[Samba] Error for I_NetLogonGetCapabilities with 0xc003000c (RPC_NT_BAD_STUB_DATA)
Kristian
kris at kra.lc
Thu Aug 3 11:34:05 UTC 2023
Dear Samba-Team, one of my domain computers / clients is having troubles
with its machine trust / password. Leaving / renaming / rejoining the
domain didn't help, so I had to dig deeper. Any command to renew the
machine password fails (Nltest /sc_change_pwd or Test-ComputerSecureChannel
-Repair). Enabling debug logging (Nltest /DBFlag:2080FFFF) and changing the
machine password (Nltest /sc_change_pwd) shows in the logs:
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSessionSetup: Negotiated flags
with server are 0x612fffff
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSetStatusClientSession: Set
connection status to 0
07/31 12:57:43 [CRITICAL] [848] NlPrintRpcDebug: Dumping extended error for
I_NetLogonGetCapabilities with 0xc003000c
07/31 12:57:43 [CRITICAL] [848] [0] ProcessID is 792
07/31 12:57:43 [CRITICAL] [848] [0] System Time is: 7/31/2023 10:57:43:285
07/31 12:57:43 [CRITICAL] [848] [0] Generating component is 2
07/31 12:57:43 [CRITICAL] [848] [0] Status is 1783
07/31 12:57:43 [CRITICAL] [848] [0] Detection location is 1750
07/31 12:57:43 [CRITICAL] [848] [0] Flags is 0
07/31 12:57:43 [CRITICAL] [848] [0] NumberOfParameters is 1
07/31 12:57:43 [CRITICAL] [848] Long val: 1783
07/31 12:57:43 [CRITICAL] [848] VEHITEC: NlConfirmRequestedCapabilities:
denying access after status: 0xc003000c
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSessionSetup: denying access
because of unmatching capabilities
0xc003000c is RPC_NT_BAD_STUB_DATA. Renewing the machine password for other
machines in the same network works. Samba server is on version 4.15.9-0632.
Any idea how I can find out why this PC cannot renew its machine password /
which capabilities are unmatched? Full logs are attached. I am loosing
hope, so any tip is highly appreciated. Thanks so much!
-------------- next part --------------
07/31 12:57:40 [MISC] [848] DbFlag is set to 2080ffff
07/31 12:57:43 [SESSION] [848] NETLOGON_CONTROL_CHANGE_PASSWORD function received.
07/31 12:57:43 [SESSION] [848] VEHITEC: NlChangePassword: Doing it.
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSessionSetup: Try Session setup
07/31 12:57:43 [SESSION] [848] VEHITEC: NlDiscoverDc: Start Synchronous Discovery
07/31 12:57:43 [MISC] [848] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c1fffff1
07/31 12:57:43 [MAILSLOT] [848] NetpDcPingListIp: vehitec.local.: Sent UDP ping to 192.168.178.10
07/31 12:57:43 [MISC] [848] NetpDcAllocateCacheEntry: new entry 0x000001A672610B20 -> DC:VEHITEC-DS DnsDomName:vehitec.local Flags:0x13fd
07/31 12:57:43 [MISC] [848] NetpDcGetName: NetpDcGetNameIp for vehitec.local. returned 0
07/31 12:57:43 [MISC] [848] NetpDcDerefCacheEntry: destroying entry 0x000001A672FECFB0
07/31 12:57:43 [MISC] [848] LoadBalanceDebug (Flags: FORCE DSP AVOIDSELF ): DC=VEHITEC-DS, SrvCount=1, FailedAQueryCount=0, DcsPinged=1, LoopIndex=0
07/31 12:57:43 [PERF] [848] NlSetServerClientSession: Not changing connection (000001A6726EC8A8): "\\vehitec-ds.vehitec.local"
ClientSession: 000001A6726B92B0VEHITEC: NlDiscoverDc: Found DC \\vehitec-ds.vehitec.local
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSessionSetup: Negotiated flags with server are 0x612fffff
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSetStatusClientSession: Set connection status to 0
07/31 12:57:43 [CRITICAL] [848] NlPrintRpcDebug: Dumping extended error for I_NetLogonGetCapabilities with 0xc003000c
07/31 12:57:43 [CRITICAL] [848] [0] ProcessID is 792
07/31 12:57:43 [CRITICAL] [848] [0] System Time is: 7/31/2023 10:57:43:285
07/31 12:57:43 [CRITICAL] [848] [0] Generating component is 2
07/31 12:57:43 [CRITICAL] [848] [0] Status is 1783
07/31 12:57:43 [CRITICAL] [848] [0] Detection location is 1750
07/31 12:57:43 [CRITICAL] [848] [0] Flags is 0
07/31 12:57:43 [CRITICAL] [848] [0] NumberOfParameters is 1
07/31 12:57:43 [CRITICAL] [848] Long val: 1783
07/31 12:57:43 [CRITICAL] [848] VEHITEC: NlConfirmRequestedCapabilities: denying access after status: 0xc003000c
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSessionSetup: denying access because of unmatching capabilities
07/31 12:57:43 [MISC] [848] Eventlog: 3210 (1) "VEHITEC" "\\vehitec-ds.vehitec.local" 2f8270f1 5bc8d5e7 34c3e164 6665df64 .p./...[d..4d.ef
07/31 12:57:43 [MISC] [848] Didn't log event since it was already logged.
