screen, titled “lsass01.run”
> > > > > > 3. start a network trace using netsh or WireShark, etc.
> > > > > > 4. Repro the attempted operation
> > > > > > 5. Stop the network trace and save it
> > > > > > 6. CAREFULLY: uncheck the checkbox next to “Tracing” in the small “lsass01.run” window. Do not close or exit the small window or you will need to reboot.
> > > > > > 7. The TTTracer.exe process will generate a trace file, then print out the name and location of the file.
> > > > > > Compress the *.run file into a .zip archive before uploading with the matching network trace. It is a good idea to reboot the machine at the next opportunity to restart the lsass process.
> > > > > >
> > > > > > Best regards,
> > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > > > > >
> > > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > > > > >
> > > > > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417908866%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Kk6DrmTGkzgTRSPt4sD%2F3jjA2xvI1bbrXg6bjbltkZY%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417916628%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=cv8GKyZlJg%2FihNSbK8z03Cir1H5mJY5CkhMusR56%2Bc0%3D&reserved=0> | Extension 1138300
> > > > > >
> > > > > >
> > > > > >
> > > > > > ________________________________
> > > > > > From: Julien Rische <jrische at redhat.com>
> > > > > > Sent: Monday, January 6, 2025 2:27 AM
> > > > > > To: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > > > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > > >
> > > > > > Hello Jeff,
> > > > > >
> > > > > > I uploaded the network traces to the file transfer link you provided:
> > > > > >
> > > > > > [00_ad2025.pcap] Network trace of a failing pre-authentication process
> > > > > > with RSA/SHA-256 and RSA/SHA-512 as supportedCMSTypes.
> > > > > > [00_ad2025_sha1.pcap] Network trace of a failing pre-authentication
> > > > > > process with RSA/SHA-256, RSA/SHA-512, and RSA/SHA-1 as
> > > > > > supportedCMSTypes.
> > > > > > [00_ad2025.keytab] All Kerberos keys in the AD domain.
> > > > > >
> > > > > > [01_gp_pkinit_digest.png] Screenshot of the "Computer
> > > > > > Configuration\Policies\Administrative Templates\System\KDC\Configure
> > > > > > hash algorithms for certificate logon" global policy settings.
> > > > > > [01_pkinit_ffdh_modp14.pcap] Network trace of a failing
> > > > > > pre-authentication process for FFDH with MODP group 14 (2046-bit) and
> > > > > > RSA/SHA-256 signature.
> > > > > > [01_pkinit_ecdh_p256.pcap] Network trace for a successful
> > > > > > pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> > > > > > signature.
> > > > > > [01_ad2025.keytab] All Kerberos keys in the AD domain.
> > > > > >
> > > > > > My Microsoft account uses the present email address: jrische at redhat.com
> > > > > >
> > > > > > --
> > > > > > Julien Rische
> > > > > >
> > > > > > On Fri, Jan 3, 2025 at 9:12 PM Jeff McCashland (He/him)
> > > > > > <jeffm at microsoft.com> wrote:
> > > > > > >
> > > > > > > Hello Julien and Alexander,
> > > > > > >
> > > > > > > Actually, what we need to troubleshoot this issue is to collect a TTD trace of the LSASS process. In order to download the tool needed to collect the trace, you will need a Microsoft account. These can be created free at live.com.
> > > > > > >
> > > > > > > Please send me the Microsoft account email address you will use to download the tools, and I will send the link.
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > > > > > >
> > > > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > > > > > >
> > > > > > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417925951%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ah1To%2Bwt2HyUqwd14EG0zqaHPvVrHCAJji8VVini6HY%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417934015%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ffee0ZYwasN3jEGtrWN5ATgR%2Fz37VwzEPuEdwZQ%2F2bc%3D&reserved=0> | Extension 1138300
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ________________________________
> > > > > > > From: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > > > Sent: Friday, December 27, 2024 11:30 AM
> > > > > > > To: Julien Rische <jrische at redhat.com>; Alexander Bokovoy <ab at samba.org>
> > > > > > > Cc: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > > > > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > > > >
> > > > > > > Hi Julien and Alexander,
> > > > > > >
> > > > > > > Alexander mentioned ad2025.pcap and ad2025_sha1.pcap, and Julien mentioned 2 additional unnamed captures.
