thr3ads.net - samba - [Samba] Windows 10 cannot connect without SMB1 [Mar 2021]

If this information is useful, please help other people find it:
Share via:

Rowland penny

2021-Mar-01 15:40 UTC

[Samba] Windows 10 cannot connect without SMB1

On 01/03/2021 15:35, K. R. Foley wrote:>
> On 3/1/21 9:19 AM, Rowland penny via samba wrote:
>> On 01/03/2021 15:04, K. R. Foley wrote:
>>>
>>> The firewall is disabled on the client PC. The client and the
server
>>> are on 2 separate subnets separated by a VPN. I am not aware of any
>>> filtering going on between the two, but I can't say for sure
without
>>> checking. Is there a list of ports somewhere that I can check to 
>>> make sure that they are all being routed over the VPN? I have 
>>> already checked everything that I can see in netstat on the server.
>>
>>
>> For port usage, see these wiki pages:
>>
>> https://wiki.samba.org/index.php/Samba_NT4_PDC_Port_Usage
>>
>> https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>>
>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>>
>>>
>>> Keep in mind that the client can join the domain fine if I enable 
>>> SMB1 on the client. I don't want to use SMB1. That is why I am 
>>> trying to figure this out. The client seems to think that the
server
>>> is asking for SMB1.
>>
>>
>> This is what I am struggling with, by default SMBv1 is turned off 
>> from Samba 4.11.0 , if you want to use SMBv1 then you have to 
>> explicitly set it in smb.conf. You haven't set it, so your DC 
>> shouldn't be using it, perhaps it is the client that is using it ?
>>
>> Rowland
>>
> I have disabled SMB1 using "Disable-WindowsOptionalFeature -Online 
> -FeatureName SMB1Protocol". If I enable it, it works.
>
> kr
>
When you join to a domain, the client searches for a DC, I am now 
wondering if something else (that is SMBv1 aware) is replying and 
causing the error message, perhaps the old PDC ?

Rowland

K. R. Foley

2021-Mar-01 15:57 UTC

head link

[Samba] Windows 10 cannot connect without SMB1

On 3/1/21 9:40 AM, Rowland penny via samba wrote:> On 01/03/2021 15:35, K. R. Foley wrote:
>>
>> On 3/1/21 9:19 AM, Rowland penny via samba wrote:
>>> On 01/03/2021 15:04, K. R. Foley wrote:
>>>>
>>>> The firewall is disabled on the client PC. The client and the 
>>>> server are on 2 separate subnets separated by a VPN. I am not
aware
>>>> of any filtering going on between the two, but I can't say
for sure
>>>> without checking. Is there a list of ports somewhere that I can
>>>> check to make sure that they are all being routed over the VPN?
I
>>>> have already checked everything that I can see in netstat on
the
>>>> server.
>>>
>>>
>>> For port usage, see these wiki pages:
>>>
>>> https://wiki.samba.org/index.php/Samba_NT4_PDC_Port_Usage
>>>
>>> https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>>>
>>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>>>
>>>>
>>>> Keep in mind that the client can join the domain fine if I
enable
>>>> SMB1 on the client. I don't want to use SMB1. That is why I
am
>>>> trying to figure this out. The client seems to think that the 
>>>> server is asking for SMB1.
>>>
>>>
>>> This is what I am struggling with, by default SMBv1 is turned off 
>>> from Samba 4.11.0 , if you want to use SMBv1 then you have to 
>>> explicitly set it in smb.conf. You haven't set it, so your DC 
>>> shouldn't be using it, perhaps it is the client that is using
it ?
>>>
>>> Rowland
>>>
>> I have disabled SMB1 using "Disable-WindowsOptionalFeature -Online
>> -FeatureName SMB1Protocol". If I enable it, it works.
>>
>> kr
>>
>
> When you join to a domain, the client searches for a DC, I am now 
> wondering if something else (that is SMBv1 aware) is replying and 
> causing the error message, perhaps the old PDC ?
>
> Rowland
>Here is the debug from the Windows client. The domain for the old domain 
is different.