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSetStatusClientSession: Set connection status to c0000022
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSetStatusClientSession: Unbind from server \\vehitec-ds.vehitec.local (TCP) 0.
07/31 12:57:43 [SESSION] [848] VEHITEC: NlSessionSetup: Session setup Failed
07/31 12:57:43 [CRITICAL] [848] VEHITEC: NetrLogonControl: Password Change failed c0000022
-------------- next part --------------
07/31 12:58:29 [MISC] [980] DbFlag is set to ffffffff
07/31 12:58:31 [INIT] [2268] VulnerableChannelAllowList is empty
07/31 12:58:31 [INIT] [2268] Group Policy is not defined for Netlogon
07/31 12:58:31 [INIT] [2268] Following are the effective values after parsing
07/31 12:58:31 [MAILSLOT] [2268] Going to wait on mailslot. (Timeout: 1068978)
07/31 12:58:35 [SESSION] [980] NETLOGON_CONTROL_CHANGE_PASSWORD function received.
07/31 12:58:35 [SESSION] [980] VEHITEC: NlChangePassword: Doing it.
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSessionSetup: Try Session setup
07/31 12:58:35 [SESSION] [980] NlSessionSetup: ClientSession->CsState = 0x0
07/31 12:58:35 [SESSION] [980] VEHITEC: NlDiscoverDc: Start Synchronous Discovery
07/31 12:58:35 [MISC] [980] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c1fffff1
07/31 12:58:35 [DNS] [980] NetpDcFindDomainEntry: VEHITEC vehitec.local: Found domain cache entry with quality 6/14
07/31 12:58:35 [DNS] [980] Cache: VEHITEC vehitec.local: Found existing domain cache entry
07/31 12:58:35 [MAILSLOT] [980] NetpDcPingListIp: vehitec.local.: Sent UDP ping to 192.168.178.10
07/31 12:58:35 [MAILSLOT] [980] NetpDcHandlePingResponse: vehitec.local.: Received 'Sam Logon Response Ex' response.
07/31 12:58:35 [980] 6e9ee2c2 020f36fc 1750d804 b68957c1 ...n.6....P..W..
07/31 12:58:35 [MISC] [980] NetpDcAllocateCacheEntry: new entry 0x000001A672FEED00 -> DC:VEHITEC-DS DnsDomName:vehitec.local Flags:0x13fd
07/31 12:58:35 [MISC] [980] NetpDcGetName: NetpDcGetNameIp for vehitec.local. returned 0
07/31 12:58:35 [SITE] [980] NlSetDynamicSiteName: Old and new site names 'Default-First-Site-Name' are identical.
