[Samba] KB2992611

Christopher Roberts cjr at tridentgarages.co.uk
Fri Jan 16 10:21:51 MST 2015

 * Version: Samba 4.2.0rc3
 * Distribution: Ubuntu Server 14.04 LTS
 * Client: Windows 8.1 Professional

Having installed Samba4 servers at our two sites and ensured that replication is working correctly, I connected a brand new Windows 8.1 Professional PC to the new AD network as a test.

I immediately encountered two problems:

 1. Web credentials were not being remembered in either Internet Explorer nor Google Chrome

 2. Microsoft Outlook 2013 was unable to connect to IMAP TLS encypted mailserver "An Unknown Error has Occurred - 0x8004011c".

These problems were not present on a local account, only on a domain account.

When accessing Web Credential service an Error 0x80090345 was seen, which fortunately took me to the following Microsoft Technet thread:

 * http://goo.gl/dX7L6C "Credential Manager Problems - Error 0x80090345"

It is interesting to note that this thread is for a Linux Zentyal server running Samba 4.

This led me to remove KB2992611, which was pre-installed prior to the supply of the PC, and instantly both the problems outlined above went away.

I understand that this is related to the Winshock SChannel patch that hit the headlines a few months ago. My understanding is that it is well known that Microsoft messed up their patch with the result that TLS connections were problematic with the patch installed.

Clearly this is a patch that we ought to have and removing it from every client would seem to be not terribly sensible.

I do appreciate that Samba 4.2.0rc3 is not production ready, but has anyone else come across this issue and better still found a solution that leaves KB2992611 in place?


Chris Roberts

More information about the samba mailing list