Hi Jeff,
On Пан, 13 сту 2025, Jeff McCashland (He/him) wrote:
> Hi Julien and Alexander,
>
> What I found in the trace is that the server is finding a paChecksum, but no
> paChecksum2, which is required when using anything other than SHA-1:
>
> [MS-PKCA] 2.2.3 PA-PK-AS-REQ
> The PA-PK-AS-REQ message format is specified in [RFC4556] section
> 3.2.1.<10> PKAuthenticator in [RFC4556] is extended to add the
> following PAChecksum2<11>. If a checksum algorithm other than SHA-1 is
> used, this message MUST be present. If this field is present, it will
> always be validated even if it is SHA-1.
> PAChecksum2 ::= SEQUENCE {
> checksum [0] OCTET STRING,
> algorithmIdentifier [1] KERB-ALGORITHM-IDENTIFIER
> }
> <11> Section 2.2.3: The extension of PKAuthenticator in PA-PK-AS-REQ
> is only applicable to Windows Server 2022, 23H2 operating system.
> Windows Server 2022, 23H2 DCs will send back
> TD-CMS-DIGEST-ALGORITHMS-DATA as described in [RFC8636] section 4. CMS
> Digest Algorithm Agility.
>
> I believe the solution is to add a paChecksum2 to the PA-PK-AS-REQ. Let me
> know if you have any questions.
Thank you for pointing this out.
There is one problem, though. RFC 8070 extends PKAuthenticator as well,
by adding freshnessToken right after paChecksum:
https://datatracker.ietf.org/doc/html/rfc8070#section-4
PKAuthenticator ::= SEQUENCE {
cusec [0] INTEGER (0..999999),
ctime [1] KerberosTime,
-- cusec and ctime are used as in [RFC4120], for
-- replay prevention.
nonce [2] INTEGER (0..4294967295),
-- Chosen randomly; this nonce does not need to
-- match with the nonce in the KDC-REQ-BODY.
paChecksum [3] OCTET STRING OPTIONAL,
-- MUST be present.
-- Contains the SHA1 checksum, performed over
-- KDC-REQ-BODY.
...,
freshnessToken [4] OCTET STRING OPTIONAL,
-- PA_AS_FRESHNESS padata value as received from the
-- KDC. MUST be present if sent by KDC
...
}
Can you please expand on whether paChecksum2 is added after or before
the freshnessToken? e.g. does paChecksum2 has index [5] or [4]?
If it is indeed paChecksum2 [5], then a reference to RFC 8070 is missing
in the MS-PKCA 2.2.3.
I think MS-PKCA would need an update about this detail as MS-PKCA 3.1.5
explicitly states:
PKCA SHOULD<14> support the PKINIT Freshness Extension [RFC8070].
so MS-PKCA 2.2.3 would need to refer to RFC8070, not just to RFC4556.
>
>
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
>
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)
> Pacific Time (US and Canada)
>
> Local country phone number found here:
> http://support.microsoft.com/globalenglish | Extension 1138300
>
>
>
> ________________________________
> From: Jeff McCashland (He/him) <[email protected]>
> Sent: Tuesday, January 7, 2025 1:16 PM
> To: Julien Rische <[email protected]>
> Cc: Alexander Bokovoy <[email protected]>; [email protected]
> <[email protected]>; Microsoft Support <[email protected]>
> Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression
> - TrackingID#2412190040009154
>
> Thank you for the rapid response and for uploading the additional traces. I
> will dig into these and let you know what I find.
>
>
> Best regards,
> Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft Corporation
>
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)
> Pacific Time (US and Canada)
>
> Local country phone number found here:
> http://support.microsoft.com/globalenglish | Extension 1138300
>
>
>
> ________________________________
> From: Julien Rische <[email protected]>
> Sent: Tuesday, January 7, 2025 11:33 AM
> To: Jeff McCashland (He/him) <[email protected]>
> Cc: Alexander Bokovoy <[email protected]>; [email protected]
> <[email protected]>; Microsoft Support <[email protected]>
> Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT regression
> - TrackingID#2412190040009154
>
> Hello Jeff,
>
> I uploaded 5 additional files, including the LSASS traces obtained
> following the procedure described in your previous message:
>
> [02_lsass_pkinit_ffdh_modp14.zip] Compressed LSASS trace of a failing
> pre-authentication process for FFDH with MODP group 14 (2046-bit) and
> RSA/SHA-256 signature.