07/31 12:58:35 [MISC] [980] NetpDcDerefCacheEntry: destroying entry 0x000001A672610B20
07/31 12:58:35 [DNS] [980] Cache: VEHITEC vehitec.local: Add cache entry 1 (Quality: 24)(DcName: vehitec-ds.vehitec.local)
07/31 12:58:35 [DNS] [980] NetpDcLogCache: Entered:
07/31 12:58:35 [DNS] [980] Cache: Domain: VEHITEC vehitec.local:
07/31 12:58:35 [DNS] [980] [QueryType]: DcName, ReturnFlags, CreationTime, LastPingedTime
07/31 12:58:35 [DNS] [980] [0]: vehitec-ds.vehitec.local, 0x13fd, 44063687, 56332578
07/31 12:58:35 [DNS] [980] [1]: vehitec-ds.vehitec.local, 0x13fd, 56543421, 0
07/31 12:58:35 [DNS] [980] [2]: vehitec-ds.vehitec.local, 0x13fd, 53620937, 55844859
07/31 12:58:35 [DNS] [980] Cache: Domain: vehitec-ds.vehitec.local:
07/31 12:58:35 [DNS] [980] [QueryType]: DcName, ReturnFlags, CreationTime, LastPingedTime
07/31 12:58:35 [DNS] [980] [0]: NegativeCacheTime: 12771390, PermanentNegativeCache: 0
07/31 12:58:35 [DNS] [980] Cache: Domain: VEHITEC-DS VEHITEC-DS:
07/31 12:58:35 [DNS] [980] [QueryType]: DcName, ReturnFlags, CreationTime, LastPingedTime
07/31 12:58:35 [DNS] [980] [0]: NegativeCacheTime: 4888062, PermanentNegativeCache: 0
07/31 12:58:35 [DNS] [980] Cache: Domain: VT-SERVER1 VT-SERVER1:
07/31 12:58:35 [DNS] [980] [QueryType]: DcName, ReturnFlags, CreationTime, LastPingedTime
07/31 12:58:35 [DNS] [980] [0]: NegativeCacheTime: 2555828, PermanentNegativeCache: 0
07/31 12:58:35 [DNS] [980] Cache: Domain: NT-AUTORITÄT (null):
07/31 12:58:35 [DNS] [980] [QueryType]: DcName, ReturnFlags, CreationTime, LastPingedTime
07/31 12:58:35 [DNS] [980] NetpDcLogCache: Exited.
07/31 12:58:35 [MISC] [980] LoadBalanceDebug (Flags: FORCE DSP AVOIDSELF ): DC=VEHITEC-DS, SrvCount=1, FailedAQueryCount=0, DcsPinged=1, LoopIndex=0
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSetServerClientSession: New DC is an NT 5 DC: \\vehitec-ds.vehitec.local
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSetServerClientSession: New DC is in closest site: \\vehitec-ds.vehitec.local
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSetServerClientSession: New DC runs the time service: \\vehitec-ds.vehitec.local
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSetServerClientSession: New discovery flags: 0x1dc; Old flags: 0x0
07/31 12:58:35 [PERF] [980] NlSetServerClientSession: Not changing connection (000001A6726EC8A8): "\\vehitec-ds.vehitec.local"
ClientSession: 000001A6726B92B0VEHITEC: NlDiscoverDc: Found DC \\vehitec-ds.vehitec.local
07/31 12:58:35 [SESSION] [980] NlSessionSetup: ClientChallenge = 3c045e03 917c8c87 a17ebe7a 637658e7 .^.<..|.z.~..Xvc
07/31 12:58:35 [SESSION] [980] NlSessionSetup: Clear New Password = 80079a26 92344205 ea20377e c27e1e8a &....B4.~7 ...~.
07/31 12:58:35 [SESSION] [980] NlSessionSetup: Password Changed: bb712757 01d9c325 = 7/30/2023 22:38:01
07/31 12:58:35 [SESSION] [980] NlSessionSetup: Password = 188cd38d 848ceda0 93a6ab6c 388230f5 ........l....0.8
07/31 12:58:35 [SESSION] [980] VEHITEC: NlStartApiClientSession: Bind to server \\vehitec-ds.vehitec.local (TCP) 0 (Retry: 0).
07/31 12:58:35 [MAILSLOT] [2268] Going to wait on mailslot. (Timeout: 45000)
07/31 12:58:35 [SESSION] [980] NlSessionSetup: ServerChallenge = 769ecb9f 0196c22f 72474906 6a657d34 ...v/....IGr4}ej
07/31 12:58:35 [SESSION] [980] NlSessionSetup: SessionKey = cae2b496 41e5a3a1 f1968718 c033e1b3 .......A......3.
07/31 12:58:35 [SESSION] [980] NlSessionSetup: Authentication Seed = f57d9812 b51f1a82 0fa3a1fa 9d44d013 ..}...........D.
