Fwd: 0xC0000388

Matt Geddes musicalcarrion at gmail.com
Fri Apr 25 16:54:42 GMT 2008

Sigh, hit 'Reply' instead of 'Reply All'....

---------- Forwarded message ----------
From: Matt Geddes <musicalcarrion at gmail.com>
Date: Fri, Apr 25, 2008 at 9:29 AM
Subject: Re: 0xC0000388
To: Jeremy Allison <jra at samba.org>


 My original reply disappeared. Kinda ironically, it was sent from a
 gmail account, but I suspect it's more to do with it coming from
 pocket outlook than anything.

 On Fri, Apr 25, 2008 at 7:31 AM, Jeremy Allison <jra at samba.org> wrote:
 > On Fri, Apr 25, 2008 at 09:02:15PM +0900, feroz ahmed wrote:

>  > The problem is when i try to access my linux file share from work group
 >  > members im getting error 0xC0000388.
 >  > Have attached the network trace.. Can some one help me in fixing this
 >  > issue???

 0xC0000388 is NT_STATUS_DOWNGRADE_DETECTED. Windows Server 2008 spits
 that back at you when you attempt (or it thinks you're trying to
 attempt) to avoid using 128-bit crypto. I've only seen it on domain
 members when performing netrServerAuthenticate2 (or ....3) and the
 neg_flags field doesn't have bit 0x4000 set (NETLOGON_NEG_128BIT).

 netrServerAuthenticate2 is used with an RPC join, but I remember that
 older versions of Samba did an RPC testjoin (inside net_ads.c
 somewhere, from memory) even when using ADS to do the join.

 There's also a registry entry that can be applied on the DCs to cause
 it to not require that flag to be set. It's mentioned here:


 >  Not really. 3.0.14a has been discontinued for a while. Are you
 >  working for a Samba OEM or vendor ? If so we might be inclined
 >  to be more helpful as you'll be fixing bugs for many more people.

 In this case, the version of Samba doesn't matter, does it?


More information about the samba-technical mailing list