[jcifs] 0xC0000022 - "Access is Denied" when authenticating arbitrary credentials
Gavin Disney
gavin.disney at rogers.com
Fri Jul 8 08:27:23 MDT 2011
We have an application that uses jCIFS to authenticate arbitrary credentials
using the SmbSession.logon(UniAddress, NtlmPasswordAuthentication) mechanism. We
do not use WINS to lookup the DC.
The application has been working flawlessy for 7+ years, and has used versions
of jCIFS from 0.9 to 1.3.16. We recently implemented password expiry policies in
our Windows environment (our 2 domain controllers are Windows Server 2003), and
have been expiring users passwords in batches of 200 per night. Since this
change we have seen several cases where users logging into the application
receive 0xC0000022 - "Access is Denied", and authentication fails. This
condition generally lasts about 2 minutes and then self-corrects, and, as far as
we can tell, during this period all logon attempts are refused.
Any insight into what might be going on would be greatly appreciated.
Thanks,
Gavin Disney
jCIFS logging shows the following (typical) exchange:
treeConnect: unc=\\DC1\IPC$,service=?????
sessionSetup: accountName=XXX,primaryDomain=RMP
NtlmContext[auth=DOM\XXX,ntlmsspFlags=0x60088014,workstation=JCIFS244_149_59,isE
stablished=false,state=1,serverChallenge=null,signingKey=null]
Type1Message[suppliedDomain=DOM,suppliedWorkstation=JCIFS244_149_59,flags=0x6008
8215]
00000: 4E 54 4C 4D 53 53 50 00 01 00 00 00 15 B2 08 60 |NTLMSSP......².`|
00010: 03 00 03 00 20 00 00 00 0F 00 0F 00 23 00 00 00 |.... .......#...|
00020: 52 4D 50 4A 43 49 46 53 32 34 34 5F 31 34 39 5F |DOMJCIFS244_149_|
00030: 35 39 |59 |
update: 0 0:16
00000: 35 25 4C 13 2D E9 C0 CD 13 7F C4 4E BA 6F 68 13 |5%L.-éÀÍ..ÄNºoh.|
update: 1 4:148
00000: FF 53 4D 42 73 00 00 00 00 18 07 C8 00 00 0A 00 |ÿSMBs......È....|
00010: 00 00 00 00 00 00 00 00 00 00 87 33 00 00 49 01 |...........3..I.|
00020: 0C FF 00 DE DE 04 41 0A 00 01 00 00 00 00 00 32 |.ÿ.ÞÞ.A........2|
00030: 00 00 00 00 00 54 10 00 80 59 00 4E 54 4C 4D 53 |.....T...Y.NTLMS|
00040: 53 50 00 01 00 00 00 15 B2 08 60 03 00 03 00 20 |SP......².`.... |
00050: 00 00 00 0F 00 0F 00 23 00 00 00 52 4D 50 4A 43 |.......#...DOMJC|
00060: 49 46 53 32 34 34 5F 31 34 39 5F 35 39 00 57 00 |IFS244_149_59.W.|
00070: 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 |i.n.d.o.w.s. .2.|
00080: 30 00 30 00 33 00 00 00 6A 00 43 00 49 00 46 00 |0.0.3...j.C.I.F.|
00090: 53 00 00 00 |S... |
digest:
00000: 2E 01 6B A2 98 27 0C 16 57 D4 32 48 18 A1 CA 39 |..k¢.'..WÔ2H.¡Ê9|
SmbComSessionSetupAndX[command=SMB_COM_SESSION_SETUP_ANDX,received=false,errorCo
de=0,flags=0x0018,flags2=0xC807,signSeq=10,tid=0,pid=13191,uid=0,mid=329,wordCou
nt=12,byteCount=89,andxCommand=0xFF,andxOffset=0,snd_buf_size=16644,maxMpxCount=
10,VC_NUMBER=1,sessionKey=0,lmHash.length=0,ntHash.length=0,capabilities=-
2147479468,accountName=null,primaryDomain=null,NATIVE_OS=Windows
2003,NATIVE_LANMAN=jCIFS]
00000: FF 53 4D 42 73 00 00 00 00 18 07 C8 00 00 2E 01 |ÿSMBs......È....|
00010: 6B A2 98 27 0C 16 00 00 00 00 87 33 00 00 49 01 |k¢.'.......3..I.|
00020: 0C FF 00 DE DE 04 41 0A 00 01 00 00 00 00 00 32 |.ÿ.ÞÞ.A........2|
00030: 00 00 00 00 00 54 10 00 80 59 00 4E 54 4C 4D 53 |.....T...Y.NTLMS|
00040: 53 50 00 01 00 00 00 15 B2 08 60 03 00 03 00 20 |SP......².`.... |
00050: 00 00 00 0F 00 0F 00 23 00 00 00 52 4D 50 4A 43 |.......#...DOMJC|
00060: 49 46 53 32 34 34 5F 31 34 39 5F 35 39 00 57 00 |IFS244_149_59.W.|
00070: 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 32 00 |i.n.d.o.w.s. .2.|
00080: 30 00 30 00 33 00 00 00 6A 00 43 00 49 00 46 00 |0.0.3...j.C.I.F.|
00090: 53 00 00 00 |S... |
New data read: Transport1[DC1/142.224.244.137:0]
00000: FF 53 4D 42 73 22 00 00 C0 98 07 C8 00 00 05 78 |ÿSMBs"..À..È...x|
00010: 11 E5 58 C3 98 C9 00 00 00 00 87 33 00 00 49 01 |.åXÃ.É.....3..I.|
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,received=false
,errorCode=Access is
denied.,flags=0x0098,flags2=0xC807,signSeq=11,tid=0,pid=13191,uid=0,mid=329,word
Count=0,byteCount=0,andxCommand=0xFF,andxOffset=0,isLoggedInAsGuest=false,native
Os=,nativeLanMan=,primaryDomain=]
00000: FF 53 4D 42 73 22 00 00 C0 98 07 C8 00 00 05 78 |ÿSMBs"..À..È...x|
00010: 11 E5 58 C3 98 C9 00 00 00 00 87 33 00 00 49 01 |.åXÃ.É.....3..I.|
00020: 00 00 00 |... |
More information about the jCIFS
mailing list