> > > > > > >
> > > > > > > Please upload any relevant traces to the link below, as we are not allowed to accept files by email. Also, it would help if you could specify which traces and frames relate to which aspects of your question, that would save time.
> > > > > > >
> > > > > > > Also, it's not clear to me (yet), if the additional information from Julien modifies or answers any part of Alexander's original question.
> > > > > > >
> > > > > > > Secure file link: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Ffiles%3Fworkspace%3DeyJhbGciOiJSUzI1NiIsImtpZCI6IjgxMTA4NjE5MTQzMTQ1NTc0QUYxMjI3NjhGMEIzNDkyRkYyNTczNEYiLCJ0eXAiOiJKV1QifQ.eyJ3c2lkIjoiNjgzMzc2YjUtNjczZC00ZGVkLTlmYzUtYjRiOTUzMmJmNzE4Iiwic3IiOiIyNDEyMTkwMDQwMDA5MTU0Iiwic3YiOiJ2MSIsInJzIjoiRXh0ZXJuYWwiLCJ3dGlkIjoiYjA0NWU2MDgtMWY3MC00OTE3LTk4MTAtZjA0OGJlNGVlODI2IiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJuYmYiOjE3MzUzMjc3NzAsImV4cCI6MTc0MzEwMzc3MCwiaWF0IjoxNzM1MzI3NzcwLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMifQ.d23KDsdUj68vCL0fEY2hpp2wjG65vYVtGh2E9Bu1mqT8YM-Q6bkewOhrHJbML0Fcr_ijDp89UMkAb0h70iCJCQojecjI8NPzgrkCm11GzScvTRcvJqyChhZ-9T731ZGSRV8wnxrrETLsuTjCo88_gAqRF3oBQdUuriBtI5z_xh-qUqrqcl-9q2nqxqhMzd3rA7Chkk5EMSRv5U1hnWhH5etJ-kUj8-HJB4eihMGPQ7NVPjCrVy04opSBf-XgkHjSsx_j_-q7EsbOR7ic3aWdEwZS5eppFpc4C4JMNpCauM4is23XWNoYwDZ9vP9CnyKPZfSMlF-5fC4k_4Q3KzcsNw%26wid%3D683376b5-673d-4ded-9fc5-b4b9532bf718&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417942030%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=UuNZjI6pFKJBVghO8HbragmdtrFTO6YicvOf06DrQnQ%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Ffiles%3Fworkspace%3DeyJhbGciOiJSUzI1NiIsImtpZCI6IjgxMTA4NjE5MTQzMTQ1NTc0QUYxMjI3NjhGMEIzNDkyRkYyNTczNEYiLCJ0eXAiOiJKV1QifQ.eyJ3c2lkIjoiNjgzMzc2YjUtNjczZC00ZGVkLTlmYzUtYjRiOTUzMmJmNzE4Iiwic3IiOiIyNDEyMTkwMDQwMDA5MTU0Iiwic3YiOiJ2MSIsInJzIjoiRXh0ZXJuYWwiLCJ3dGlkIjoiYjA0NWU2MDgtMWY3MC00OTE3LTk4MTAtZjA0OGJlNGVlODI2IiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJuYmYiOjE3MzUzMjc3NzAsImV4cCI6MTc0MzEwMzc3MCwiaWF0IjoxNzM1MzI3NzcwLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMifQ.d23KDsdUj68vCL0fEY2hpp2wjG65vYVtGh2E9Bu1mqT8YM-Q6bkewOhrHJbML0Fcr_ijDp89UMkAb0h70iCJCQojecjI8NPzgrkCm11GzScvTRcvJqyChhZ-9T731ZGSRV8wnxrrETLsuTjCo88_gAqRF3oBQdUuriBtI5z_xh-qUqrqcl-9q2nqxqhMzd3rA7Chkk5EMSRv5U1hnWhH5etJ-kUj8-HJB4eihMGPQ7NVPjCrVy04opSBf-XgkHjSsx_j_-q7EsbOR7ic3aWdEwZS5eppFpc4C4JMNpCauM4is23XWNoYwDZ9vP9CnyKPZfSMlF-5fC4k_4Q3KzcsNw%26wid%3D683376b5-673d-4ded-9fc5-b4b9532bf718&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417950232%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=AHHNDLxRDjwjDpKAbjK5TC%2F90fBxhIh6YUvk6q4xs30%3D&reserved=0>
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > > > > > >
> > > > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > > > > > >
> > > > > > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417958422%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=gwE2pa3yGgx7PdLtmxzgQFG%2BMZ5RBs%2BDyYU7dmx6A7U%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417965965%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=L5BLENcf9kSL9PTNR4QA%2BMnRnlfjTlNAt4a4X8kNBqg%3D&reserved=0> | Extension 1138300
