[Samba] xfreerdp and SPNEGO failed

L.P.H. van Belle belle at bazuin.nl
Tue Feb 27 19:50:06 UTC 2018


hi,

as far as i know, it has todo with some right conflict in windows or corruption in the profiles, if its a roaming profile, back it up, and rebuild a new one if its only with one user. If its user independed then its in the ‘system’ setting. 
the nla part. thats where i would think off also, . a wild guess, a right problem with a windows system user/group in sid/rid translations with samba. i expect due some upgrade in windows and those error messages are hard to trace.
Questining, besides vm/hardware, are all systems the same (cloned), if not compair all installed updates and software packages.
but i i would clone a good pc, sysprep it and rejoin domain.
just because it saves time seaching for a solution.
you will see may options with google.. 
i had it 2 times now.
once with rdp, same as you, but in a win->win rdp setup, both pcs samba domain joint.
once printing pdf files.
Few hours searching for solutions, none worked. 
its a funky windows problem.
before reimageing and if you use polices like. wait for network and nla related then recheck if they are applied or turn then off and on again, test with a new policy, set all nla and other network related setting you needed. 
this happend if you have set a policy with ‘apply once’,
if not.. a clean setup is best.


Greetz
Louis



> Op 27 feb. 2018 om 14:12 heeft lejeczek via samba <samba at lists.samba.org> het volgende geschreven:
> 
> 
> 
>> On 23/02/18 11:12, Jonathan Hunter via samba wrote:
>> Hi
>> 
>> On 22 February 2018 at 15:00, lejeczek via samba <samba at lists.samba.org>
>> wrote:
>> 
>>> I try xfreerdp to connect to a Win10 which is a member of NT-style domain
>>> and it fails this way:
>>> 
>>> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.nla] - SPNEGO failed
>>> with NTSTATUS: 0xC0000017
>>> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core] -
>>> freerdp_set_last_error ERRCONNECT_AUTHENTICATION_FAILED [0x00020009]
>>> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.rdp] -
>>> rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail
>>> [14:55:33:905] [8048:8055] [ERROR][com.freerdp.core.transport] -
>>> transport_check_fds: transport->ReceiveCallback() - -1
>> Does it successfully connect to any other Win10 machines in the same
>> domain? i.e. is it just this one machine, or something more generic?
> 
> It indeed seem to be problem of this one win-box, I have 
> three more, one metal + two virtual and those work ok.
> This one after a cumulative update went haywire, I email of 
> that with another tread: "win 10 login - Not enough storage 
> is available to process this command".
> Now after some more(latest) update that problem has gone but...
> Maybe I should make this box a clean slate... (?)
> 
> many thanks.
> 
>> I wonder if it might be due to the NLA authentication mechanism (or I might
>> be clutching at straws here, just from the NLA strings above).
>> 
>> A thread here has some more discussion.. it's not the same problem you are
>> having, but contains some pointers to other resources on the subject, if
>> that is indeed where the problem lies:
>> https://social.technet.microsoft.com/Forums/azure/en-US/9f7881d5-1960-41c7-9528-c1a671ee88b7/rdp-issues-remote-computers-requires-network-level-authentication?forum=winserverTS
>> 
>> Or perhaps
>> https://www.parallels.com/blogs/ras/disabling-network-level-authentication-for-remote-desktop-services-connections-2/
>> 
>> Hope that helps, or at least gives some pointers..
>> 
>> J
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 




More information about the samba mailing list