Winbindd DCERPC requests to DC are intermittently failing with NT_STATUS_RPC_SEC_PKG_ERROR.

Hemanth Thummala hemanth.thummala at nutanix.com
Thu Jan 17 00:43:45 UTC 2019


Thanks Jeremy, for the quick response.

´╗┐On 1/16/19, 3:32 PM, "Jeremy Allison" <jra at samba.org> wrote:

   > Can you get wireshark traces ? 
Please see the attached.

> Do you have multiple clients with the same name / sharing machine credentials ?
 Yes. It's actually a cluster.  And we store the machine creds in centralized location which each node fetches when it tries communicate with DC.

>    Windows servers will keep only one credential chain
    for Netlogon requests, so if you call into it with
    multiple connections using the same name they'll
    trample on each other.
We have been using the centralized machine creds for some time. But, we see this issue very randomly. Once its seen on a specific cluster, it persists. If windows has issues with handling multiple connections with same name, we should have seen this all the time. 

Thanks,
Hemanth.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: NETLOGON_errors.pcapng
Type: application/octet-stream
Size: 2785992 bytes
Desc: NETLOGON_errors.pcapng
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190117/8fa9273e/NETLOGON_errors-0001.obj>


More information about the samba-technical mailing list