03/01/2021 09:43:27:468 NetpDoDomainJoin
03/01/2021 09:43:27:468 NetpDoDomainJoin: using current computer names
03/01/2021 09:43:27:468 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) 
returned 0x0
03/01/2021 09:43:27:468 NetpDoDomainJoin: 
NetpGetComputerNameEx(DnsHostName) returned 0x0
03/01/2021 09:43:27:468 NetpMachineValidToJoin: 'KR-DEV'
03/01/2021 09:43:27:468 NetpMachineValidToJoin: status: 0x0
03/01/2021 09:43:27:468 NetpJoinDomain
03/01/2021 09:43:27:468 ??? HostName: KR-Dev
03/01/2021 09:43:27:468 ??? NetbiosName: KR-DEV
03/01/2021 09:43:27:468 ??? Domain: local.richardshapiro.com
03/01/2021 09:43:27:468 ??? MachineAccountOU: (NULL)
03/01/2021 09:43:27:468 ??? Account: local.richardshapiro.com\administrator
03/01/2021 09:43:27:468 ??? Options: 0x25
03/01/2021 09:43:27:484 NetpValidateName: checking to see if 
'local.richardshapiro.com' is valid as type 3 name
03/01/2021 09:43:27:484 NetpValidateName: 'local.richardshapiro.com' is 
not a valid NetBIOS domain name: 0x7b
03/01/2021 09:43:27:577 NetpCheckDomainNameIsValid [ Exists ] for 
'local.richardshapiro.com' returned 0x0
03/01/2021 09:43:27:577 NetpValidateName: name 
'local.richardshapiro.com' is valid for type 3
03/01/2021 09:43:27:577 NetpDsGetDcName: trying to find DC in domain 
'local.richardshapiro.com', flags: 0x1020
03/01/2021 09:43:28:046 NetpDsGetDcName: failed to find a DC having 
account 'KR-DEV$': 0x525, last error is 0x0
03/01/2021 09:43:28:046 NetpDsGetDcName: found DC 
'\\ss-prod.local.richardshapiro.com' in the specified domain
03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
03/01/2021 09:43:28:046 NetpDisableIDNEncoding: using FQDN 
local.richardshapiro.com from dcinfo
03/01/2021 09:43:28:046 NetpDisableIDNEncoding: 
DnsDisableIdnEncoding(UNTILREBOOT) on 'local.richardshapiro.com'
succeeded
03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDisableIDNEncoding 
returned: 0x0
03/01/2021 09:43:28:140 NetUseAdd to 
\\ss-prod.local.richardshapiro.com\IPC$ returned 384
03/01/2021 09:43:28:140 NetpJoinDomainOnDs: status of connecting to dc 
'\\ss-prod.local.richardshapiro.com': 0x180
03/01/2021 09:43:28:140 NetpJoinDomainOnDs: Function exits with status 
of: 0x180
03/01/2021 09:43:28:140 NetpResetIDNEncoding: 
DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com' returned
0x0
03/01/2021 09:43:28:140 NetpJoinDomainOnDs: NetpResetIDNEncoding on 
'local.richardshapiro.com': 0x0
03/01/2021 09:43:28:140 NetpDoDomainJoin: status: 0x180
03/01/2021 09:43:28:155 
