Hi Obaid, I have not been able to reproduce this problem against a Windows DC. I've uploaded the requested t.cmd traces to the secure file exchange.
Regards, Kacper On Tue, 9 Dec 2025 at 21:13, Obaid Farooqi <[email protected]> wrote: > Hi Kacper: > > You’ll have to rename t.txt to t.cmd. Your email provider does not allow > .cmd files. > > > > Regards, > > Obaid Farooqi > > Sr. Escalation Engineer | Microsoft > > > > *From:* Obaid Farooqi > *Sent:* Tuesday, December 9, 2025 2:10 PM > *To:* 'Kacper' <[email protected]> > *Cc:* Microsoft Support <[email protected]>; 'cifs-protocol' < > [email protected]> > *Subject:* RE: [EXTERNAL] Re: Windows 11 does not appear to apply group > policies on logon when Hardened UNC paths are configured - > TrackingID#2512040040010550 > > > > > > Hi Kacper: > > I want to reproduce this for Windows to Windows. Please let me know the > exact steps and set up. > > > > Alternatively, you can collect ETW traces for me on the Windows 11 client. > The script I have attached to this email does not survive reboot. So, if > you can reproduce the scenario without rebooting, here are the steps. > > > > 1. Unzip and copy the file t.cmd on your windows 11 client. > 2. Login as administrator and in a cmd (elevated), execute the > following command: > >t.cmd clion > 3. Reproduce the scenario, which I guess will require you to log off > and login again (preferably as a different user) > 4. Once you see the error in Event Viewer, repro is complete. > 5. Open an elevated Cmd window and execute the following command: > >t.cmd clioff > 6. Upload the resulting t*.cab file to the link I provided you. > > > > Regards, > > Obaid Farooqi > > Sr. Escalation Engineer | Microsoft > > > > *From:* Obaid Farooqi > *Sent:* Monday, December 8, 2025 10:38 AM > *To:* 'Kacper' <[email protected]> > *Cc:* Microsoft Support <[email protected]>; cifs-protocol < > [email protected]> > *Subject:* RE: [EXTERNAL] Re: Windows 11 does not appear to apply group > policies on logon when Hardened UNC paths are configured - > TrackingID#2512040040010550 > > > > Hi Kacper: > > Thank you for the traces. I’ll look into them and get back to you as soon > as I have anything conceret. > > Regards, > > Obaid Farooqi > > Sr. Escalation Engineer | Microsoft > > > > *From:* Kacper <[email protected]> > *Sent:* Monday, December 8, 2025 4:20 AM > *To:* Obaid Farooqi <[email protected]> > *Cc:* Microsoft Support <[email protected]>; cifs-protocol < > [email protected]> > *Subject:* [EXTERNAL] Re: Windows 11 does not appear to apply group > policies on logon when Hardened UNC paths are configured - > TrackingID#2512040040010550 > > > > Hello Obaid, > > > > Thank you for taking over this issue. The issue occurs between a Windows > 11 client and a Samba DC. I’ve tested the same scenario against a Windows > DC, and it works correctly there. > My testing was done with Windows 11 (24H2, OS version 26100.7171) and > Samba 4.21.10. I’ve uploaded the network trace, the event log entry, and > the auth trace. > Manually running gpupdate /force after the user logs on works without any > issues. > > > I would like to understand why Windows fails to apply GPOs during logon when > Hardened UNC Paths are configured and the domain controller is Samba. > > > > Regards, > > Kacper >
_______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