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ________________________________
> > > > > > > From: Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > > > Sent: Monday, December 23, 2024 8:29 PM
> > > > > > > To: Julien Rische <jrische at redhat.com>
> > > > > > > Cc: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Alexander Bokovoy <ab at samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > > > > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > > > >
> > > > > > > [Kristian to BCC]
> > > > > > >
> > > > > > > Hi Julien,
> > > > > > >
> > > > > > > I will investigate your question, and get back to you. I am out the next 2 days for holiday, back on Thursday.
> > > > > > >
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
> > > > > > >
> > > > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
> > > > > > >
> > > > > > > Local country phone number found here: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417973677%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=sbyWkNwsQ5jtwB9WAAwb%2BaCSHpmPoXVXF2evCfKaDa8%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417981273%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=4HA1MqaXZ6ao%2Fx2K9TuKuhSm3iPAuPYhUVJk%2FA%2Bn8Ts%3D&reserved=0> | Extension 1138300
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ________________________________
> > > > > > > From: Kristian Smith <Kristian.Smith at microsoft.com>
> > > > > > > Sent: Monday, December 23, 2024 1:31 PM
> > > > > > > To: Julien Rische <jrische at redhat.com>; Jeff McCashland (He/him) <jeffm at microsoft.com>
> > > > > > > Cc: cifs-protocol at lists.samba.org <cifs-protocol at lists.samba.org>; Alexander Bokovoy <ab at samba.org>; Microsoft Support <supportmail at microsoft.com>
> > > > > > > Subject: RE: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > > > >
> > > > > > > [Mike to Bcc, adding Jeff]]
> > > > > > > Hi Julien,
> > > > > > >
> > > > > > > Thanks for the information. Also, after some workload adjustments, @Jeff McCashland will be working on your case moving forward.
> > > > > > >
> > > > > > > Apologies for the confusion.
> > > > > > >
> > > > > > > Regards,
> > > > > > > Kristian Smith
> > > > > > > Support Escalation Engineer | Microsoft® Corporation
> > > > > > > Email: kristian.smith at microsoft.com
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Michael Bowen <Mike.Bowen at microsoft.com>
> > > > > > > Sent: Monday, December 23, 2024 10:05 AM
> > > > > > > To: Julien Rische <jrische at redhat.com>; Kristian Smith <Kristian.Smith at microsoft.com>
> > > > > > > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
> > > > > > > Subject: RE: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > > > >
> > > > > > > Hi Julien,
> > > > > > >
> > > > > > > Thanks for the update. @Kristian Smith is handling your case, so I'm forwarding this to him to help him with your issue. Happy Holidays!