> [02_pkinit_ffdh_modp14.pcap] Network trace of a failing
> pre-authentication process for FFDH with MODP group 14 (2046-bit) and
> RSA/SHA-256 signature.
> [02_lsass_pkinit_ecdh_p256.zip] Compressed LSASS trace of a successful
> pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> signature.
> [02_pkinit_ecdh_p256.pcap] Network trace of a successful
> pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> signature.
> [02_ad2025.keytab] All Kerberos keys in the AD domain.
>
> --
> Julien Rische
>
> On Mon, Jan 6, 2025 at 9:03 PM Jeff McCashland (He/him)
> <[email protected]> wrote:
> >
> > Hi Julien,
> >
> > Thank you for uploading the net traces and information. Please follow the
> > instructions below to collect an LSASS trace of the scenario where you get
> > the KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED error ('unknown' error code 79
> > from Alexander's original description).
> >
> > The LSASS traces can be quite large, but are highly compressible, so please
> > add them to a .zip archive before uploading (file transfer workspace link
> > is below). Please log into the workspace and find
> > PartnerTTDRecorder_x86_x64.zip available for download. The x64 tool can be
> > staged onto the Windows server in any location (instructions below assume
> > C:\TTD).
> >
> > To collect the needed traces:
> > 1. From a PowerShell prompt, execute:
> > C:\TTD\tttracer.exe -Attach ([int](Get-Process -NAME lsass | Format-Wide
> > -Property ID).formatEntryInfo.formatPropertyField.propertyValue)
> > 2. Wait for a little window to pop up in top left corner of your screen,
> > titled “lsass01.run”
> > 3. start a network trace using netsh or WireShark, etc.
> > 4. Repro the attempted operation
> > 5. Stop the network trace and save it
> > 6. CAREFULLY: uncheck the checkbox next to “Tracing” in the small
> > “lsass01.run” window. Do not close or exit the small window or you will
> > need to reboot.
> > 7. The TTTracer.exe process will generate a trace file, then print out the
> > name and location of the file.
> > Compress the *.run file into a .zip archive before uploading with the
> > matching network trace. It is a good idea to reboot the machine at the next
> > opportunity to restart the lsass process.
> >
> > Best regards,
> > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> > Corporation
> >
> > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)
> > Pacific Time (US and Canada)
> >
> > Local country phone number found here:
> > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C89afb98a2d06421825bb08dd2f52244d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638718752061676936%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=3yToOz4zq1PwjTNpHzi3RozMKffY%2BOEFtBin%2FTbhTZs%3D&reserved=0<http://support.microsoft.com/globalenglish>
> > | Extension 1138300
> >
> >
> >
> > ________________________________
> > From: Julien Rische <[email protected]>
> > Sent: Monday, January 6, 2025 2:27 AM
> > To: Jeff McCashland (He/him) <[email protected]>
> > Cc: Alexander Bokovoy <[email protected]>; [email protected]
> > <[email protected]>; Microsoft Support
> > <[email protected]>
> > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT
> > regression - TrackingID#2412190040009154
> >
> > Hello Jeff,
> >
> > I uploaded the network traces to the file transfer link you provided:
> >
> > [00_ad2025.pcap] Network trace of a failing pre-authentication process
> > with RSA/SHA-256 and RSA/SHA-512 as supportedCMSTypes.
> > [00_ad2025_sha1.pcap] Network trace of a failing pre-authentication
> > process with RSA/SHA-256, RSA/SHA-512, and RSA/SHA-1 as
> > supportedCMSTypes.
> > [00_ad2025.keytab] All Kerberos keys in the AD domain.
> >
> > [01_gp_pkinit_digest.png] Screenshot of the "Computer
> > Configuration\Policies\Administrative Templates\System\KDC\Configure
> > hash algorithms for certificate logon" global policy settings.
> > [01_pkinit_ffdh_modp14.pcap] Network trace of a failing
> > pre-authentication process for FFDH with MODP group 14 (2046-bit) and
> > RSA/SHA-256 signature.
> > [01_pkinit_ecdh_p256.pcap] Network trace for a successful
> > pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> > signature.
> > [01_ad2025.keytab] All Kerberos keys in the AD domain.
