Hi Metze, The lastest code changes in this area were released in the first servicing/security update for the mainstream version of Server 2025, so you'd need the first update. That said, I can't guarantee this update fixed the issue you were seeing without traces at the time of the error. This is my best guess with the network trace you provided and my own code research.
As far as client-side fixes, if you're referring to this code change, it does not look like the client was modified. If you have any further questions, please let me know. Regards, Kristian Smith Support Escalation Engineer | Microsoft® Corporation Email: [email protected] -----Original Message----- From: Stefan Metzmacher <[email protected]> Sent: Tuesday, January 7, 2025 9:29 AM To: Kristian Smith <[email protected]> Cc: [email protected]; Microsoft Support <[email protected]> Subject: Re: [EXTERNAL] ServerAuthenticateKerberos() not usable for - TrackingID#2412180040010640 Hi Kristian, > I've reached a point in my research on this ACCESS_DENIED issue that I need > some additional information. > I can see some changes in the code that could potentially be the > culprit, but I can't be sure until I have a server-side LSASS trace. > > Can you please provide me with a network trace (as you had done > before) along with an LSASS trace of the Server 2025 machine that is > sending the ACCESS_DENIED response after GetCapabilities? I've installed all updates and it's now fixed! Was the fix included in the first (non-preview) version of Server 2025 or only in the December update? Are there also client side fixes, so that windows uses AuthenticateKerberos also for trusts? Thanks! metze _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
