On Thursday, 14 December 2023 07:28:46 CET Andreas Schneider wrote: > On Wednesday, 13 December 2023 22:55:54 CET Andreas Schneider via cifs- > > protocol wrote: > > On Wednesday, 13 December 2023 18:45:25 CET Jeff McCashland (He/him) wrote: > > > Hi Andreas, > > > > Hi Jeff, > > > > > I found that the cause of the INVALID_PARAMETER error is that cbCipher > > > is > > > too small in the PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL_AES > > > structure included in the request. > > > > > > The value sent is 0xD0 (208), while we were expecting at least 520 > > > (0x208). > > > Is there some significance that the correct hex value matches the passed > > > decimal value? > > > > thank you very much for taking a look. > > > > I think the value is more a coincidence. It is strange that you expect at > > least 520 bytes in size. This is either because of some password length > > requirement or you need to use a buffers for passwords and fill it up with > > random data if too short, like we have for the *Buffer* in [MS-SAMR] > > 2.2.6.32. That's done in MS-SAMR to avoid guessing the password length. > > > > I can test if using longer passwords fixes the issue. > > We use passwords which are ~15 chars long. Using longer password doesn't fix > the problem. > > Our testsuite has one function to test LsarCreateTrustedDomainEx2 and > LsarCreateTrustedDomainEx3. The values we use are essentially the same. > There are just differences in one char and the function using different > structures. > > LsarCreateTrustedDomainEx2 succeeds with those values and > LsarCreateTrustedDomainEx3 fails. I would argue that > LsarCreateTrustedDomainEx3 expects something which is not documented. > > Why does LsarCreateTrustedDomainEx3 expect at least 520 bytes for the > cbCipher value?
Here is a guess: > Best regards > > > Andreas > > > > Please let me know if this doesn't fully answer your question. > > > > Now the question is why does the cipher need to be bigger than 520 bytes? > > I > > don't see anything in the documentation about it. There is just an upper > > limit in the docs: > > > > #define MAX_AUTHBLOB_SIZE ( 64 * 1024 ) > > > > > > Best regards > > > > Andreas > > > > > Best regards, > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > > Protocol > > > Open Specifications Team Phone: +1 (425) 703-8300 x38300 | Hours: > > > 9am-5pm > > > > > > Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone > > > number found here: http://support.microsoft.com/globalenglish | > > > Extension > > > 1138300 > > > > > > -----Original Message----- > > > From: Jeff McCashland (He/him) > > > Sent: Monday, December 11, 2023 9:28 AM > > > To: Andreas Schneider <a...@samba.org> > > > Cc: Microsoft Support <supportm...@microsoft.com>; cifs-protocol > > > <cifs-protocol@lists.samba.org> Subject: RE: [EXTERNAL] [MS-LSAD] Need > > > help > > > with LsarCreateTrustedDomainEx3 - TrackingID#2312050040012372 > > > > > > Hi Andrew, > > > > > > Thank you for the information. I will let you know what I find. > > > > > > Best regards, > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > > Protocol > > > Open Specifications Team Phone: +1 (425) 703-8300 x38300 | Hours: > > > 9am-5pm > > > > > > Time zone: (UTC-08:00) Pacific Time (US and Canada) Local country phone > > > number found here: http://support.microsoft.com/globalenglish | > > > Extension > > > 1138300 > > > > > > -----Original Message----- > > > From: Andreas Schneider <a...@samba.org> > > > Sent: Monday, December 11, 2023 6:23 AM > > > To: Jeff McCashland (He/him) <je...@microsoft.com> > > > Cc: Microsoft Support <supportm...@microsoft.com>; cifs-protocol > > > <cifs-protocol@lists.samba.org> Subject: Re: [EXTERNAL] [MS-LSAD] Need > > > help > > > with LsarCreateTrustedDomainEx3 - TrackingID#2312050040012372 > > > > > > On Thursday, 7 December 2023 20:43:05 CET Jeff McCashland (He/him) wrote: > > > > Hi Andreas, > > > > > > Hi Jeff, > > > > > > > I was not able to find an INVALID_PARAMETER failure in the provided > > > > network trace. Is this the network trace that was collected at the > > > > same time as the TTT trace? > > > > > > I've compiled wireshark from the git master branch. This has support for > > > decoding the new lsa calls correctly. I opened the wireshark trace I > > > sent > > > you with it and the first LsarCreateTrustedDomainEx3 