> >
> > My Microsoft account uses the present email address: [email protected]
> >
> > --
> > Julien Rische
> >
> > On Fri, Jan 3, 2025 at 9:12 PM Jeff McCashland (He/him)
> > <[email protected]> wrote:
> > >
> > > Hello Julien and Alexander,
> > >
> > > Actually, what we need to troubleshoot this issue is to collect a TTD
> > > trace of the LSASS process. In order to download the tool needed to
> > > collect the trace, you will need a Microsoft account. These can be
> > > created free at live.com.
> > >
> > > Please send me the Microsoft account email address you will use to
> > > download the tools, and I will send the link.
> > >
> > > Best regards,
> > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> > > Corporation
> > >
> > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)
> > > Pacific Time (US and Canada)
> > >
> > > Local country phone number found here:
> > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C89afb98a2d06421825bb08dd2f52244d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638718752061695040%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=gDBMO9YH8STzmysn6hDWn3T4ZuQ7k5ishRhknO%2B%2BATo%3D&reserved=0<http://support.microsoft.com/globalenglish>
> > > | Extension 1138300
> > >
> > >
> > >
> > >
> > > ________________________________
> > > From: Jeff McCashland (He/him) <[email protected]>
> > > Sent: Friday, December 27, 2024 11:30 AM
> > > To: Julien Rische <[email protected]>; Alexander Bokovoy <[email protected]>
> > > Cc: [email protected] <[email protected]>;
> > > Microsoft Support <[email protected]>
> > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT
> > > regression - TrackingID#2412190040009154
> > >
> > > Hi Julien and Alexander,
> > >
> > > Alexander mentioned ad2025.pcap and ad2025_sha1.pcap, and Julien
> > > mentioned 2 additional unnamed captures.
> > >
> > > Please upload any relevant traces to the link below, as we are not
> > > allowed to accept files by email. Also, it would help if you could
> > > specify which traces and frames relate to which aspects of your question,
> > > that would save time.
> > >
> > > Also, it's not clear to me (yet), if the additional information from
> > > Julien modifies or answers any part of Alexander's original question.
> > >
> > > Secure file link:
> > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Ffiles%3Fworkspace%3DeyJhbGciOiJSUzI1NiIsImtpZCI6IjgxMTA4NjE5MTQzMTQ1NTc0QUYxMjI3NjhGMEIzNDkyRkYyNTczNEYiLCJ0eXAiOiJKV1QifQ.eyJ3c2lkIjoiNjgzMzc2YjUtNjczZC00ZGVkLTlmYzUtYjRiOTUzMmJmNzE4Iiwic3IiOiIyNDEyMTkwMDQwMDA5MTU0Iiwic3YiOiJ2MSIsInJzIjoiRXh0ZXJuYWwiLCJ3dGlkIjoiYjA0NWU2MDgtMWY3MC00OTE3LTk4MTAtZjA0OGJlNGVlODI2IiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJuYmYiOjE3MzUzMjc3NzAsImV4cCI6MTc0MzEwMzc3MCwiaWF0IjoxNzM1MzI3NzcwLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMifQ.d23KDsdUj68vCL0fEY2hpp2wjG65vYVtGh2E9Bu1mqT8YM-Q6bkewOhrHJbML0Fcr_ijDp89UMkAb0h70iCJCQojecjI8NPzgrkCm11GzScvTRcvJqyChhZ-9T731ZGSRV8wnxrrETLsuTjCo88_gAqRF3oBQdUuriBtI5z_xh-qUqrqcl-9q2nqxqhMzd3rA7Chkk5EMSRv5U1hnWhH5etJ-kUj8-HJB4eihMGPQ7NVPjCrVy04opSBf-XgkHjSsx_j_-q7EsbOR7ic3aWdEwZS5eppFpc4C4JMNpCauM4is23XWNoYwDZ9vP9CnyKPZfSMlF-5fC4k_4Q3KzcsNw%26wid%3D683376b5-673d-4ded-9fc5-b4b9532bf718&data=05%7C02%7Cjeffm%40microsoft.com%7C89afb98a2d06421825bb08dd2f52244d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638718752061708771%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=qHeCKa6m5HVN2yk0RZB1tFjDwv1nCblAxP6jbXwLe9s%3D&reserved=0<https://support.microsoft.com/files?workspace=eyJhbGciOiJSUzI1NiIsImtpZCI6IjgxMTA4NjE5MTQzMTQ1NTc0QUYxMjI3NjhGMEIzNDkyRkYyNTczNEYiLCJ0eXAiOiJKV1QifQ.eyJ3c2lkIjoiNjgzMzc2YjUtNjczZC00ZGVkLTlmYzUtYjRiOTUzMmJmNzE4Iiwic3IiOiIyNDEyMTkwMDQwMDA5MTU0Iiwic3YiOiJ2MSIsInJzIjoiRXh0ZXJuYWwiLCJ3dGlkIjoiYjA0NWU2MDgtMWY3MC00OTE3LTk4MTAtZjA0OGJlNGVlODI2IiwiYXBwaWQiOiI0ZTc2ODkxZC04NDUwLTRlNWUtYmUzOC1lYTNiZDZlZjIxZTUiLCJuYmYiOjE3MzUzMjc3NzAsImV4cCI6MTc0MzEwMzc3MCwiaWF0IjoxNzM1MzI3NzcwLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMifQ.d23KDsdUj68vCL0fEY2hpp2wjG65vYVtGh2E9Bu1mqT8YM-Q6bkewOhrHJbML0Fcr_ijDp89UMkAb0h70iCJCQojecjI8NPzgrkCm11GzScvTRcvJqyChhZ-9T731ZGSRV8wnxrrETLsuTjCo88_gAqRF3oBQdUuriBtI5z_xh-qUqrqcl-9q2nqxqhMzd3rA7Chkk5EMSRv5U1hnWhH5etJ-kUj8-HJB4eihMGPQ7NVPjCrVy04opSBf-XgkHjSsx_j_-q7EsbOR7ic3aWdEwZS5eppFpc4C4JMNpCauM4is23XWNoYwDZ9vP9CnyKPZfSMlF-5fC4k_4Q3KzcsNw&wid=683376b5-673d-4ded-9fc5-b4b9532bf718>
> > >
> > > Best regards,
> > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> > > Corporation
> > >
> > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)
> > > Pacific Time (US and Canada)
> > >
> > > Local country phone number found here:
> > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C89afb98a2d06421825bb08dd2f52244d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638718752061721148%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ODz9U2sFllMMWk%2BaeZYHVJDUakLo90HPpisOWIT2ob0%3D&reserved=0<http://support.microsoft.com/globalenglish>
> > > | Extension 1138300
> > >
> > >
> > >
> > > ________________________________
> > > From: Jeff McCashland (He/him) <[email protected]>
> > > Sent: Monday, December 23, 2024 8:29 PM
> > > To: Julien Rische <[email protected]>
> > > Cc: [email protected] <[email protected]>;
> > > Alexander Bokovoy <[email protected]>; Microsoft Support
> > > <[email protected]>
> > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT
> > > regression - TrackingID#2412190040009154
> > >
> > > [Kristian to BCC]
> > >
> > > Hi Julien,
> > >
> > > I will investigate your question, and get back to you. I am out the next
> > > 2 days for holiday, back on Thursday.
> > >
> > >
> > > Best regards,
> > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft
> > > Corporation
> > >
> > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)
> > > Pacific Time (US and Canada)
> > >
> > > Local country phone number found here:
> > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsupport.microsoft.com%2Fglobalenglish&data=05%7C02%7Cjeffm%40microsoft.com%7C89afb98a2d06421825bb08dd2f52244d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638718752061732502%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YP1fSoTwjLdcN5E1ljUmfIAwUV0cKrK0vAdgpAp8ocQ%3D&reserved=0<http://support.microsoft.com/globalenglish>
> > > | Extension 1138300
> > >
> > >
> > >
> > > ________________________________
> > > From: Kristian Smith <[email protected]>
> > > Sent: Monday, December 23, 2024 1:31 PM
> > > To: Julien Rische <[email protected]>; Jeff McCashland (He/him)
> > > <[email protected]>
> > > Cc: [email protected] <[email protected]>;
> > > Alexander Bokovoy <[email protected]>; Microsoft Support
> > > <[email protected]>
> > > Subject: RE: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT
> > > regression - TrackingID#2412190040009154
> > >
> > > [Mike to Bcc, adding Jeff]]
> > > Hi Julien,
> > >
> > > Thanks for the information. Also, after some workload adjustments, @Jeff
> > > McCashland will be working on your case moving forward.
> > >
> > > Apologies for the confusion.
> > >
> > > Regards,
> > > Kristian Smith
> > > Support Escalation Engineer | Microsoft® Corporation
> > > Email: [email protected]
> > >
> > > -----Original Message-----
> > > From: Michael Bowen <[email protected]>
> > > Sent: Monday, December 23, 2024 10:05 AM
> > > To: Julien Rische <[email protected]>; Kristian Smith
> > > <[email protected]>
> > > Cc: Alexander Bokovoy <[email protected]>; [email protected];
> > > Microsoft Support <[email protected]>
> > > Subject: RE: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT
> > > regression - TrackingID#2412190040009154
> > >
> > > Hi Julien,
> > >
> > > Thanks for the update. @Kristian Smith is handling your case, so I'm
> > > forwarding this to him to help him with your issue. Happy Holidays!
> > >
> > > - Michael
> > >
> > > -----Original Message-----
> > > From: Julien Rische <[email protected]>
> > > Sent: Monday, December 23, 2024 5:32 AM
> > > To: Michael Bowen <[email protected]>
> > > Cc: Alexander Bokovoy <[email protected]>; [email protected];
> > > Microsoft Support <[email protected]>
> > > Subject: Re: [cifs-protocol] [EXTERNAL] Windows Server 2025 PKINIT
> > > regression - TrackingID#2412190040009154
> > >
> > > [You don't often get email from [email protected]. Learn why this is
> > > important at https://aka.ms/LearnAboutSenderIdentification ]
> > >
> > > Hello Michael,
> > >
> > > It has come to our attention that Windows Server 2025 now has support for
> > > allowing and disallowing digest algorithms in PKINIT. We made some tests
> > > by modifying the "Computer Configuration\Policies\Administrative
> > > Templates\System\KDC\Configure hash algorithms for certificate logon".
> > >
> > > This configuration seems to take effect, because disallowing SHA-256
> > > causes elliptic curve Diffie-Hellman to fail. However, allowing all SHA
> > > versions does not fix the problem when using finite field Diffie-Hellman.
> > >
> > > In attachment, you will find 2 network traces showing a successful
> > > pre-authentication process for ECDH with curve P-256 and RSA/SHA-256
> > > signature, and a failing one for FFDH with MODP group 14 (2046-bit) and
> > > RSA/SHA-256 signature. In both cases all SHA versions are allowed in the
> > > above group policy.
> > >
> > > --
> > > Julien Rische
> > >
> > >
> > > On Thu, Dec 19, 2024 at 5:33 PM Michael Bowen via cifs-protocol
> > > <[email protected]> wrote:
> > > >
> > > > [DocHelp to bcc]
> > > >
> > > > Hi Alexander,
> > > >
> > > > Thanks for your question about Windows Server 2025 and Kerberos. I've
> > > > created case number 2412190040009154 to track this issue, please leave
> > > > the number in the subject line when communicating with our team. One of
> > > > our engineers will contact you soon.
> > > >
> > > > Best regards,
> > > > Michael Bowen
> > > > Sr. Escalation Engineer - Microsoft® Corporation
> > > >
> > > > -----Original Message-----
> > > > From: Alexander Bokovoy <[email protected]>
> > > > Sent: Thursday, December 19, 2024 4:26 AM
> > > > To: Interoperability Documentation Help <[email protected]>
> > > > Cc: [email protected]
> > > > Subject: [EXTERNAL] Windows Server 2025 PKINIT regression
> > > >
> > > > [Some people who received this message don't often get email from
> > > > [email protected]. Learn why this is important at
> > > > https://aka.ms/LearnAboutSenderIdentification ]
> > > >
> > > > Hi Dochelp,
> > > >
> > > > I believe we are seeing a regression in how Windows Server 2025 handles
> > > > Kerberos PKINIT, probably due to algorithm agility rewrite.
> > > >
> > > > Sometime ago we have updated MIT Kerberos implementation of PKINIT to
> > > > use sha256WithRSAEncryption in supported CMS types and removed
> > > > sha1WithRSAEncryption to be able compliant with FIPS 140-3.
> > > >
> > > > The commit
> > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C89afb98a2d06421825bb08dd2f52244d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638718752061743910%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ayS9G2G4xMVHwRT%2FJO%2Bnf0OP0i3glSW%2FfWT1IA5E3qI%3D&reserved=0<https://gith/>
> > > > %2F&data=05%7C02%7CKristian.Smith%40microsoft.com%7Ccc530a51018e45fbf1
> > > > b108dd237c4865%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6387057388
> > > > 76787487%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuM
> > > > DAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&s
> > > > data=vvBUg7U6QcAQSKEUYyCOQ1A78VoSp5eDylGA9lRz0zI%3D&reserved=0
> > > > ub.com%2Fkrb5%2Fkrb5%2Fcommit%2Fcbfe46ce20f3e9265baa9c648390148c739ab8
> > > > 30&data=05%7C02%7Cmike.bowen%40microsoft.com%7C6c48431e145e4de8500c08d
> > > > d23562d38%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638705575372721
> > > > 071%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMC
> > > > IsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=
> > > > BKt0Ke6K6mn1ONoQTBrHhhybs8HASTsXpFQC4qPKjKo%3D&reserved=0
> > > > is part of MIT Kerberos 1.20 or later releases.
> > > >
> > > > This change worked well for Windows Server versions prior to Windows
> > > > Server 2025 release. With Windows Server 2025, the request is rejected
> > > > (packet 8 from ad2025.pcap in attached archive):
> > > >
> > > > Kerberos
> > > > Record Mark: 106 bytes
> > > > 0... .... .... .... .... .... .... .... = Reserved: Not set
> > > > .000 0000 0000 0000 0000 0000 0110 1010 = Record Length: 106
> > > > krb-error
> > > > pvno: 5
> > > > msg-type: krb-error (30)
> > > > stime: Dec 18, 2024 15:22:36.000000000 CET
> > > > susec: 926640
> > > > error-code: Unknown (79)
> > > > realm: WIN2025-UO83.TEST
> > > > sname
> > > > name-type: kRB5-NT-SRV-INST (2)
> > > > sname-string: 2 items
> > > > SNameString: krbtgt
> > > > SNameString: WIN2025-UO83.TEST
> > > >
> > > >
> > > > We built a custom version of MIT Kerberos which adds both
> > > > sha256WithRSAEncryption and sha1WithRSAEncryption to the list of
> > > > supported CMS types and still signed with sha256WithRSAEncryption, it
> > > > failed again. The corresponding packet exchange can be seen in
> > > > ad2025_sha1.pcap in the attached archive.
> > > >
> > > > Both variants work against Windows Server 2019, so to us this looks
> > > > like a regression in Windows Server 2025 implementation.
> > > >
> > > > If this is not a regression and instead it is an intentional change,
> > > > could you please make sure MS-PKCA and other corresponding documents
> > > > get updated with a proper logic of the changes.
> > > >
> > > > --
> > > > / Alexander Bokovoy
> > > >
> > > > _______________________________________________
> > > > cifs-protocol mailing list
> > > > [email protected]
> > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist%2F&data=05%7C02%7Cjeffm%40microsoft.com%7C89afb98a2d06421825bb08dd2f52244d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638718752061755125%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YS68mZJ73gtWtkBbBxNEOMEg4AEUxFAs9O02%2FAah47A%3D&reserved=0<https://list/>
> > > > %2F&data=05%7C02%7CKristian.Smith%40microsoft.com%7Ccc530a51018e45fbf1
> > > > b108dd237c4865%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6387057388
> > > > 76806372%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuM
> > > > DAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&s
> > > > data=0Qe6AszCxK%2BkbB47AYraNMeMmtEj88GZtfXvR5jNs1I%3D&reserved=0
> > > > s.samba.org%2Fmailman%2Flistinfo%2Fcifs-protocol&data=05%7C02%7Cmike.b
> > > > owen%40microsoft.com%7C6c48431e145e4de8500c08dd23562d38%7C72f988bf86f1
> > > > 41af91ab2d7cd011db47%7C1%7C0%7C638705575372737510%7CUnknown%7CTWFpbGZs
> > > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIj
> > > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=JoGoaTxJzMm7ljVciNww4Tdd
> > > > UpV9bcqS3whR%2F8JTLVA%3D&reserved=0
> > > >
> >
>
--
/ Alexander Bokovoy
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
