[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023

Thu Jul 13 07:23:43 UTC 2023

Hallo,

now alot of bug reports are coming in.

For RDP you HAVE to connect via DNS and DOMAIN\user.name. Connecting via 
IP or without the domain does not work anymore. You have to disable NLA too.

Same for SMB access (at least from MacOS and linux clients). Weve got 
some clients that never got the connection working - even with the above 
changes so we had to uninstall the update. Ive disabled Win 10 Updates 
for the next 35 days ... hopefully the bug is solved until then!

If theres anything we can help to fix this please let us know. This is 
getting critical for us.

Thanks and have a nice day, Matthias.

Am 13.07.23 um 09:13 schrieb Jakob Curdes via samba:
>
> Am 12.07.2023 um 23:50 schrieb Fabio Muzzi via samba:
>> On 12/07/2023 21.47, Jakob Curdes via samba wrote:
>>
>>> Just to understand this, we also might be affected with several
>>> customers:
>>>
>>> - after installing the July Windows update on W10 22H2 KB5028166, the
>>> following symptoms appear: 1) Test-ComputerSecureChannel -Verbose
>>> says "False" 2) RDPing into the system does not work 3) some reports
>>> about broken SMB connections?
>>>
>>> I just tested this in our environment on an Ubuntu 18 server (I know,
>>> must be updated asap), there I see the Test-ComputerSecureChannel
>>> "False", while on a system without the update it says "true", but I
>>> cannot see any problems with RDP or SMB network connetions, so maybe
>>> there are more border conditions to this?
>>>
>>> If I can help with further tests I am ready to go.
>>
>>
>> Hi Jacob, can you please tell me what version is your Samba DC? I 
>> suppose it's 4.7.6 if it's the original Ubuntu 18.04 version, am I 
>> right?
>>
>> I'm trying to understand in how much manure I am drowning right now, 
>> I have about 10 small domains that use Samba (various versions) and 
>> I'm trying to understand what is expected to work and what is 
>> expected to fail.
>>
>> Can your clients still connect to the domain? I mean, if the user 
>> logs on locally on the PC, not using RDP.
>>
>> I know RDP is broken if using NLA.
>
> Hello Fabio, the  DCs where I tested this are on 4.7.6 as you guessed, 
> the Ubuntu version with backported patches etc.
> We have several samba-controlled domains with different versions and 
> we did not observer any problems with local logon, and no prolems 
> witth RDP other that we had to deactivate NLA in some cases, which is 
> bad but in this case a workaround. We do not observer any other 
> problems right now.
>
> HTH, Jakob
>
>
-- 
Senior Webentwickler
Datenschutzbeauftragter

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Web: www.ellerhold.de
Facebook: www.facebook.com/ellerhold.gruppe
Instagram: www.instagram.com/ellerhold.gruppe
Twitter: https://twitter.com/EllerholdGruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold

---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/