On Срд, 24 вер 2025, Kristian Smith wrote: > Absolutely, I'll get that clarified in [MS-NRPC]. Please let me know > if there is anything else I can help with.
That would be it. Thank you! > > Regards, > Kristian Smith > Support Escalation Engineer | Microsoft® Corporation > Email: [email protected] > > -----Original Message----- > From: Alexander Bokovoy <[email protected]> > Sent: Wednesday, September 24, 2025 12:49 AM > To: Kristian Smith <[email protected]> > Cc: [email protected]; Microsoft Support > <[email protected]> > Subject: Re: [EXTERNAL] Network Ticket Logon clarification - > TrackingID#2508140040006509 > > On Аўт, 23 вер 2025, Kristian Smith wrote: > > Hi Alexander, > > > > I have word back from the engineering team on your question. > > > > Since the netlogon and KDC binaries are hosted on the same machine for > > Windows Domain Controllers, the process described is done by the two > > binaries communicating with each other directly within LSASS. It is > > not via a network call to the KDC like TGS or ticket renewals. > > > > Apologies for the delayed response, but I hope this helps. Let me know > > if you have any follow up questions or concerns. > > Thank you. I'd like you to clarify the specification to include this detail. > > > > > Regards, > > Kristian Smith > > Support Escalation Engineer | MicrosoftR Corporation > > Email: [email protected] > > > > -----Original Message----- > > From: Alexander Bokovoy <[email protected]> > > Sent: Monday, September 15, 2025 12:14 AM > > To: Kristian Smith <[email protected]> > > Cc: [email protected]; Microsoft Support > > <[email protected]> > > Subject: Re: [EXTERNAL] Network Ticket Logon clarification - > > TrackingID#2508140040006509 > > > > Hi Kristian, > > > > On , 12 2025, Kristian Smith wrote: > > > Hi Alexander, > > > > > > Apologies for the delay in response. Jeff retired last week and I'll > > > be taking over this case on his behalf. > > > > Happy retirement to Jeff! > > > > > > > > I see that you're referencing the 5 steps outlined in [MS-NRPC] > > > 3.2.4.2 Network Ticket Logon. You're wondering about the > > > intermediary steps between the following: > > > > > > 2. Netlogon delivers the request (see section > > > 3.2.4.2.1<https://nam06.safelinks.protection.outlook.com/?url=https% > > > 3A > > > %2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2F > > > ms > > > -nrpc%2F1ff6ce53-dc55-4a9e-af21-cb8ea5de5948&data=05%7C02%7Ckristian > > > .s > > > mith%40microsoft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86 > > > f1 > > > 41af91ab2d7cd011db47%7C1%7C0%7C638935172742366850%7CUnknown%7CTWFpbG > > > Zs > > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFO > > > Ij > > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=tFD6f9LrKw9yuBuurJb4CJ > > > 5T > > > qRmt1pbedKD1E6UIffQ%3D&reserved=0>) > > > 3. The Key Distribution Center > > > (KDC)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2 > > > F% > > > 2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-n > > > rp > > > c%2Fb5e7d25a-40b2-41c8-9611-98f53358af66%23gt_6e5aafba-6b66-4fdd-872 > > > e- > > > 844f142af287&data=05%7C02%7Ckristian.smith%40microsoft.com%7C7e8a1df > > > ec > > > de340595cdc08ddf4278259%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7 > > > C6 > > > 38935172742382924%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIl > > > Yi > > > OiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > > > %7 > > > C%7C%7C&sdata=WRe31YWGuS61fgAoX%2FZ4Pj8CqYgoe7KKOjBum65Sczo%3D&reser > > > ve d=0> processes the request and sends a reply (see > > > [MS-KILE]<https://nam06.safelinks.protection.outlook.com/?url=https% > > > 3A > > > %2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2F > > > ms > > > -kile%2F2a32282e-dd48-4ad9-a542-609804b02cc9&data=05%7C02%7Ckristian > > > .s > > > mith%40microsoft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86 > > > f1 > > > 41af91ab2d7cd011db47%7C1%7C0%7C638935172742394410%7CUnknown%7CTWFpbG > > > Zs > > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFO > > > Ij > > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=0jnOCUR%2FkECLpQ10ju%2 > > > BY mx49GXxu43LisHnPTAGIOq8%3D&reserved=0> section > > > 3.3.5.8.1<https://nam06.safelinks.protection.outlook.com/?url=https% > > > 3A > > > %2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2F > > > ms > > > -kile%2F5445bcc9-1232-42d3-9f66-99f40463a92c&data=05%7C02%7Ckristian > > > .s > > > mith%40microsoft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86 > > > f1 > > > 41af91ab2d7cd011db47%7C1%7C0%7C638935172742405346%7CUnknown%7CTWFpbG > > > Zs > > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFO > > > Ij > > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=5IHVAj4LPgpnwAY%2BooAX > > > wI > > > bnxHnWttATxC1vrw5tGno%3D&reserved=0>) > > > > > > [MS-NRPC] 3.2.4.2.1 discusses what I interpret as 2 stages, dispatch > > > to the appropriate DC, and the domain calling the KDC. > > > > > > Is your question specifically about the call to the KDC after the > > > Netlogon request has reached the appropriate DC? > > > > Correct. There is no description of how Netlogon is supposed to request the > > check from KDC and how KDC should respond. I'd like to see that documented > > because there is no existing Kerberos protocol message exchange for this > > operation and none of the custom changes are documented anywhere. > > > > > > > > Regards, > > > Kristian Smith > > > Support Escalation Engineer | Microsoft(r) Corporation > > > Email: > > > [email protected]<mailto:[email protected]> > > > > > > From: Jeff McCashland (He/him) <[email protected]> > > > Sent: Monday, August 18, 2025 3:37 PM > > > To: Alexander Bokovoy (Samba) <[email protected]> > > > Cc: [email protected]; Microsoft Support > > > <[email protected]> > > > Subject: Re: [EXTERNAL] Network Ticket Logon clarification - > > > TrackingID#2508140040006509 > > > > > > [Kristian to BCC] > > > > > > Hi Alexander, > > > > > > I will research the logon interaction and see what I can find. > > > > > > > > > Best regards, > > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > > Corporation > > > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: > > > (UTC-08:00) Pacific Time (US and Canada) > > > > > > Local country phone number found here: > > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsup > > > po%2F&data=05%7C02%7Ckristian.smith%40microsoft.com%7Ce4d7e9b640344d > > > e1167008ddfb3ed33e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6389 > > > 42969471217537%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO > > > iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0% > > > 7C%7C%7C&sdata=5OKeBo98orkOb1ePULFIDUKJSMEEvwgzxkpeJNVmyt8%3D&reserv > > > ed=0 > > > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Ckristian.smith%40mic > > > ro > > > soft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86f141af91ab2d > > > 7c > > > d011db47%7C1%7C0%7C638935172742415347%7CUnknown%7CTWFpbGZsb3d8eyJFbX > > > B0 > > > eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIs > > > Il > > > dUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=4Gi%2BixHH7De49Hi%2F03sd4FUmUk7urj > > > DG > > > 6UaTZtOGTZ0%3D&reserved=0 | Extension 1138300 > > > > > > > > > > > > ________________________________ > > > From: Kristian Smith > > > <[email protected]<mailto:[email protected]>> > > > Sent: Thursday, August 14, 2025 8:39 AM > > > To: Alexander Bokovoy (Samba) <[email protected]<mailto:[email protected]>> > > > Cc: > > > [email protected]<mailto:[email protected]> > > > <[email protected]<mailto:[email protected]> > > > >; > > > Microsoft Support > > > <[email protected]<mailto:[email protected]>> > > > Subject: RE: [EXTERNAL] Network Ticket Logon clarification - > > > TrackingID#2508140040006509 > > > > > > [DocHelp to Bcc] > > > > > > Hi Alexander, > > > > > > Thanks for reaching out with your Kerberos/Netlogon question. I've > > > created case 2508140040006509 to track the issue. One of our engineers > > > will investigate this and contact you soon. > > > > > > Regards, > > > Kristian Smith > > > Support Escalation Engineer | Microsoft(r) Corporation > > > Email: > > > [email protected]<mailto:[email protected]> > > > > > > -----Original Message----- > > > From: Alexander Bokovoy <[email protected]<mailto:[email protected]>> > > > Sent: Thursday, August 14, 2025 5:41 AM > > > To: Interoperability Documentation Help > > > <[email protected]<mailto:[email protected]>> > > > Cc: > > > [email protected]<mailto:[email protected]> > > > Subject: [EXTERNAL] Network Ticket Logon clarification > > > > > > Hello Dochelp, > > > > > > I am reading through MS-KILE v45 update that was published this week > > > (v20250811) and trying to understand how would KDC receive the request > > > which processing is described in the section [MS-KILE] 3.3.5.8 Network > > > Ticket Logon. > > > > > > As referenced in [MS-KILE] 3.3.5.8, [MS-NRPC] 3.2.4.2 describes the > > > process on the Netlogon side, namely: > > > > > > -------------------------------------- > > > Broadly, there are five major steps in the network ticket logon process: > > > > > > - The Kerberos client prepares and makes a request (see [MS-APDS] > > > sections 3.2.5.1 and 3.2.5.2) > > > > > > - Netlogon delivers the request (see section 3.2.4.2.1) > > > > > > - The Key Distribution Center (KDC) processes the request and > > > sends a reply (see [MS-KILE] section 3.3.5.8.1) > > > > > > - Netlogon processes the reply and sends it to the client (see > > > section 3.2.4.2.2) > > > > > > - The Kerberos client receives the reply (see [MS-APDS] section > > > 3.2.5.4) > > > ------------------------------------- > > > > > > My question is related to the steps 'Netlogon delivers the request' > > > and 'KDC processes the requests and sends a reply'. Unfortunately, > > > neither [MS-NRPC] > > > 3.2.4.2.1 nor [MS-KILE] 3.3.5.8.1 clarify how exactly Netlogon and KDC > > > communicate the request between each other. > > > > > > Could you please clarify it? > > > > > > Is it a specially formatted TGS-REQ? Or is it some special form of a > > > back-channel between these components? > > > > > > -- > > > / Alexander Bokovoy > > > > > > -- > > / Alexander Bokovoy > > -- > / Alexander Bokovoy -- / Alexander Bokovoy _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
