Hi Metze: Please send me requested traces.
Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -----Original Message----- From: Obaid Farooqi Sent: Thursday, August 27, 2020 1:36 PM To: Stefan Metzmacher <me...@samba.org> Cc: cifs-protocol@lists.samba.org; support <supp...@mail.support.microsoft.com> Subject: RE: [EXTERNAL] Re: [REG:120080321001822] LDAP connections have hard timelimit of one hour? Hi Metze: Please send me ttt traces of lsass process of these behaviors. I have uploaded PartnerTTDRecorder_x86_x64.zip to the following link. Please extract the contents of amd64\TTD folder to your DC in directory c:\ttt. https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiMGU2MDMzNTktYzhhOS00NDRlLWEzYjMtMWJmMGZiOTZkNDY1Iiwic3IiOiIxMjAwODE4MjEwMDEzNjUiLCJhcHBpZCI6ImU2ZWU0M2ViLTBmYmMtNDU0Ni1iYzUyLTRjMTYxZmNkZjRjNCIsInN2IjoidjEiLCJycyI6IkV4dGVybmFsIiwid3RpZCI6ImYxNTYwNTA0LWNhMjEtNDk4OS1iOTBlLTJhZGQxOWJkOGVhZSIsImlzcyI6Imh0dHBzOi8vYXBpLmR0bW5lYnVsYS5taWNyb3NvZnQuY29tIiwiYXVkIjoiaHR0cDovL3NtYyIsImV4cCI6MTYwNjMyNzU1OCwibmJmIjoxNTk4NTUxNTU4fQ.MlHqfwquXqNRTnQW9uSEW25TiguN_HHQ9d1J2UcBSGsGmzND7vpH9_JpL_q5HHYeTCXJjE0EggKtYxd9xOLyVmRWRaUDmL6gKT_9ttQTFdczXKgql1Pxc_GTDT6ddnBuB9xIXuyDpXv1Kc5lpv-3jijTWollwikcd5ylZUBNKZow_uFGB7VoZ8HEAn-8_D7ioKMfBtAd11ZLeTlrlHMm5KLAj6x0LUdYitIDTfgTFV7Gmrte5QZrPEoUt27I4Gj6ZPXrPcKvFJKS99mpWkB4RIg4FAf6bAM1BGZYfjc_wLR_305O6j-kjpnAWqjn6906mxMBL_sSxzGnxNl3hRPu5A&wid=0e603359-c8a9-444e-a3b3-1bf0fb96d465 Username: 120081821001365_noem...@dtmxfer.onmicrosoft.com Password: h5l_Qtt1 Please follow the steps below to capture trace and send them to me. 1. Open a alleviated cmd windows 2. cd to c:\ttt 3. Execute the following command to know the PID of lsass process C:\ttt>tasklist | findster /i "lsass" 4. Execute the following command to start tracing lsass C:\ttt>tttracer -attach PID Where PID is number from step 3 5. Wait for little window to pop up titled "lsass01.run" 6. Start network capture 7. Reproduce the problem 8. after the repro, uncheck the box next to "Tracing..." in the Window "lsass01.run" 9. A file will be generated name lsass01.run. 10. Stop and save the network capture 11. Zip lsass01.run and network capture and upload them to the link above and let me know. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -----Original Message----- From: Obaid Farooqi Sent: Monday, August 17, 2020 11:31 AM To: Stefan Metzmacher <me...@samba.org> Cc: cifs-protocol@lists.samba.org; support <supp...@mail.support.microsoft.com> Subject: RE: [EXTERNAL] Re: [REG:120080321001822] LDAP connections have hard timelimit of one hour? Hi Metze: Thanks for the info. I'll look into this and will get back to you when I have an answer. Regards, Obaid Farooqi Escalatiion Engineer | Microsoft -----Original Message----- From: Stefan Metzmacher <me...@samba.org> Sent: Friday, August 14, 2020 3:24 AM To: Obaid Farooqi <oba...@microsoft.com> Cc: cifs-protocol@lists.samba.org; support <supp...@mail.support.microsoft.com> Subject: [EXTERNAL] Re: [REG:120080321001822] LDAP connections have hard timelimit of one hour? Hi Obaid, the server is sending the error 52. It happens when the kerberos session ticket expired. In my tests I request a ticket lifetime of just 4 seconds. There're two cases: 1. If the client tries to send a request after the ticket expired, but the tcp connection is still alive, the server will send LDAPMessage extendedResp(0) (The server has timed out this connection) messageID: 0 protocolOp: extendedResp (24) extendedResp resultCode: unavailable (52) matchedDN: errorMessage: The server has timed out this connection responseName: 1.3.6.1.4.1.1466.20036 See ldap-search-krb5-expired-connection-01.pcap.gz frame 301-304 This is a Notice of Disconnection see https://tools.ietf.org/html/rfc4511#section-4.4.1 Also note the encoding does not match the definition from https://tools.ietf.org/html/rfc4511#section-4.12 ExtendedResponse ::= [APPLICATION 24] SEQUENCE { COMPONENTS OF LDAPResult, responseName [10] LDAPOID OPTIONAL, responseValue [11] OCTET STRING OPTIONAL } dumpasn1 ~/devel/caps/ldap/ldap-krb5-extended-response-expired.dat 0 80: SEQUENCE { : Error: Length '84 00 00 00 50' has non-canonical encoding. 6 1: INTEGER 0 9 47: [APPLICATION 24] { : Error: Length '84 00 00 00 2F' has non-canonical encoding. 15 1: ENUMERATED 52 18 0: OCTET STRING : Error: Object has zero length. 20 40: OCTET STRING 'The server has timed out this connection' : } 62 22: [10] '1.3.6.1.4.1.1466.20036' : } Note that the responseName [10] is not part of the [APPLICATION 24] element (as it should). 2. If the ticket expires without any request from the client, the server seems to have a timer that runs every minute (in my examples always at second :36) and disconnects the tcp connection without a "Notice of Disconnection" LDAP pdu. See ldap-search-krb5-expired-connection-03.pcap.gz frames 269-271, 307: - all LDAP traffic happens in second :26 and the ticket is valid until second :30 and the TCP disconnect happens at second :36 See ldap-search-krb5-expired-connection-04.pcap.gz frames 303-305, 491: - all LDAP traffic happens in second :43 and the ticket is valid until second :47 and the TCP disconnect happens (in the next minute) at second :36 ldap-search-krb5-expired-connection-02-short-timeout.pcap.gz is a bit different see frames 273-275, 280: - all LDAP traffic happens in second :35 and the ticket is valid until second :39, but the TCP disconnect already happens at second :36, where the ticket is still valid for 3 seconds! I've attached the captures and a keytab file, that allows decryption of the kerberos tickets with wireshark. Do you need more information? Thanks! metze Am 13.08.20 um 21:54 schrieb Obaid Farooqi: > Hi Metze: > This information that you provided is not sufficient to figure out what is > happening from the server side that is causing client to issue error. Can you > please provide more details and possibly a network capture? > > Regards, > Obaid Farooqi > Escalatiion Engineer | Microsoft > > -----Original Message----- > From: Obaid Farooqi > Sent: Friday, August 7, 2020 1:49 PM > To: 'Stefan Metzmacher' <me...@samba.org> > Cc: 'cifs-protocol@lists.samba.org' <cifs-protocol@lists.samba.org>; > support <supp...@mail.support.microsoft.com> > Subject: RE: [REG:120080321001822] LDAP connections have hard timelimit of > one hour? > > Hi Metze: > In case of Windows-Windows, error 52 is generated by the client side (server > does not generate this error). How and where you are getting this error? > > Regards, > Obaid Farooqi > Escalatiion Engineer | Microsoft > > -----Original Message----- > From: Obaid Farooqi > Sent: Thursday, August 6, 2020 12:39 PM > To: Stefan Metzmacher <me...@samba.org> > Cc: cifs-protocol@lists.samba.org; support > <supp...@mail.support.microsoft.com> > Subject: RE: [REG:120080321001822] LDAP connections have hard timelimit of > one hour? > > Hi Metze: > I'll help you with this issue and will be in touch as soon as I have an > answer. > > Regards, > Obaid Farooqi > Escalatiion Engineer | Microsoft > > -----Original Message----- > From: Bryan Burgin <bbur...@microsoft.com> > Sent: Monday, August 3, 2020 12:39 PM > To: Stefan Metzmacher <me...@samba.org> > Cc: cifs-protocol@lists.samba.org; support > <supp...@mail.support.microsoft.com> > Subject: [REG:120080321001822] LDAP connections have hard timelimit of one > hour? > > Hi Stefan, > > Thank you for the question. We created SR 120080321001822 To track this > issue. An engineer will contact you soon. > > Bryan > > -----Original Message----- > From: Stefan Metzmacher <me...@samba.org> > Sent: Monday, August 3, 2020 7:54 AM > To: Interoperability Documentation Help <doch...@microsoft.com> > Cc: cifs-protocol@lists.samba.org > Subject: [EXTERNAL] LDAP connections have hard timelimit of one hour? > > Hi DocHelp, > > I just debugged a problem where a Windows AD DC send the following message > after exactly 1 hour: > > LDAPMessage extendedResp(0) (The server has timed out this connection) > messageID: 0 > protocolOp: extendedResp (24) > extendedResp > resultCode: unavailable (52) > matchedDN: > errorMessage: The server has timed out this connection > > The connection was used at least every minute and the last success was > returned 2 seconds before this. > > These are Windows 2019 DCs, is this special to them, or does this happen with > any Windows Version? > > I can't find anything related in [MS-ADTS] > > Can you clarify this? > > Thanks! > metze > _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol
