Windows 2019 Server getting Invalid signature with Samba 4.7.11
Krishna Harathi
krishna.harathi at storagecraft.com
Tue Jul 14 18:26:36 UTC 2020
I am continuing to investigate why a client is getting an “invalid signature” error.
Sequence of events
* Smbd generated a STATUS_NETWORK_SESSION_EXPIRED for a read request
* Client requested for a session (re)setup of the current/existing section (shown below)
* Smbd responded with STATUS_SUCCESS but response not signed (signature with zeros) (shown below)
* Windows SMBClient noted the “invalid signature” event (disruptive to client application)
* Next, there was a new session setup request
* Followed by smbd response with STATUS_SUCCESS with signature
From the Windows client event log, I see that there is a SMBClient/security event ID 31013 “the signing validation failed” corresponding to the time when smbd sent the session re-setup request. This caused the disconnect and disruption to application.
From the tcpdump, I see that this disconnect is followed by a new session setup request and a smbd setup response that had the response signed as expected. As far as I can tell the re-setup and the new-setup request has the same session and security parameters and flags (except for the non-zero sessionID in the re-setup request).
My question at this time is (I am not an expert in this area), is the signature expected in the re-setup of existing section? Is there a issue/fix in smbd in this area?
Any help in this issue is appreciated. I am working on re-creating this issue in-house, so will have more details. Please let me know what else to provide that will help.
Re-setup request
Transmission Control Protocol, Src Port: 27677, Dst Port: 445, Seq: 165006660, Ack: 277437573, Len: 1893
NetBIOS Session Service
Message Type: Session message (0x00)
Length: 1889
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 1
Channel Sequence: 0
Reserved: 0000
Command: Session Setup (1)
Credits requested: 0
Flags: 0x00000010, Priority
Chain Offset: 0x00000000
Message ID: Unknown (7934934)
Process Id: 0x0000feff
Tree Id: 0x00000000
Session Id: 0x00000000da3fcdd8
[Authenticated in Frame: 309144]
Signature: 00000000000000000000000000000000
[Response in: 309144]
Session Setup Request (0x01)
[Preauth Hash: 9a815bcc876ca46f7727e17e42381a43e8229fde444c55a1…]
StructureSize: 0x0019
0000 0000 0001 100. = Fixed Part Length: 12
.... .... .... ...1 = Dynamic Part: True
Flags: 0
.... ...0 = Session Binding Request: False
Security mode: 0x01, Signing enabled
.... ...1 = Signing enabled: True
.... ..0. = Signing required: False
Capabilities: 0x00000001, DFS
Channel: None (0x00000000)
Previous Session Id: 0x0000000000000000
[Packet size limited during capture: SMB2 truncated]
Re-setup response –
Transmission Control Protocol, Src Port: 445, Dst Port: 27677, Seq: 277437573, Ack: 165008553, Len: 239
NetBIOS Session Service
Message Type: Session message (0x00)
Length: 235
SMB2 (Server Message Block Protocol version 2)
SMB2 Header
ProtocolId: 0xfe534d42
Header Length: 64
Credit Charge: 1
NT Status: STATUS_SUCCESS (0x00000000)
Command: Session Setup (1)
Credits granted: 1
Flags: 0x00000011, Response, Priority
Chain Offset: 0x00000000
Message ID: Unknown (7934934)
Process Id: 0x0000feff
Tree Id: 0x00000000
Session Id: 0x00000000da3fcdd8
[Authenticated in Frame: 309144]
Signature: 00000000000000000000000000000000
[Response to: 309142]
[Time from request: 0.003150000 seconds]
Session Setup Response (0x01)
[Preauth Hash: 9a815bcc876ca46f7727e17e42381a43e8229fde444c55a1…]
StructureSize: 0x0009
0000 0000 0000 100. = Fixed Part Length: 4
.... .... .... ...1 = Dynamic Part: True
Session Flags: 0x0000
.... .... .... ...0 = Guest: False
.... .... .... ..0. = Null: False
.... .... .... .0.. = Encrypt: False
Blob Offset: 0x00000048
Blob Length: 163
Security Blob: a181a030819da0030a0100a10b06092a864882f712010202…
GSS-API Generic Security Service Application Program Interface
Unknown header (class=2, pc=1, tag=1)
[Expert Info (Warning/Protocol): Unknown header (class=2, pc=1, tag=1)]
[Unknown header (class=2, pc=1, tag=1)]
[Severity level: Warning]
[Group: Protocol]
Regards.
Krishna Harathi
From: Krishna Harathi <krishna.harathi at storagecraft.com>
Date: Thursday, May 28, 2020 at 4:25 PM
To: Andrew Bartlett via samba-technical <samba-technical at lists.samba.org>
Subject: Windows 2019 Server getting Invalid signature with Samba 4.7.11
We are using Samba 4.7.11.
Windows 2019 Server SQL Backup workload is failing (randomly) after running 5 to 6 hours with “invalid signature”, an instance of failure shown below.
Write on "XXXX.bak” failed: 0x80090006(Invalid Signature.) Msg 3013, Level 16, State 1, Server YYYY, Line 1 BACKUP DATABASE is terminating abnormally. Outcome: Failed Duration: 08:06:20 Date and time: 2020-05-25 01:06:21 Date and time: 2020-05-25 01:06:21. Process Exit Code 1. The step failed.
I searched Samba buzilla and found https://bugzilla.samba.org/show_bug.cgi?id=13427 but the fix is already in 4.7.11.
Is this a known issue or fix? Any help to resolve this is appreciated.
Thanks.
Regards.
Krishna Harathi
More information about the samba-technical
mailing list