-----------------------------------------------------------------
03/01/2021 09:43:28:155 NetpDoDomainJoin
03/01/2021 09:43:28:155 NetpDoDomainJoin: using current computer names
03/01/2021 09:43:28:155 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) 
returned 0x0
03/01/2021 09:43:28:155 NetpDoDomainJoin: 
NetpGetComputerNameEx(DnsHostName) returned 0x0
03/01/2021 09:43:28:155 NetpMachineValidToJoin: 'KR-DEV'
03/01/2021 09:43:28:155 NetpMachineValidToJoin: status: 0x0
03/01/2021 09:43:28:155 NetpJoinDomain
03/01/2021 09:43:28:155 ??? HostName: KR-Dev
03/01/2021 09:43:28:155 ??? NetbiosName: KR-DEV
03/01/2021 09:43:28:155 ??? Domain: local.richardshapiro.com
03/01/2021 09:43:28:155 ??? MachineAccountOU: (NULL)
03/01/2021 09:43:28:155 ??? Account: local.richardshapiro.com\administrator
03/01/2021 09:43:28:155 ??? Options: 0x27
03/01/2021 09:43:28:155 NetpValidateName: checking to see if 
'local.richardshapiro.com' is valid as type 3 name
03/01/2021 09:43:28:155 NetpValidateName: 'local.richardshapiro.com' is 
not a valid NetBIOS domain name: 0x7b
03/01/2021 09:43:28:281 NetpCheckDomainNameIsValid [ Exists ] for 
'local.richardshapiro.com' returned 0x0
03/01/2021 09:43:28:281 NetpValidateName: name 
'local.richardshapiro.com' is valid for type 3
03/01/2021 09:43:28:281 NetpDsGetDcName: trying to find DC in domain 
'local.richardshapiro.com', flags: 0x1020
03/01/2021 09:43:28:749 NetpDsGetDcName: failed to find a DC having 
account 'KR-DEV$': 0x525, last error is 0x0
03/01/2021 09:43:28:749 NetpDsGetDcName: found DC 
'\\ss-prod.local.richardshapiro.com' in the specified domain
03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
03/01/2021 09:43:28:749 NetpDisableIDNEncoding: using FQDN 
local.richardshapiro.com from dcinfo
03/01/2021 09:43:28:749 NetpDisableIDNEncoding: 
DnsDisableIdnEncoding(UNTILREBOOT) on 'local.richardshapiro.com'
succeeded
03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDisableIDNEncoding 
returned: 0x0
03/01/2021 09:43:28:765 NetUseAdd to 
\\ss-prod.local.richardshapiro.com\IPC$ returned 384
03/01/2021 09:43:28:765 NetpJoinDomainOnDs: status of connecting to dc 
'\\ss-prod.local.richardshapiro.com': 0x180
03/01/2021 09:43:28:765 NetpJoinDomainOnDs: Function exits with status 
of: 0x180
03/01/2021 09:43:28:765 NetpResetIDNEncoding: 
DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com' returned
0x0
03/01/2021 09:43:28:765 NetpJoinDomainOnDs: NetpResetIDNEncoding on 
'local.richardshapiro.com': 0x0
03/01/2021 09:43:28:765 NetpDoDomainJoin: status: 0x180

kr

L.P.H. van Belle

2021-Mar-01 16:03 UTC

head link

[Samba] Windows 10 cannot connect without SMB1

Account: local.richardshapiro.com\administrator 
change it to 
Account: administrator at local.richardshapiro.com

should work, i seen same here. 
but, only works AFTER all old drives are disconnected. 


03/01/2021 09:43:28:749 NetpDsGetDcName: failed to find a DC having 
account 'KR-DEV$': 0x525, last error is 0x0

on this, verify the A and PTR records of your AD-DC. 

still smells like a windows thingy.. 
you can also try upgrading samba, 4.14 is almost out which makes 4.11
old/unspported.




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens K. R. Foley via
> samba
> Verzonden: maandag 1 maart 2021 16:57
> Aan: Rowland penny; sambalist
> Onderwerp: Re: [Samba] Windows 10 cannot connect without SMB1
> 
> 
> On 3/1/21 9:40 AM, Rowland penny via samba wrote:
> > On 01/03/2021 15:35, K. R. Foley wrote:
> >>
> >> On 3/1/21 9:19 AM, Rowland penny via samba wrote:
> >>> On 01/03/2021 15:04, K. R. Foley wrote:
> >>>>
> >>>> The firewall is disabled on the client PC. The client and
the
> >>>> server are on 2 separate subnets separated by a VPN. I am
not aware
> >>>> of any filtering going on between the two, but I can't
say for sure
> >>>> without checking. Is there a list of ports somewhere that
I can
> >>>> check to make sure that they are all being routed over the
VPN? I
> >>>> have already checked everything that I can see in netstat
on the
> >>>> server.
> >>>
> >>>
> >>> For port usage, see these wiki pages:
> >>>
> >>> https://wiki.samba.org/index.php/Samba_NT4_PDC_Port_Usage
> >>>
> >>>
https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
> >>>
> >>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
> >>>
> >>>>
> >>>> Keep in mind that the client can join the domain fine if I
enable
> >>>> SMB1 on the client. I don't want to use SMB1. That is
why I am
> >>>> trying to figure this out. The client seems to think that
the
> >>>> server is asking for SMB1.
> >>>
> >>>
> >>> This is what I am struggling with, by default SMBv1 is turned
off
> >>> from Samba 4.11.0 , if you want to use SMBv1 then you have to
> >>> explicitly set it in smb.conf. You haven't set it, so your
DC
> >>> shouldn't be using it, perhaps it is the client that is
using it ?
> >>>
> >>> Rowland
> >>>
> >> I have disabled SMB1 using "Disable-WindowsOptionalFeature
-Online
> >> -FeatureName SMB1Protocol". If I enable it, it works.
> >>
> >> kr
> >>
> >
> > When you join to a domain, the client searches for a DC, I am now
> > wondering if something else (that is SMBv1 aware) is replying and
> > causing the error message, perhaps the old PDC ?
> >
> > Rowland
> >
> Here is the debug from the Windows client. The domain for the old domain
> is different.
> 
> 03/01/2021 09:43:27:468 NetpDoDomainJoin
> 03/01/2021 09:43:27:468 NetpDoDomainJoin: using current computer names
> 03/01/2021 09:43:27:468 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios)
> returned 0x0
> 03/01/2021 09:43:27:468 NetpDoDomainJoin:
> NetpGetComputerNameEx(DnsHostName) returned 0x0
> 03/01/2021 09:43:27:468 NetpMachineValidToJoin: 'KR-DEV'
> 03/01/2021 09:43:27:468 NetpMachineValidToJoin: status: 0x0
> 03/01/2021 09:43:27:468 NetpJoinDomain
> 03/01/2021 09:43:27:468 ??? HostName: KR-Dev
> 03/01/2021 09:43:27:468 ??? NetbiosName: KR-DEV
> 03/01/2021 09:43:27:468 ??? Domain: local.richardshapiro.com
> 03/01/2021 09:43:27:468 ??? MachineAccountOU: (NULL)
> 03/01/2021 09:43:27:468 ??? Account:
> local.richardshapiro.com\administrator
> 03/01/2021 09:43:27:468 ??? Options: 0x25
> 03/01/2021 09:43:27:484 NetpValidateName: checking to see if
> 'local.richardshapiro.com' is valid as type 3 name
> 03/01/2021 09:43:27:484 NetpValidateName:
'local.richardshapiro.com' is
> not a valid NetBIOS domain name: 0x7b
> 03/01/2021 09:43:27:577 NetpCheckDomainNameIsValid [ Exists ] for
> 'local.richardshapiro.com' returned 0x0
> 03/01/2021 09:43:27:577 NetpValidateName: name
> 'local.richardshapiro.com' is valid for type 3
> 03/01/2021 09:43:27:577 NetpDsGetDcName: trying to find DC in domain