request is frame > > > 76. > > > Frame 77 is the corresponding response which returns INVALID_PARAMETER > > > (screenshot attached). > > > > > > I hope that helps. Thanks for your help. > > > > > > > > > Best regards > > > > > > Andreas > > > > > > > > I see the INVALID_PARAMETER error in your smbtorture logs, but I don't > > > > know which packet in the network trace that relates to. > > > > > > > > Could you clarify? > > > > > > > > Best regards, > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > > > Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 | > > > > Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) > > > > Local country phone number found here: > > > > http://suppo/ > > > > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com% > > > > 7C57e7e1341d7243e6808108dbfa54bc29%7C72f988bf86f141af91ab2d7cd011db47% > > > > 7C1%7C0%7C638379014130155860%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM > > > > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat > > > > a=QJVmNP2krXHQDVe%2B1OQnuwGDsK2yfgH6hyezrqzjaQY%3D&reserved=0 | > > > > Extension > > > > 1138300 > > > > > > > > -----Original Message----- > > > > From: Jeff McCashland (He/him) > > > > Sent: Wednesday, December 6, 2023 7:53 AM > > > > To: Andreas Schneider <a...@samba.org> > > > > Cc: Microsoft Support <supportm...@microsoft.com>; cifs-protocol > > > > <cifs-protocol@lists.samba.org> Subject: RE: [EXTERNAL] [MS-LSAD] Need > > > > help with LsarCreateTrustedDomainEx3 - TrackingID#2312050040012372 > > > > > > > > Hi Andreas, > > > > > > > > Hopefully the LSASS TTT will tell us which parameter it is. I will let > > > > you know. > > > > > > > > Best regards, > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > > > Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 | > > > > Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) > > > > Local country phone number found here: > > > > http://suppo/ > > > > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com% > > > > 7C57e7e1341d7243e6808108dbfa54bc29%7C72f988bf86f141af91ab2d7cd011db47% > > > > 7C1%7C0%7C638379014130166111%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM > > > > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdat > > > > a=YozjfDZHR1hYS4F9VW4bWyBSwETo0h5MzsNIKienQP4%3D&reserved=0 | > > > > Extension > > > > 1138300 > > > > > > > > -----Original Message----- > > > > From: Andreas Schneider <a...@samba.org> > > > > Sent: Wednesday, December 6, 2023 1:41 AM > > > > To: Jeff McCashland (He/him) <je...@microsoft.com> > > > > Cc: Microsoft Support <supportm...@microsoft.com>; cifs-protocol > > > > <cifs-protocol@lists.samba.org> Subject: Re: [EXTERNAL] [MS-LSAD] Need > > > > help with LsarCreateTrustedDomainEx3 - TrackingID#2312050040012372 On > > > > > > > > Tuesday, 5 December 2023 23:40:12 CET Jeff McCashland (He/him) wrote: > > > > > Hi Andreas, > > > > > > > > Hi Jeff, > > > > > > > > > I would like to collect LSASS TTT traces to troubleshoot the > > > > > failure. > > > > > > > > Thank you very much for your help! > > > > > > > > I've uploaded lsass03.zip to the workspace. It includes the TimeTrace, > > > > the network trace and smbtorture debug log. > > > > > > > > Günther just added support for LsarCreateTrustedDomainEx3 to Wireshark > > > > two weeks ago [1]. I don't think the code is in a release yet. You > > > > wont see the calls nicely unmarshalled yet. However I attached > > > > smbtorture debug log. You can see the NDR printout there. > > > > > > > > The question is which input paramter LsarCreateTrustedDomainEx3 thinks > > > > is invalid. Once I know that, I can fix hopefully the test :-) > > > > > > > > > > > > Thank you very much for your assistance! This is much appreciated. > > > > > > > > > > > > Best regards > > > > > > > > Andreas > > > > > > > > [1] > > > > https://gitl/ > > > > ab.com%2Fwireshark%2Fwireshark%2F-%2Fmerge_requests%2F13370&data=05%7C > > > > 02%7Cjeffm%40microsoft.com%7C57e7e1341d7243e6808108dbfa54bc29%7C72f988 > > > > bf86f141af91ab2d7cd011db47%7C1%7C0%7C638379014130172902%7CUnknown%7CTW > > > > FpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 > > > > Mn0%3D%7C3000%7C%7C%7C&sdata=8V1KVQz858RkWskCVF8lfnHCfaVT35PmtTZXNoTOd > > > > Ds%3D&reserved=0 > > > > > > > > > The LSASS traces can be quite large, but are highly compressible, so > > > > > please add them