<html><style>p{margin-top:0px; margin-bottom:0px;}</style><body class="setupTab"  style=" background-color:#CCCCCC; bEditID:b1st1; bLabel:body;"><center ><table cellpadding="0" width="500" cellspacing="0" id="topTable" height="450" ><tr valign="top" ><td  style=" background-color:#FFFFFF; bEditID:r1st1; bLabel:header; vertical-align:top; height:100; text-align:left;"><img border="0" bEditID="r1sp1" bLabel="headerImage" id="r1sp1" src="https://modcloth.my.salesforce.com/servlet/servlet.ImageServer?id=0157F000001F96x&oid=00D7F000005lFYJ" ></img></td></tr><tr valign="top" ><td  style=" background-color:#AAAAFF; bEditID:r2st1; bLabel:accent1; height:5;"></td></tr><tr valign="top" ><td styleInsert="1" height="300"  style=" background-color:#f2efea; bEditID:r3st1; color:#000000; bLabel:main; font-size:12pt; font-family:arial;"><table border="0" cellpadding="5" width="550" cellspacing="5" height="400" ><tr valign="top" height="400" ><td tEditID="c1r1" style=" background-color:#f2efea; bEditID:r3st1; color:#000000; bLabel:main; font-size:12pt; font-family:arial;" aEditID="c1r1" locked="0" ><font face="arial" style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><span style="font-size: 12pt;">Hey Stefan,</span></font><br><br><font face="arial" style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><span style="font-size: 12pt;">Thank you for writing to ModCloth Customer Care! We have received your message and hope to be getting back to you within 3 business days.</span></font><br><br><div style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;">If you have an urgent need, you can always contact us with any questions, concerns or feedback via live chat by clicking <a href="https://sforce.co/2vibwwH">here</a> or by phone (888-495-9699) between the hours of 9am-9pm EST Monday-Friday, we're always more than happy to help! 😊</div><div style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><br></div><div style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;">Thanks,</div><div style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><br></div><font face="arial" style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><span style="font-size: 12pt;">Modcloth</span></font><br><font face="arial" style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><span style="font-size: 12pt;">Email Body:-</span></font><br><font face="arial" style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><span style="font-size: 12pt;">Hello dochelp,<br><br>I'm seeing an increasing number of cases where trusted domain object,<br>when queried with LsarQueryInfoTrustedDomain operation, level<br>TrustedDomainSupportedEncryptionTypes, returns encryption types field<br>set to all zeros. The query is done with Active Directory domain's<br>administrator privileges, so access checks should grant this access.<br><br>However, we see something similar to below, when querying<br>TrustedDomainSupportedEncryptionTypes information class of<br>LsarQueryInfoTrustedDomain between two Active Directory domains based on<br>Microsoft Windows Server versions, the returned value is set to 0:<br><br>>rpcclient $> lsaquerytrustdominfobyname example.test 13<br>>    info                     : union lsa_TrustedDomainInfo(case 13)<br>>    enc_types: struct lsa_TrustDomainInfoSupportedEncTypes<br>>        enc_types                : 0x00000000 (0)<br>>               0: KERB_ENCTYPE_DES_CBC_CRC<br>>               0: KERB_ENCTYPE_DES_CBC_MD5<br>>               0: KERB_ENCTYPE_RC4_HMAC_MD5<br>>               0: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96<br>>               0: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96<br>>               0: KERB_ENCTYPE_FAST_SUPPORTED<br>>               0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED<br>>               0: KERB_ENCTYPE_CLAIMS_SUPPORTED<br>>               0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED<br><br>I cannot find any behavioral description for such configuration:<br> - what encryption types should be used by the clients to communicate<br> - in which situations zeroed encryption types list is expected<br> - how zeroed encryption types list is affecting cross-realm<br>   communication<br> - what versions of Windows Server introduced this change<br><br>When such TDO is seen between forest root and in-forest domain, we also<br>see KDC_ERR_POLICY response from the forest root DC when a user from<br>in-forest domain attempts to access a resource in a domain from a<br>separate forest. The forests in question trust each other in a direction<br>of access.