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSessionSetup: Negotiated flags with server are 0x612fffff
07/31 12:58:35 [SESSION] [980] NlSessionSetup: ServerCredential GOT = 751cb3bf ccc452ff 320ee026 45966738 ...u.R..&..28g.E
07/31 12:58:35 [SESSION] [980] NlSessionSetup: ServerCredential MADE = 751cb3bf ccc452ff 320ee026 45966738 ...u.R..&..28g.E
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSessionSetup: DC is an NT 5 DC: \\vehitec-ds.vehitec.local
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSetStatusClientSession: Set connection status to 0
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: Old Seed = f57d9812 b51f1a82 0fa3a1fa 9d44d013 ..}...........D.
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: Time = 4ee43e6b d45296b8 044b1180 e0ff8175 k>.N..R...K.u...
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: New Seed = db2b8162 29412429 45c366bb 3decf52a b.+.)$A).f.E*..=
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: SessionKey = cae2b496 41e5a3a1 f1968718 c033e1b3 .......A......3.
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: Client Authenticator = d9db55ce 94813a28 09c45ed8 941f230a .U..(:...^...#..
07/31 12:58:35 [SESSION] [980] VEHITEC: NlStartApiClientSession: Try to NlBindingSetAuthInfo
07/31 12:58:35 [SESSION] [980] AcquireCredentialsHandleW: called
07/31 12:58:35 [SESSION] [980] AllocateCredential: 0.bb: credential allocated
07/31 12:58:35 [SESSION] [980] AcquireCredentialsHandleW: 0.bb: returns 0x0
07/31 12:58:35 [SESSION] [980] AcquireCredentialsHandleW: called
07/31 12:58:35 [SESSION] [980] AllocateCredential: 0.bc: credential allocated
07/31 12:58:35 [SESSION] [980] AcquireCredentialsHandleW: 0.bc: returns 0x0
07/31 12:58:35 [SESSION] [980] InitializeSecurityContext: VT-SERVER1: called
07/31 12:58:35 [SESSION] [980] InitializeSecurityContext: 0.bc: VT-SERVER1: called with cred handle
07/31 12:58:35 [SESSION] [980] InitializeSecurityContext: returns 0x90312
07/31 12:58:35 [SESSION] [980] InitializeSecurityContext: VT-SERVER1: called
07/31 12:58:35 [SESSION] [980] InitializeSecurityContext: 0.bd: VT-SERVER1: called with context handle
07/31 12:58:35 [SESSION] [980] InitializeSecurityContext: returns 0x0
07/31 12:58:35 [SESSION] [980] QueryContextAttributes: 0.bd: 0 returns 0x0
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: Session Key: cae2b496 41e5a3a1 f1968718 c033e1b3 .......A......3.
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: IV: 5713f217 c81c800d 77928814 586f5632 ...W.......w2VoX
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: Clear Seq: 34218c49 c98a446f 3a2636a4 247e6156 I.!4oD...6&:Va~$
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: Encrypted Seq: 80aabc79 a5725305 c124e5ae 5fe971fe y....Sr...$..q._
07/31 12:58:35 [SESSION] [980] SealMessage: 0.bd: returns 0x0
07/31 12:58:35 [ENCRYPT] [980] NlpVerifyOrUnseal: 0.bd: Session Key: cae2b496 41e5a3a1 f1968718 c033e1b3 .......A......3.
07/31 12:58:35 [ENCRYPT] [980] NlpVerifyOrUnseal: 0.bd: IV: 831d1975 77eb92fe 934727da 474e23e0 u......w.'G..#NG
07/31 12:58:35 [ENCRYPT] [980] NlpVerifyOrUnseal: 0.bd: Encrypted Seq: 2f358258 3eaebf24 7199e798 94e40492 X.5/$..>...q....
07/31 12:58:35 [ENCRYPT] [980] NlpVerifyOrUnseal: 0.bd: Clear Seq: 3ae10220 9a0759cf c982571a 79458918 ..:.Y...W....Ey
07/31 12:58:35 [ENCRYPT] [980] NlpVerifyOrUnseal: 0.bd: First Several of signature: c3dafd09 249c6f3e ef468ae7 a641ecc0 ....>o.$..F...A.
07/31 12:58:35 [SESSION] [980] UnsealMessage: 0.bd: returns 0x0
07/31 12:58:35 [SESSION] [980] NlUpdateSeed: Seed + time + 1= 3f317f43 05f7a708 c5d00969 9bfddc78 C.1?....i...x...