to a .zip archive before uploading (file transfer > > > > > workspace credentials are below). Please log into the workspace and > > > > > find PartnerTTDRecorder_x86_x64.zip available for download. The x64 > > > > > tool can be staged onto the Windows server in any location > > > > > (instructions below assume C:\TTD). > > > > > > > > > > To collect the needed traces: > > > > > 1. From a PowerShell prompt, execute: > > > > > C:\TTD\tttracer.exe -Attach ([int](Get-Process -NAME > > > > > > > > > > lsass | Format-Wide -Property > > > > > ID).formatEntryInfo.formatPropertyField.propertyValue) 2. Wait for a > > > > > little window to pop up in top left corner of your screen, titled > > > > > "lsass01.run" 3. start a network trace using netsh or WireShark, > > > > > etc. > > > > > > > > > > 4. Repro the attempted operation > > > > > 5. Stop the network trace and save it > > > > > 6. CAREFULLY: uncheck the checkbox next to "Tracing" in the > > > > > > > > > > small "lsass01.run" window. Do not close or exit the small window or > > > > > you will need to reboot. 7. The TTTracer.exe process will generate a > > > > > trace file, then print out the name and location of the file. > > > > > Compress the *.run file into a .zip archive before uploading with > > > > > the matching network trace. It is a good idea to reboot the machine > > > > > at the next opportunity to restart the lsass process. > > > > > > > > > > Workspace credentials: > > > > > Log in as: 2312050040012372_andr...@dtmxfer.onmicrosoft.com > > > > > 1-Time: 3fjE7C5Q > > > > > > > > > > Workspace link: > > > > > https://supp/ > > > > > ort.microsoft.com%2Ffiles%3Fworkspace%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJS > > > > > U& > > > > > data=05%7C02%7Cjeffm%40microsoft.com%7C54e1a37f1c1443631fff08dbf63f7 > > > > > 00 > > > > > f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638374524565853145%7C > > > > > Un > > > > > known%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1h > > > > > aW > > > > > wiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dzdf2v%2BshYAg5YkvoUpsI%2BiM2 > > > > > f1 > > > > > FuLIaxMoDK1zJanU%3D&reserved=0 > > > > > zI1NiJ9.eyJ3c2lkIjoiMmFkNGE3MjEtZDBjMS00YzFkLTlhMzItY2ZlMGE1YmI0MWJm > > > > > Ii > > > > > wic3Ii > > > > > OiIyMzEyMDUwMDQwMDEyMzcyIiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUz > > > > > OC > > > > > 1lYTNi > > > > > ZDZlZjIxZTUiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiI0YzNmODcy > > > > > OS > > > > > 1iZGY3 > > > > > LTQ5MzUtYjE3My02ZGVmY2Q5ODY3ZTAiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1 > > > > > bG > > > > > EubWlj > > > > > cm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE3MDk1OTE2NjQsIm5i > > > > > Zi > > > > > I6MTcw > > > > > MTgxNTY2NH0.aoqsUChbv4ldUIHza-JNdUpjPPE6iosBaQpCZ49SyHTSanGlhty-H-f_ > > > > > 2t > > > > > lGEFYq > > > > > PmDkt5SsQ9_fyOTERFuxtCYbfNeFZSVyWyI_AW_mLy06ymrLISZamM0GObMwd8xkSJrl > > > > > 6s > > > > > MHiQd6 > > > > > pBtoQ4tIaA3yebDax4mrbJbSjgolCVFcXhwMVOdSocmTwwV5jnC4gKalHF6H-UKMHkZb > > > > > Kn > > > > > Aqyui2 > > > > > Eg4tAT9sNTlrUDaxznIMuA1s0Z2YT2X6jVGMugeJHf5NiO0N6DOlEcQOyeCSXsWoLxJo > > > > > F6 > > > > > CT3Q1e > > > > > o5otojkQv3QD-IrpZU2RHpPTpWcH9TAcus-fH2KdDD-670wxHw&wid=2ad4a721-d0c1 > > > > > -4 > > > > > c1d-9a > > > > > 32-cfe0a5bb41bf > > > > > > > > > > Best regards, > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > > > > Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 | > > > > > Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) > > > > > Local country phone number found here: > > > > > http://suppo/ > > > > > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.co > > > > > m% > > > > > 7C54e1a37f1c1443631fff08dbf63f700f%7C72f988bf86f141af91ab2d7cd011db4 > > > > > 7% > > > > > 7C1%7C0%7C638374524565858700%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA > > > > > wM > > > > > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sd > > > > > at > > > > > a=EQOmU95wBWcFuv2c56sDxW8YHrBn2%2FCnX34U4igxtow%3D&reserved=0 | > > > > > Extension > > > > > 1138300 > > > > > > > > > > -----Original Message----- > > > > > From: Jeff McCashland (He/him) > > > > > Sent: Tuesday, December 5, 2023 11:50 AM > > > > > To: Andreas Schneider <a...@samba.org>; cifs-protocol > > > > > <cifs-protocol@lists.samba.org> Cc: Microsoft Support > > > > > <supportm...@microsoft.com> > > > > > Subject: RE: [EXTERNAL] [MS-LSAD] Need help with > > > > > LsarCreateTrustedDomainEx3 > > > > > - TrackingID#2312050040012372 > > > > > > > > > > [Michael to BCC] > > > > > > > > > > Hi Andreas, > > > > > > > > > > I will dig into your question and let you know what I find. > > > > > > > > > > Best regards, > > > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > > > > Protocol Open Specifications Team Phone: +1 (425) 703-8300 x38300 | > > > > > Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada) > > > > > Local country phone number found here: > > > > > http://suppo/ > > > > > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.co > > > > > m% > > > > > 7C54e1a37f1c1443631fff08dbf63f700f%7C72f988bf86f141af91ab2d7cd011db4 > > > > > 7% > > > > > 7C1%7C0%7C638374524565862806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjA > > > > > wM > > > > > DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sd > > > > > at > > > > > a=X2E1OH%2FlPSBqIUii84PAHkxyXw5B5GNlk22G5AzwWk4%3D&reserved=0 | > > > > > Extension > > > > > 1138300 > > > > > > > > > > -----Original Message----- > > > > > From: Michael Bowen <mike.bo...@microsoft.com> > > > > > Sent: Tuesday, December 5, 2023 11:25 AM > > > > > To: Andreas Schneider <a...@samba.org>; cifs-protocol > > > > > <cifs-protocol@lists.samba.org> Cc: Microsoft Support > > > > > <supportm...@microsoft.com> > > > > > Subject: RE: [EXTERNAL] [MS-LSAD] Need help with > > > > > LsarCreateTrustedDomainEx3 > > > > > - TrackingID#2312050040012372 > > > > > > > > > > [DocHelp to BCC] > > > > > Hi Andreas, > > > > > > > > > > Thank you for your question about MS-LSAD. Case number > > > > > 2312050040012372 has been created to track this issue, one of our > > > > > engineers will contact you soon. > > > > > > > > > > Best regards, > > > > > Mike Bowen > > > > > Escalation Engineer - Microsoft Open Specifications > > > > > > > > > > -----Original Message----- > > > > > From: Andreas Schneider <a...@samba.org> > > > > > Sent: Tuesday, December 5, 2023 5:34 AM > > > > > To: Interoperability Documentation Help <doch...@microsoft.com>; > > > > > cifs-protocol <cifs-protocol@lists.samba.org> Subject: [EXTERNAL] > > > > > [MS-LSAD] Need help with LsarCreateTrustedDomainEx3 > > > > > > > > > > Hi Dochelp Team! > > > > > > > > > > I'm currently trying to write an smbtorture test for > > > > > LsarCreateTrustedDomainEx3. My test doesn't work against Windows > > > > > Server 2022. > > > > > > > > > > lsa_CreateTrustedDomainEx3: struct lsa_CreateTrustedDomainEx3 > > > > > > > > > > out: struct lsa_CreateTrustedDomainEx3 > > > > > > > > > > trustdom_handle : * > > > > > > > > > > trustdom_handle: struct policy_handle > > > > > > > > > > handle_type : 0x00000000 (0) > > > > > > > > > > uuid : > > > > > 00000000-0000-0000-0000-000000000000 > > > > > > > > > > result : NT_STATUS_INVALID_PARAMETER > > > > > > > > > > The test is more or less the same as we have for > > > > > LsarCreateTrustedDomainEx2, but it fails for > > > > > LsarCreateTrustedDomainEx3 with NT_STATUS_INVALID_PARAMETER. Another > > > > > Samba Team member did check the code I wrote and could find anything > > > > > wrong. > > > > > > > > > > I've tried to turn on debug logging for the netlogon service on > > > > > windows, but it doesn't log anything useful. So I'm not able to > > > > > figure out what value the server thinks is invalid. > > > > > > > > > > Could someone of the Dochelp Team help me if I create a Time Trace > > > > > and figure out on which input value the server chokes? > > > > > > > > > > > > > > > Thanks for your help. > > > > > > > > > > > > > > > Best regards > > > > > > > > > > Andreas Schneider > > > > > > > > > > -- > > > > > Andreas Schneider a...@samba.org > > > > > Samba Team http://www.samba.org/ > > > > > GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D > > > > > > > > -- > > > > Andreas Schneider a...@samba.org > > > > Samba Team http://www.samba.org/ > > > > GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D > > > > > > -- > > > Andreas Schneider a...@samba.org > > > Samba Team http://www.samba.org/ > > > GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D -- Andreas Schneider a...@samba.org Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D _______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol