Windows 2019 Server getting Invalid signature with Samba 4.7.11
Rowland penny
rpenny at samba.org
Tue Jul 14 18:33:20 UTC 2020
On 14/07/2020 19:26, Krishna Harathi via samba-technical wrote:
> I am continuing to investigate why a client is getting an “invalid signature” error.
>
> Sequence of events
>
> * Smbd generated a STATUS_NETWORK_SESSION_EXPIRED for a read request
> * Client requested for a session (re)setup of the current/existing section (shown below)
> * Smbd responded with STATUS_SUCCESS but response not signed (signature with zeros) (shown below)
> * Windows SMBClient noted the “invalid signature” event (disruptive to client application)
> * Next, there was a new session setup request
> * Followed by smbd response with STATUS_SUCCESS with signature
>
> From the Windows client event log, I see that there is a SMBClient/security event ID 31013 “the signing validation failed” corresponding to the time when smbd sent the session re-setup request. This caused the disconnect and disruption to application.
>
> From the tcpdump, I see that this disconnect is followed by a new session setup request and a smbd setup response that had the response signed as expected. As far as I can tell the re-setup and the new-setup request has the same session and security parameters and flags (except for the non-zero sessionID in the re-setup request).
>
> My question at this time is (I am not an expert in this area), is the signature expected in the re-setup of existing section? Is there a issue/fix in smbd in this area?
>
> Any help in this issue is appreciated. I am working on re-creating this issue in-house, so will have more details. Please let me know what else to provide that will help.
>
> Re-setup request
>
> Transmission Control Protocol, Src Port: 27677, Dst Port: 445, Seq: 165006660, Ack: 277437573, Len: 1893
> NetBIOS Session Service
> Message Type: Session message (0x00)
> Length: 1889
> SMB2 (Server Message Block Protocol version 2)
> SMB2 Header
> ProtocolId: 0xfe534d42
> Header Length: 64
> Credit Charge: 1
> Channel Sequence: 0
> Reserved: 0000
> Command: Session Setup (1)
> Credits requested: 0
> Flags: 0x00000010, Priority
> Chain Offset: 0x00000000
> Message ID: Unknown (7934934)
> Process Id: 0x0000feff
> Tree Id: 0x00000000
> Session Id: 0x00000000da3fcdd8
> [Authenticated in Frame: 309144]
> Signature: 00000000000000000000000000000000
> [Response in: 309144]
> Session Setup Request (0x01)
> [Preauth Hash: 9a815bcc876ca46f7727e17e42381a43e8229fde444c55a1…]
> StructureSize: 0x0019
> 0000 0000 0001 100. = Fixed Part Length: 12
> .... .... .... ...1 = Dynamic Part: True
> Flags: 0
> .... ...0 = Session Binding Request: False
> Security mode: 0x01, Signing enabled
> .... ...1 = Signing enabled: True
> .... ..0. = Signing required: False
> Capabilities: 0x00000001, DFS
> Channel: None (0x00000000)
> Previous Session Id: 0x0000000000000000
> [Packet size limited during capture: SMB2 truncated]
>
>
> Re-setup response –
>
> Transmission Control Protocol, Src Port: 445, Dst Port: 27677, Seq: 277437573, Ack: 165008553, Len: 239
> NetBIOS Session Service
> Message Type: Session message (0x00)
> Length: 235
> SMB2 (Server Message Block Protocol version 2)
> SMB2 Header
> ProtocolId: 0xfe534d42
> Header Length: 64
> Credit Charge: 1
> NT Status: STATUS_SUCCESS (0x00000000)
> Command: Session Setup (1)
> Credits granted: 1
> Flags: 0x00000011, Response, Priority
> Chain Offset: 0x00000000
> Message ID: Unknown (7934934)
> Process Id: 0x0000feff
> Tree Id: 0x00000000
> Session Id: 0x00000000da3fcdd8
> [Authenticated in Frame: 309144]
> Signature: 00000000000000000000000000000000
> [Response to: 309142]
> [Time from request: 0.003150000 seconds]
> Session Setup Response (0x01)
> [Preauth Hash: 9a815bcc876ca46f7727e17e42381a43e8229fde444c55a1…]
> StructureSize: 0x0009
> 0000 0000 0000 100. = Fixed Part Length: 4
> .... .... .... ...1 = Dynamic Part: True
> Session Flags: 0x0000
> .... .... .... ...0 = Guest: False
> .... .... .... ..0. = Null: False
> .... .... .... .0.. = Encrypt: False
> Blob Offset: 0x00000048
> Blob Length: 163
> Security Blob: a181a030819da0030a0100a10b06092a864882f712010202…
> GSS-API Generic Security Service Application Program Interface
> Unknown header (class=2, pc=1, tag=1)
> [Expert Info (Warning/Protocol): Unknown header (class=2, pc=1, tag=1)]
> [Unknown header (class=2, pc=1, tag=1)]
> [Severity level: Warning]
> [Group: Protocol]
>
> Regards.
> Krishna Harathi
>
>
> From: Krishna Harathi <krishna.harathi at storagecraft.com>
> Date: Thursday, May 28, 2020 at 4:25 PM
> To: Andrew Bartlett via samba-technical <samba-technical at lists.samba.org>
> Subject: Windows 2019 Server getting Invalid signature with Samba 4.7.11
>
> We are using Samba 4.7.11.
>
> Windows 2019 Server SQL Backup workload is failing (randomly) after running 5 to 6 hours with “invalid signature”, an instance of failure shown below.
>
> Write on "XXXX.bak” failed: 0x80090006(Invalid Signature.) Msg 3013, Level 16, State 1, Server YYYY, Line 1 BACKUP DATABASE is terminating abnormally. Outcome: Failed Duration: 08:06:20 Date and time: 2020-05-25 01:06:21 Date and time: 2020-05-25 01:06:21. Process Exit Code 1. The step failed.
>
> I searched Samba buzilla and found https://bugzilla.samba.org/show_bug.cgi?id=13427 but the fix is already in 4.7.11.
>
> Is this a known issue or fix? Any help to resolve this is appreciated.
>
> Thanks.
>
> Regards.
> Krishna Harathi
>
Could you try upgrading Samba, 4.7.11 is EOL as far as Samba is
concerned and, as Stefan said, it has probably been fixed in a later
version.
Rowland
More information about the samba-technical
mailing list