> > > > > > >
> > > > > > > - Michael
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Julien Rische <jrische at redhat.com>
> > > > > > > Sent: Monday, December 23, 2024 5:32 AM
> > > > > > > To: Michael Bowen <Mike.Bowen at microsoft.com>
> > > > > > > Cc: Alexander Bokovoy <ab at samba.org>; cifs-protocol at lists.samba.org; Microsoft Support <supportmail at microsoft.com>
> > > > > > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression - TrackingID#2412190040009154
> > > > > > >
> > > > > > > [You don't often get email from jrische at redhat.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
> > > > > > >
> > > > > > > Hello Michael,
> > > > > > >
> > > > > > > It has come to our attention that Windows Server 2025 now has support for allowing and disallowing digest algorithms in PKINIT. We made some tests by modifying the "Computer Configuration\Policies\Administrative
> > > > > > > Templates\System\KDC\Configure hash algorithms for certificate logon".
> > > > > > >
> > > > > > > This configuration seems to take effect, because disallowing SHA-256 causes elliptic curve Diffie-Hellman to fail. However, allowing all SHA versions does not fix the problem when using finite field Diffie-Hellman.
> > > > > > >
> > > > > > > In attachment, you will find 2 network traces showing a successful pre-authentication process for ECDH with curve P-256 and RSA/SHA-256 signature, and a failing one for FFDH with MODP group 14 (2046-bit) and RSA/SHA-256 signature. In both cases all SHA versions are allowed in the above group policy.
> > > > > > >
> > > > > > > --
> > > > > > > Julien Rische
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Dec 19, 2024 at 5:33 PM Michael Bowen via cifs-protocol <cifs-protocol at lists.samba.org> wrote:
> > > > > > > >
> > > > > > > > [DocHelp to bcc]
> > > > > > > >
> > > > > > > > Hi Alexander,
> > > > > > > >
> > > > > > > > Thanks for your question about Windows Server 2025 and Kerberos. I've created case number 2412190040009154 to track this issue, please leave the number in the subject line when communicating with our team. One of our engineers will contact you soon.
> > > > > > > >
> > > > > > > > Best regards,
> > > > > > > > Michael Bowen
> > > > > > > > Sr. Escalation Engineer - Microsoft® Corporation
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Alexander Bokovoy <ab at samba.org>
> > > > > > > > Sent: Thursday, December 19, 2024 4:26 AM
> > > > > > > > To: Interoperability Documentation Help <dochelp at microsoft.com>
> > > > > > > > Cc: cifs-protocol at lists.samba.org
> > > > > > > > Subject: [EXTERNAL] Windows Server 2025 PKINIT regression
> > > > > > > >
> > > > > > > > [Some people who received this message don't often get email from
> > > > > > > > ab at samba.org. Learn why this is important at
> > > > > > > > https://aka.ms/LearnAboutSenderIdentification ]
> > > > > > > >
> > > > > > > > Hi Dochelp,
> > > > > > > >
> > > > > > > > I believe we are seeing a regression in how Windows Server 2025 handles Kerberos PKINIT, probably due to algorithm agility rewrite.
> > > > > > > >
> > > > > > > > Sometime ago we have updated MIT Kerberos implementation of PKINIT to use sha256WithRSAEncryption in supported CMS types and removed sha1WithRSAEncryption to be able compliant with FIPS 140-3.
> > > > > > > >
> > > > > > > > The commit
> > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417989178%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=0sY9jzipM1vdPT8FP6sozAIWAmfJesoPYMM4nI3CACw%3D&reserved=0<https://gith/>
> > > > > > > > %2F&data=05%7C02%7CKristian.Smith%40microsoft.com%7Ccc530a51018e45fbf1
> > > > > > > > b108dd237c4865%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6387057388
> > > > > > > > 76787487%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuM
> > > > > > > > DAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&s
> > > > > > > > data=vvBUg7U6QcAQSKEUYyCOQ1A78VoSp5eDylGA9lRz0zI%3D&reserved=0
> > > > > > > > ub.com%2Fkrb5%2Fkrb5%2Fcommit%2Fcbfe46ce20f3e9265baa9c648390148c739ab8
> > > > > > > > 30&data=05%7C02%7Cmike.bowen%40microsoft.com%7C6c48431e145e4de8500c08d
> > > > > > > > d23562d38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638705575372721
> > > > > > > > 071%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMC
> > > > > > > > IsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=
> > > > > > > > BKt0Ke6K6mn1ONoQTBrHhhybs8HASTsXpFQC4qPKjKo%3D&reserved=0
> > > > > > > > is part of MIT Kerberos 1.20 or later releases.
