[jcifs] 0xC0000022 - "Access is Denied" when authenticating arbitrary credentials

Gavin Disney gavin.disney at rogers.com
Fri Jul 8 08:27:23 MDT 2011 

We have an application that uses jCIFS to authenticate arbitrary credentials 
using the SmbSession.logon(UniAddress, NtlmPasswordAuthentication) mechanism. We 
do not use WINS to lookup the DC. 

The application has been working flawlessy for 7+ years, and has used versions 
of jCIFS from 0.9 to 1.3.16. We recently implemented password expiry policies in 
our Windows environment (our 2 domain controllers are Windows Server 2003), and 
have been expiring users passwords in batches of 200 per night. Since this 
change we have seen several cases where users logging into the application 
receive 0xC0000022 - "Access is Denied", and authentication fails. This 
condition generally lasts about 2 minutes and then self-corrects, and, as far as 
we can tell, during this period all logon attempts are refused. 

Any insight into what might be going on would be greatly appreciated.

Thanks,
Gavin Disney

jCIFS logging shows the following (typical) exchange:

treeConnect: unc=\\DC1\IPC$,service=?????
sessionSetup: accountName=XXX,primaryDomain=RMP
NtlmContext[auth=DOM\XXX,ntlmsspFlags=0x60088014,workstation=JCIFS244_149_59,isE
stablished=false,state=1,serverChallenge=null,signingKey=null]
Type1Message[suppliedDomain=DOM,suppliedWorkstation=JCIFS244_149_59,flags=0x6008
8215]
00000: 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 B2 08 60  |NTLMSSP......².`|
00010: 03 00 03 00 20 00 00 00 0F 00 0F 00 23 00 00 00  |.... .......#...|
00020: 52 4D 50 4A 43 49 46 53 32 34 34 5F 31 34 39 5F  |DOMJCIFS244_149_|
00030: 35 39                                            |59              |

update: 0 0:16
00000: 35 25 4C 13 2D E9 C0 CD 13 7F C4 4E BA 6F 68 13  |5%L.-éÀÍ..ÄNºoh.|

update: 1 4:148
00000: FF 53 4D 42 73 00 00 00 00 18 07 C8 00 00 0A 00  |ÿSMBs......È....|
00010: 00 00 00 00 00 00 00 00 00 00 87 33 00 00 49 01  |...........3..I.|
00020: 0C FF 00 DE DE 04 41 0A 00 01 00 00 00 00 00 32  |.ÿ.ÞÞ.A........2|
00030: 00 00 00 00 00 54 10 00 80 59 00 4E 54 4C 4D 53  |.....T...Y.NTLMS|
00040: 53 50 00 01 00 00 00 15 B2 08 60 03 00 03 00 20  |SP......².`.... |
00050: 00 00 00 0F 00 0F 00 23 00 00 00 52 4D 50 4A 43  |.......#...DOMJC|
00060: 49 46 53 32 34 34 5F 31 34 39 5F 35 39 00 57 00  |IFS244_149_59.W.|
00070: 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00  |i.n.d.o.w.s. .2.|
00080: 30 00 30 00 33 00 00 00 6A 00 43 00 49 00 46 00  |0.0.3...j.C.I.F.|
00090: 53 00 00 00                                      |S...            |

digest: 
00000: 2E 01 6B A2 98 27 0C 16 57 D4 32 48 18 A1 CA 39  |..k¢.'..WÔ2H.¡Ê9|

SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCo
de=0,flags=0x0018,flags2=0xC807,signSeq=10,tid=0,pid=13191,uid=0,mid=329,wordCou
nt=12,byteCount=89,andxCommand=0xFF,andxOffset=0,snd_buf_size=16644,maxMpxCount=
10,VC_NUMBER=1,sessionKey=0,lmHash.length=0,ntHash.length=0,capabilities=-
2147479468,accountName=null,primaryDomain=null,NATIVE_OS=Windows 
2003,NATIVE_LANMAN=jCIFS]
00000: FF 53 4D 42 73 00 00 00 00 18 07 C8 00 00 2E 01  |ÿSMBs......È....|
00010: 6B A2 98 27 0C 16 00 00 00 00 87 33 00 00 49 01  |k¢.'.......3..I.|
00020: 0C FF 00 DE DE 04 41 0A 00 01 00 00 00 00 00 32  |.ÿ.ÞÞ.A........2|
00030: 00 00 00 00 00 54 10 00 80 59 00 4E 54 4C 4D 53  |.....T...Y.NTLMS|
00040: 53 50 00 01 00 00 00 15 B2 08 60 03 00 03 00 20  |SP......².`.... |
00050: 00 00 00 0F 00 0F 00 23 00 00 00 52 4D 50 4A 43  |.......#...DOMJC|
00060: 49 46 53 32 34 34 5F 31 34 39 5F 35 39 00 57 00  |IFS244_149_59.W.|
00070: 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00  |i.n.d.o.w.s. .2.|
00080: 30 00 30 00 33 00 00 00 6A 00 43 00 49 00 46 00  |0.0.3...j.C.I.F.|
00090: 53 00 00 00                                      |S...            |

New data read: Transport1[DC1/142.224.244.137:0]
00000: FF 53 4D 42 73 22 00 00 C0 98 07 C8 00 00 05 78  |ÿSMBs"..À..È...x|
00010: 11 E5 58 C3 98 C9 00 00 00 00 87 33 00 00 49 01  |.åXÃ.É.....3..I.|

SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=false
,errorCode=Access is 
denied.,flags=0x0098,flags2=0xC807,signSeq=11,tid=0,pid=13191,uid=0,mid=329,word
Count=0,byteCount=0,andxCommand=0xFF,andxOffset=0,isLoggedInAsGuest=false,native
Os=,nativeLanMan=,primaryDomain=]
00000: FF 53 4D 42 73 22 00 00 C0 98 07 C8 00 00 05 78  |ÿSMBs"..À..È...x|
00010: 11 E5 58 C3 98 C9 00 00 00 00 87 33 00 00 49 01  |.åXÃ.É.....3..I.|
00020: 00 00 00                                         |...             |

More information about the jCIFS mailing list