Absolutely, I'll get that clarified in [MS-NRPC]. Please let me know if there is anything else I can help with.
Regards, Kristian Smith Support Escalation Engineer | Microsoft® Corporation Email: [email protected] -----Original Message----- From: Alexander Bokovoy <[email protected]> Sent: Wednesday, September 24, 2025 12:49 AM To: Kristian Smith <[email protected]> Cc: [email protected]; Microsoft Support <[email protected]> Subject: Re: [EXTERNAL] Network Ticket Logon clarification - TrackingID#2508140040006509 On Аўт, 23 вер 2025, Kristian Smith wrote: > Hi Alexander, > > I have word back from the engineering team on your question. > > Since the netlogon and KDC binaries are hosted on the same machine for > Windows Domain Controllers, the process described is done by the two > binaries communicating with each other directly within LSASS. It is > not via a network call to the KDC like TGS or ticket renewals. > > Apologies for the delayed response, but I hope this helps. Let me know > if you have any follow up questions or concerns. Thank you. I'd like you to clarify the specification to include this detail. > > Regards, > Kristian Smith > Support Escalation Engineer | MicrosoftR Corporation > Email: [email protected] > > -----Original Message----- > From: Alexander Bokovoy <[email protected]> > Sent: Monday, September 15, 2025 12:14 AM > To: Kristian Smith <[email protected]> > Cc: [email protected]; Microsoft Support > <[email protected]> > Subject: Re: [EXTERNAL] Network Ticket Logon clarification - > TrackingID#2508140040006509 > > Hi Kristian, > > On , 12 2025, Kristian Smith wrote: > > Hi Alexander, > > > > Apologies for the delay in response. Jeff retired last week and I'll > > be taking over this case on his behalf. > > Happy retirement to Jeff! > > > > > I see that you're referencing the 5 steps outlined in [MS-NRPC] > > 3.2.4.2 Network Ticket Logon. You're wondering about the > > intermediary steps between the following: > > > > 2. Netlogon delivers the request (see section > > 3.2.4.2.1<https://nam06.safelinks.protection.outlook.com/?url=https% > > 3A > > %2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2F > > ms > > -nrpc%2F1ff6ce53-dc55-4a9e-af21-cb8ea5de5948&data=05%7C02%7Ckristian > > .s > > mith%40microsoft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86 > > f1 > > 41af91ab2d7cd011db47%7C1%7C0%7C638935172742366850%7CUnknown%7CTWFpbG > > Zs > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFO > > Ij > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=tFD6f9LrKw9yuBuurJb4CJ > > 5T > > qRmt1pbedKD1E6UIffQ%3D&reserved=0>) > > 3. The Key Distribution Center > > (KDC)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2 > > F% > > 2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-n > > rp > > c%2Fb5e7d25a-40b2-41c8-9611-98f53358af66%23gt_6e5aafba-6b66-4fdd-872 > > e- > > 844f142af287&data=05%7C02%7Ckristian.smith%40microsoft.com%7C7e8a1df > > ec > > de340595cdc08ddf4278259%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7 > > C6 > > 38935172742382924%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIl > > Yi > > OiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0 > > %7 > > C%7C%7C&sdata=WRe31YWGuS61fgAoX%2FZ4Pj8CqYgoe7KKOjBum65Sczo%3D&reser > > ve d=0> processes the request and sends a reply (see > > [MS-KILE]<https://nam06.safelinks.protection.outlook.com/?url=https% > > 3A > > %2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2F > > ms > > -kile%2F2a32282e-dd48-4ad9-a542-609804b02cc9&data=05%7C02%7Ckristian > > .s > > mith%40microsoft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86 > > f1 > > 41af91ab2d7cd011db47%7C1%7C0%7C638935172742394410%7CUnknown%7CTWFpbG > > Zs > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFO > > Ij > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=0jnOCUR%2FkECLpQ10ju%2 > > BY mx49GXxu43LisHnPTAGIOq8%3D&reserved=0> section > > 3.3.5.8.1<https://nam06.safelinks.protection.outlook.com/?url=https% > > 3A > > %2F%2Flearn.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2F > > ms > > -kile%2F5445bcc9-1232-42d3-9f66-99f40463a92c&data=05%7C02%7Ckristian > > .s > > mith%40microsoft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86 > > f1 > > 41af91ab2d7cd011db47%7C1%7C0%7C638935172742405346%7CUnknown%7CTWFpbG > > Zs > > b3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFO > > Ij > > oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=5IHVAj4LPgpnwAY%2BooAX > > wI > > bnxHnWttATxC1vrw5tGno%3D&reserved=0>) > > > > [MS-NRPC] 3.2.4.2.1 discusses what I interpret as 2 stages, dispatch > > to the appropriate DC, and the domain calling the KDC. > > > > Is your question specifically about the call to the KDC after the > > Netlogon request has reached the appropriate DC? > > Correct. There is no description of how Netlogon is supposed to request the > check from KDC and how