[Samba] ComputerSecureChannel -Verbose False since windows 10/11 update 07/2023
Marco Gaiarin
gaio at lilliput.linux.it
Thu Jul 13 10:53:18 UTC 2023
Mandi! Doug Bailey via samba
In chel di` si favelave...
> Uninstalling KB5028166 restores functionality for me as well
I can confirm, Win10 client cannot logon anymore (no trust relationship) in
a samba 'NT mode' domain; in log i catch:
[2023/07/13 12:02:06.257824, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CNX-PSICOEDU1 machine account CNX-PSICOEDU1$
[2023/07/13 12:02:06.272313, 0] rpc_server/srv_pipe.c:1925(api_rpcTNP)
api_rpcTNP: \netlogon: NETR_LOGONGETCAPABILITIES failed.
Seems suspect this:
https://support.microsoft.com/it-it/topic/kb5021130-come-gestire-le-modifiche-al-protocollo-netlogon-correlate-a-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25#three-5021130
If i uninstall KB5028166, all work as expected.
I make a note: seems there's no way to silent uninstall KB5028166, i tried
both:
Remove-WindowsUpdate -KBArticleID KB5028166 -IgnoreReboot -Confirm:$false
wusa /uninstall /kb:5028166 /quiet /norestart
but simply stall (powershell) or do nothing (wusa).
--
Errare è umano, ma per fare veramente casino
ci vuole la password di root (Zio Budda)
More information about the samba
mailing list