> > > > > > > >
> > > > > > > > This change worked well for Windows Server versions prior to Windows Server 2025 release. With Windows Server 2025, the request is rejected (packet 8 from ad2025.pcap in attached archive):
> > > > > > > >
> > > > > > > > Kerberos
> > > > > > > > Record Mark: 106 bytes
> > > > > > > > 0... .... .... .... .... .... .... .... = Reserved: Not set
> > > > > > > > .000 0000 0000 0000 0000 0000 0110 1010 = Record Length: 106
> > > > > > > > krb-error
> > > > > > > > pvno: 5
> > > > > > > > msg-type: krb-error (30)
> > > > > > > > stime: Dec 18, 2024 15:22:36.000000000 CET
> > > > > > > > susec: 926640
> > > > > > > > error-code: Unknown (79)
> > > > > > > > realm: WIN2025-UO83.TEST
> > > > > > > > sname
> > > > > > > > name-type: kRB5-NT-SRV-INST (2)
> > > > > > > > sname-string: 2 items
> > > > > > > > SNameString: krbtgt
> > > > > > > > SNameString: WIN2025-UO83.TEST
> > > > > > > >
> > > > > > > >
> > > > > > > > We built a custom version of MIT Kerberos which adds both sha256WithRSAEncryption and sha1WithRSAEncryption to the list of supported CMS types and still signed with sha256WithRSAEncryption, it failed again. The corresponding packet exchange can be seen in ad2025_sha1.pcap in the attached archive.
> > > > > > > >
> > > > > > > > Both variants work against Windows Server 2019, so to us this looks like a regression in Windows Server 2025 implementation.
> > > > > > > >
> > > > > > > > If this is not a regression and instead it is an intentional change, could you please make sure MS-PKCA and other corresponding documents get updated with a proper logic of the changes.
> > > > > > > >
> > > > > > > > --
> > > > > > > > / Alexander Bokovoy
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > cifs-protocol mailing list
> > > > > > > > cifs-protocol at lists.samba.org
> > > > > > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C81dab240e051473988be08dd3ad438b9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638731405417996787%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=V80bx8i5NxoaazGbtp0ewcMA3WcUVkoVX%2B1OGCM0pIk%3D&reserved=0<https://list/>
> > > > > > > > %2F&data=05%7C02%7CKristian.Smith%40microsoft.com%7Ccc530a51018e45fbf1
> > > > > > > > b108dd237c4865%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6387057388
> > > > > > > > 76806372%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuM
> > > > > > > > DAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&s
> > > > > > > > data=0Qe6AszCxK%2BkbB47AYraNMeMmtEj88GZtfXvR5jNs1I%3D&reserved=0
> > > > > > > > s.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Cmike.b
> > > > > > > > owen%40microsoft.com%7C6c48431e145e4de8500c08dd23562d38%7C72f988bf86f1
> > > > > > > > 41af91ab2d7cd011db47%7C1%7C0%7C638705575372737510%7CUnknown%7CTWFpbGZs
> > > > > > > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIj
> > > > > > > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=JoGoaTxJzMm7ljVciNww4Tdd
> > > > > > > > UpV9bcqS3whR%2F8JTLVA%3D&reserved=0
> > > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > / Alexander Bokovoy
> > >
> >
>
More information about the cifs-protocol
mailing list