KDC should respond. I'd like to see that documented > because there is no existing Kerberos protocol message exchange for this > operation and none of the custom changes are documented anywhere. > > > > > Regards, > > Kristian Smith > > Support Escalation Engineer | Microsoft(r) Corporation > > Email: > > [email protected]<mailto:[email protected]> > > > > From: Jeff McCashland (He/him) <[email protected]> > > Sent: Monday, August 18, 2025 3:37 PM > > To: Alexander Bokovoy (Samba) <[email protected]> > > Cc: [email protected]; Microsoft Support > > <[email protected]> > > Subject: Re: [EXTERNAL] Network Ticket Logon clarification - > > TrackingID#2508140040006509 > > > > [Kristian to BCC] > > > > Hi Alexander, > > > > I will research the logon interaction and see what I can find. > > > > > > Best regards, > > Jeff McCashland (He/him) | Senior Escalation Engineer | Microsoft > > Corporation > > > > Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: > > (UTC-08:00) Pacific Time (US and Canada) > > > > Local country phone number found here: > > https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsup > > po%2F&data=05%7C02%7Ckristian.smith%40microsoft.com%7Ce4d7e9b640344d > > e1167008ddfb3ed33e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6389 > > 42969471217537%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiO > > iIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0% > > 7C%7C%7C&sdata=5OKeBo98orkOb1ePULFIDUKJSMEEvwgzxkpeJNVmyt8%3D&reserv > > ed=0 > > rt.microsoft.com%2Fglobalenglish&data=05%7C02%7Ckristian.smith%40mic > > ro > > soft.com%7C7e8a1dfecde340595cdc08ddf4278259%7C72f988bf86f141af91ab2d > > 7c > > d011db47%7C1%7C0%7C638935172742415347%7CUnknown%7CTWFpbGZsb3d8eyJFbX > > B0 > > eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIs > > Il > > dUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=4Gi%2BixHH7De49Hi%2F03sd4FUmUk7urj > > DG > > 6UaTZtOGTZ0%3D&reserved=0 | Extension 1138300 > > > > > > > > ________________________________ > > From: Kristian Smith > > <[email protected]<mailto:[email protected]>> > > Sent: Thursday, August 14, 2025 8:39 AM > > To: Alexander Bokovoy (Samba) <[email protected]<mailto:[email protected]>> > > Cc: > > [email protected]<mailto:[email protected]> > > <[email protected]<mailto:[email protected]> > > >; > > Microsoft Support > > <[email protected]<mailto:[email protected]>> > > Subject: RE: [EXTERNAL] Network Ticket Logon clarification - > > TrackingID#2508140040006509 > > > > [DocHelp to Bcc] > > > > Hi Alexander, > > > > Thanks for reaching out with your Kerberos/Netlogon question. I've created > > case 2508140040006509 to track the issue. One of our engineers will > > investigate this and contact you soon. > > > > Regards, > > Kristian Smith > > Support Escalation Engineer | Microsoft(r) Corporation > > Email: > > [email protected]<mailto:[email protected]> > > > > -----Original Message----- > > From: Alexander Bokovoy <[email protected]<mailto:[email protected]>> > > Sent: Thursday, August 14, 2025 5:41 AM > > To: Interoperability Documentation Help > > <[email protected]<mailto:[email protected]>> > > Cc: > > [email protected]<mailto:[email protected]> > > Subject: [EXTERNAL] Network Ticket Logon clarification > > > > Hello Dochelp, > > > > I am reading through MS-KILE v45 update that was published this week > > (v20250811) and trying to understand how would KDC receive the request > > which processing is described in the section [MS-KILE] 3.3.5.8 Network > > Ticket Logon. > > > > As referenced in [MS-KILE] 3.3.5.8, [MS-NRPC] 3.2.4.2 describes the process > > on the Netlogon side, namely: > > > > -------------------------------------- > > Broadly, there are five major steps in the network ticket logon process: > > > > - The Kerberos client prepares and makes a request (see [MS-APDS] > > sections 3.2.5.1 and 3.2.5.2) > > > > - Netlogon delivers the request (see section 3.2.4.2.1) > > > > - The Key Distribution Center (KDC) processes the request and > > sends a reply (see [MS-KILE] section 3.3.5.8.1) > > > > - Netlogon processes the reply and sends it to the client (see > > section 3.2.4.2.2) > > > > - The Kerberos client receives the reply (see [MS-APDS] section > > 3.2.5.4) > > ------------------------------------- > > > > My question is related to the steps 'Netlogon delivers the request' > > and 'KDC processes the requests and sends a reply'. Unfortunately, > > neither [MS-NRPC] > > 3.2.4.2.1 nor [MS-KILE] 3.3.5.8.1 clarify how exactly Netlogon and KDC > > communicate the request between each other. > > > > Could you please clarify it? > > > > Is it a specially formatted TGS-REQ? Or is it some special form of a > > back-channel between these components? > > > > -- > > / Alexander Bokovoy > > > -- > / Alexander Bokovoy -- / Alexander Bokovoy _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