<br><br>I have seen it happening with Windows Server 2019 but we have reports<br>for unspecified older versions (2008-2016).<br><br>For completeness, here is how the trusted domain object looks like:<br>>-----------------<br>>rpcclient $> lsaquerytrustdominfobyname example.test 12<br>>    info                     : union lsa_TrustedDomainInfo(case 12)<br>>    full_info2_internal: struct lsa_TrustDomainInfoFullInfo2Internal<br>>        info: struct lsa_TrustDomainInfoInfoEx2Internal<br>>            info_ex: struct lsa_TrustDomainInfoInfoEx<br>>                domain_name: struct lsa_StringLarge<br>>                    length                   : 0x0018 (24)<br>>                    size                     : 0x001A (26)<br>>                    string                   : *<br>>                        string                   : 'example.test'<br>>                netbios_name: struct lsa_StringLarge    <br>>                    length                   : 0x000C (12)<br>>                    size                     : 0x000E (14)<br>>                    string                   : *<br>>                        string                   : 'EXAMPLE-TEST'<br>>                sid                      : *<br>>                    sid                      : S-1-5-21-1234567890-1234567890-12345678<br>>                trust_direction          : 0x00000003 (3)<br>>                       1: LSA_TRUST_DIRECTION_INBOUND<br>>                       1: LSA_TRUST_DIRECTION_OUTBOUND<br>>                trust_type               : LSA_TRUST_TYPE_UPLEVEL (2)<br>>                trust_attributes         : 0x00000020 (32)<br>>                       0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE<br>>                       0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY<br>>                       0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN<br>>                       0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE<br>>                       0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION<br>>                       1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST<br>>                       0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL<br>>                       0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION<br>>            forest_trust_length      : 0x00000000 (0)<br>>            forest_trust_data        : NULL<br>>        posix_offset: struct lsa_TrustDomainInfoPosixOffset<br>>            posix_offset             : 0xc0000000 (3221225472)<br>>        auth_info: struct lsa_TrustDomainInfoAuthInfo<br>>            incoming_count           : 0x00000000 (0)<br>>            incoming_current_auth_info: NULL<br>>            incoming_previous_auth_info: NULL<br>>            outgoing_count           : 0x00000000 (0)<br>>            outgoing_current_auth_info: NULL<br>>            outgoing_previous_auth_info: NULL<br>><br><br><br>-- <br>/ Alexander Bokovoy<br><br>_______________________________________________<br>cifs-protocol mailing list<br>cifs-protocol@lists.samba.org<br>https://lists.samba.org/mailman/listinfo/cifs-protocol</span></font><div style="color: rgb(0, 0, 0); font-family: arial; font-size: 12pt;"><br></div><div style=""><font face="arial">ref:_00D7F5lFYJ._5007Frtc6J:ref</font></div></td></tr></table></td></tr><tr valign="top"  style=" display:none;"><td  style=" background-color:#ffffff; bEditID:r4st1; bLabel:accent2; height:0;"></td></tr><tr valign="top"  style=" display:none;"><td  style=" background-color:#FFFFFF; bEditID:r5st1; bLabel:footer; vertical-align:; height:0; text-align:;"></td></tr><tr valign="top"  style=" display:none;"><td  style=" background-color:#AAAAFF; bEditID:r6st1; bLabel:accent3; height:0;"></td></tr></table></center><img src="http://modcloth.my.salesforce.com/servlet/servlet.ImageServer?oid=00D7F000005lFYJ&esid=0187F00000EqYpj"></body></html><br><br>Have more questions? We have the answers! 
<br>
<br>We're here 9am-9pm EST Monday-Friday to help inspire your unique personal style and help you feel like the most remarkable version of you!
<br>
<br>Don't hesitate to connect with us through chat or email on our help page here, <A HREF="https://help.modcloth.com" TARGET="_blank">https://help.modcloth.com</A>/, or call us at 888-495-9699.