07/31 12:58:35 [SESSION] [980] NlUpdateSeed: Server Authenticator GOT = ea8e78fd d85b7b0d df984679 fa169646 .x...{[.yF..F...
07/31 12:58:35 [SESSION] [980] NlUpdateSeed: Server Authenticator MADE = ea8e78fd d85b7b0d df984679 fa169646 .x...{[.yF..F...
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: Old Seed = 3f317f43 05f7a708 c5d00969 9bfddc78 C.1?....i...x...
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: Time = 4ee43e6b d45296b8 044b1180 e0ff8175 k>.N..R...K.u...
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: New Seed = fa959592 b95bced8 1a0734f3 b00b0219 ......[..4......
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: SessionKey = cae2b496 41e5a3a1 f1968718 c033e1b3 .......A......3.
07/31 12:58:35 [SESSION] [980] NlBuildAuthenticator: Client Authenticator = 4ca34fa2 a6de9046 3d15f6c9 550e87bc .O.LF......=...U
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: Session Key: cae2b496 41e5a3a1 f1968718 c033e1b3 .......A......3.
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: IV: 82be8170 45a88dc4 30a6c00d 29c93854 p......E...0T8.)
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: Clear Seq: 227b737d 67f7da17 b246331e 703253cf }s{"...g.3F..S2p
07/31 12:58:35 [ENCRYPT] [980] NlpSignOrSeal: 0.bd: Encrypted Seq: 0fb0065f afe07dad 39cbf206 5d56aef9 _....}.....9..V]
07/31 12:58:35 [SESSION] [980] SealMessage: 0.bd: returns 0x0
07/31 12:58:35 [CRITICAL] [980] NlPrintRpcDebug: Dumping extended error for I_NetLogonGetCapabilities with 0xc003000c
07/31 12:58:35 [CRITICAL] [980] [0] ProcessID is 792
07/31 12:58:35 [CRITICAL] [980] [0] System Time is: 7/31/2023 10:58:35:753
07/31 12:58:35 [CRITICAL] [980] [0] Generating component is 2
07/31 12:58:35 [CRITICAL] [980] [0] Status is 1783
07/31 12:58:35 [CRITICAL] [980] [0] Detection location is 1750
07/31 12:58:35 [CRITICAL] [980] [0] Flags is 0
07/31 12:58:35 [CRITICAL] [980] [0] NumberOfParameters is 1
07/31 12:58:35 [CRITICAL] [980] Long val: 1783
07/31 12:58:35 [SESSION] [980] NlUpdateSeed: Seed + time + 1= 288f5eff 1953c603 3622cb73 75636bd0 .^.(..S.s."6.kcu
07/31 12:58:35 [SESSION] [980] NlUpdateSeed: Server Authenticator GOT = 2b36ea7d 008eac3f 52496a95 74f4d4a3 }.6+?....jIR...t
07/31 12:58:35 [SESSION] [980] NlUpdateSeed: Server Authenticator MADE = f5a8c445 73f57f97 0307c7ff 35731eec E......s......s5
07/31 12:58:35 [CRITICAL] [980] VEHITEC: NlConfirmRequestedCapabilities: denying access after status: 0xc003000c
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSessionSetup: denying access because of unmatching capabilities
07/31 12:58:35 [MISC] [980] Eventlog: 3210 (1) "VEHITEC" "\\vehitec-ds.vehitec.local" 2f8270f1 5bc8d5e7 34c3e164 6665df64 .p./...[d..4d.ef
07/31 12:58:35 [MISC] [980] Didn't log event since it was already logged.
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSetStatusClientSession: Set connection status to c0000022
07/31 12:58:35 [SESSION] [980] FreeCredentialsHandle: 0.bb: called
07/31 12:58:35 [SESSION] [980] DeleteCredential: 0.bb: credential freed
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSetStatusClientSession: Unbind from server \\vehitec-ds.vehitec.local (TCP) 0.
07/31 12:58:35 [SESSION] [980] VEHITEC: NlSessionSetup: Session setup Failed
07/31 12:58:35 [CRITICAL] [980] VEHITEC: NetrLogonControl: Password Change failed c0000022
More information about the samba
mailing list