> 'local.richardshapiro.com', flags: 0x1020
> 03/01/2021 09:43:28:046 NetpDsGetDcName: failed to find a DC having
> account 'KR-DEV$': 0x525, last error is 0x0
> 03/01/2021 09:43:28:046 NetpDsGetDcName: found DC
> '\\ss-prod.local.richardshapiro.com' in the specified domain
> 03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
> 03/01/2021 09:43:28:046 NetpDisableIDNEncoding: using FQDN
> local.richardshapiro.com from dcinfo
> 03/01/2021 09:43:28:046 NetpDisableIDNEncoding:
> DnsDisableIdnEncoding(UNTILREBOOT) on 'local.richardshapiro.com'
succeeded
> 03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDisableIDNEncoding
> returned: 0x0
> 03/01/2021 09:43:28:140 NetUseAdd to
> \\ss-prod.local.richardshapiro.com\IPC$ returned 384
> 03/01/2021 09:43:28:140 NetpJoinDomainOnDs: status of connecting to dc
> '\\ss-prod.local.richardshapiro.com': 0x180
> 03/01/2021 09:43:28:140 NetpJoinDomainOnDs: Function exits with status
> of: 0x180
> 03/01/2021 09:43:28:140 NetpResetIDNEncoding:
> DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com'
returned 0x0
> 03/01/2021 09:43:28:140 NetpJoinDomainOnDs: NetpResetIDNEncoding on
> 'local.richardshapiro.com': 0x0
> 03/01/2021 09:43:28:140 NetpDoDomainJoin: status: 0x180
> 03/01/2021 09:43:28:155
> -----------------------------------------------------------------
> 03/01/2021 09:43:28:155 NetpDoDomainJoin
> 03/01/2021 09:43:28:155 NetpDoDomainJoin: using current computer names
> 03/01/2021 09:43:28:155 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios)
> returned 0x0
> 03/01/2021 09:43:28:155 NetpDoDomainJoin:
> NetpGetComputerNameEx(DnsHostName) returned 0x0
> 03/01/2021 09:43:28:155 NetpMachineValidToJoin: 'KR-DEV'
> 03/01/2021 09:43:28:155 NetpMachineValidToJoin: status: 0x0
> 03/01/2021 09:43:28:155 NetpJoinDomain
> 03/01/2021 09:43:28:155 ??? HostName: KR-Dev
> 03/01/2021 09:43:28:155 ??? NetbiosName: KR-DEV
> 03/01/2021 09:43:28:155 ??? Domain: local.richardshapiro.com
> 03/01/2021 09:43:28:155 ??? MachineAccountOU: (NULL)
> 03/01/2021 09:43:28:155 ??? Account:
> local.richardshapiro.com\administrator
> 03/01/2021 09:43:28:155 ??? Options: 0x27
> 03/01/2021 09:43:28:155 NetpValidateName: checking to see if
> 'local.richardshapiro.com' is valid as type 3 name
> 03/01/2021 09:43:28:155 NetpValidateName:
'local.richardshapiro.com' is
> not a valid NetBIOS domain name: 0x7b
> 03/01/2021 09:43:28:281 NetpCheckDomainNameIsValid [ Exists ] for
> 'local.richardshapiro.com' returned 0x0
> 03/01/2021 09:43:28:281 NetpValidateName: name
> 'local.richardshapiro.com' is valid for type 3
> 03/01/2021 09:43:28:281 NetpDsGetDcName: trying to find DC in domain
> 'local.richardshapiro.com', flags: 0x1020
> 03/01/2021 09:43:28:749 NetpDsGetDcName: failed to find a DC having
> account 'KR-DEV$': 0x525, last error is 0x0
> 03/01/2021 09:43:28:749 NetpDsGetDcName: found DC
> '\\ss-prod.local.richardshapiro.com' in the specified domain
> 03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
> 03/01/2021 09:43:28:749 NetpDisableIDNEncoding: using FQDN
> local.richardshapiro.com from dcinfo
> 03/01/2021 09:43:28:749 NetpDisableIDNEncoding:
> DnsDisableIdnEncoding(UNTILREBOOT) on 'local.richardshapiro.com'
succeeded
> 03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDisableIDNEncoding
> returned: 0x0
> 03/01/2021 09:43:28:765 NetUseAdd to
> \\ss-prod.local.richardshapiro.com\IPC$ returned 384
> 03/01/2021 09:43:28:765 NetpJoinDomainOnDs: status of connecting to dc
> '\\ss-prod.local.richardshapiro.com': 0x180
> 03/01/2021 09:43:28:765 NetpJoinDomainOnDs: Function exits with status
> of: 0x180
> 03/01/2021 09:43:28:765 NetpResetIDNEncoding:
> DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com'
returned 0x0
> 03/01/2021 09:43:28:765 NetpJoinDomainOnDs: NetpResetIDNEncoding on
> 'local.richardshapiro.com': 0x0
> 03/01/2021 09:43:28:765 NetpDoDomainJoin: status: 0x180
> 
> kr
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

samba - Mar 2021 - Windows 10 cannot connect without SMB1

[Samba] Windows 10 cannot connect without SMB1

[Samba] Windows 10 cannot connect without SMB1

[Samba] Windows 10 cannot connect without SMB1