[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023

Matthias Kühne | Ellerhold Aktiengesellschaft matthias.kuehne at ellerhold.de
Thu Jul 13 08:18:04 UTC 2023 

Hello Fabio,

we're using these connections:

  * via RDP from Mac OS Client to Windows 10 using an AD user
  * via SMB from Mac OS Client to Windows 10 using an AD user
  * via SMB from a CentOS client to Windows 10 using an AD user

The windows 10 machine(s) are domain-joined to samba 4.18.4 DCs.

Have a nice day, Matthias.

Am 13.07.23 um 10:06 schrieb Fabio Muzzi via samba:
>
> Hi Matthias,
>
> You are writing about linux and macos CLIENTS that do not work... 
> connecting to what? To windows server with latest patches or to a 
> share on a win10 pc with latest patches?
>
> The issues I am seeing are all with windows 10 clients and linux 
> servers (I have not tried the other way around, I don't have any such 
> configuration).
>
> For RDP using hostname and specifying the domain still does not work 
> (in my configuration, the RDP client is a non-domain PC with windows 
> 10 or 11 and the RDP server is a windows 10 PC that is in the domain, 
> and the username involved is a domain user, not a local one). I have 
> not yet tried disabling NLA. Can you please tell me how to do it in 
> windows 10?
>
> Thanks.
>
> Fabio Muzzi
>
>
> On 13/07/2023 09.23, Matthias Kühne | Ellerhold Aktiengesellschaft via 
> samba wrote:
>> Hallo,
>>
>> now alot of bug reports are coming in.
>>
>> For RDP you HAVE to connect via DNS and DOMAIN\user.name. Connecting via
>> IP or without the domain does not work anymore. You have to disable 
>> NLA too.
>>
>> Same for SMB access (at least from MacOS and linux clients). Weve got
>> some clients that never got the connection working - even with the above
>> changes so we had to uninstall the update. Ive disabled Win 10 Updates
>> for the next 35 days ... hopefully the bug is solved until then!
>>
>> If theres anything we can help to fix this please let us know. This is
>> getting critical for us.
>>
>> Thanks and have a nice day, Matthias.
>>
>> Am 13.07.23 um 09:13 schrieb Jakob Curdes via samba:
>>>
>>> Am 12.07.2023 um 23:50 schrieb Fabio Muzzi via samba:
>>>> On 12/07/2023 21.47, Jakob Curdes via samba wrote:
>>>>
>>>>> Just to understand this, we also might be affected with several
>>>>> customers:
>>>>>
>>>>> - after installing the July Windows update on W10 22H2 KB5028166, the
>>>>> following symptoms appear: 1) Test-ComputerSecureChannel -Verbose
>>>>> says "False" 2) RDPing into the system does not work 3) some reports
>>>>> about broken SMB connections?
>>>>>
>>>>> I just tested this in our environment on an Ubuntu 18 server (I know,
>>>>> must be updated asap), there I see the Test-ComputerSecureChannel
>>>>> "False", while on a system without the update it says "true", but I
>>>>> cannot see any problems with RDP or SMB network connetions, so maybe
>>>>> there are more border conditions to this?
>>>>>
>>>>> If I can help with further tests I am ready to go.
>>>>
>>>>
>>>> Hi Jacob, can you please tell me what version is your Samba DC? I
>>>> suppose it's 4.7.6 if it's the original Ubuntu 18.04 version, am I
>>>> right?
>>>>
>>>> I'm trying to understand in how much manure I am drowning right now,
>>>> I have about 10 small domains that use Samba (various versions) and
>>>> I'm trying to understand what is expected to work and what is
>>>> expected to fail.
>>>>
>>>> Can your clients still connect to the domain? I mean, if the user
>>>> logs on locally on the PC, not using RDP.
>>>>
>>>> I know RDP is broken if using NLA.
>>>
>>> Hello Fabio, the  DCs where I tested this are on 4.7.6 as you guessed,
>>> the Ubuntu version with backported patches etc.
>>> We have several samba-controlled domains with different versions and
>>> we did not observer any problems with local logon, and no prolems
>>> witth RDP other that we had to deactivate NLA in some cases, which is
>>> bad but in this case a workaround. We do not observer any other
>>> problems right now.
>>>
>>> HTH, Jakob
>>>
>>>
>
>
-- 
Senior Webentwickler
Datenschutzbeauftragter

Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul

Telefon: +49 (0) 351 83933-61
Web:www.ellerhold.de
Facebook:www.facebook.com/ellerhold.gruppe
Instagram:www.instagram.com/ellerhold.gruppe
Twitter:https://twitter.com/EllerholdGruppe

Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold


---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und um sofortiges löschen dieser E-Mail und der Anlagen.

Unsere Hinweise zum Datenschutz finden Sie hier: http://www.ellerhold.de/datenschutz/

This e-mail and its attachments are privileged and confidential. If you are not the intended recipient, please notify us and immediately delete this e-mail and its attachments.

You can find our privacy policy here: http://www.ellerhold.de/datenschutz/

More information about the samba mailing list