Winbindd DCERPC requests to DC are intermittently failing with NT_STATUS_RPC_SEC_PKG_ERROR.

Hemanth Thummala hemanth.thummala at
Wed Jan 16 22:41:41 UTC 2019

Hello All,

We are running Samba 4.3.11 stack. We are witnessing that DCERPC(NetrLogon*) requests( as part of establishing the secure channel from winbindd) frequently failing with RPC_SEC_PKG_ERRORs. Sometimes, next retry would be successful or the error would be persistent till we restart winbind.

[2019/01/16 12:12:14.669030,  1, pid=57612, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:568(cli_pipe_validate_current_pdu)
  ../source3/rpc_client/cli_pipe.c:568: RPC fault code DCERPC_FAULT_SEC_PKG_ERROR received from host DCDC-1.DRMAFS.LAB!
[2019/01/16 12:12:14.669044, 10, pid=57612, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:975(rpc_api_pipe_got_pdu)
  rpc_api_pipe: got frag len of 32 at offset 0: NT_STATUS_RPC_SEC_PKG_ERROR

And the very next request succeeded.

[2019/01/16 12:12:19.280066, 10, pid=57612, effective(0, 0), real(0, 0), class=rpc_cli] ../source3/rpc_client/cli_pipe.c:3341(cli_rpc_pipe_open_schannel_with_creds)

  cli_rpc_pipe_open_schannel_with_creds: opened pipe netlogon to machine DCDC-1.DRMAFS.LAB for domain DRMAFS and bound using schannel.

[2019/01/16 12:12:19.280076,  3, pid=57612, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual_srv.c:677(_wbint_CheckMachineAccount)

  domain DRMAFS secret is good

Capture  on DC shows that request failing with with FAULT PKG error.

1133       17.712152            x.x.x.x   y.y.y.y   RPC_NETLOGON              454         NetrLogonDummyRoutine1 request
1134       17.712402            y.y.y.y   x.x.x.x   DCERPC 214         Fault: call_id: 17866, Fragment: Single, Ctx: 0, status: nca_s_fault_sec_pkg_error

This is causing all the LookupName DCERPCs to fail which inturn affecting the user authentication. Any inputs to debug this issue?


More information about the samba-technical mailing list