Samuel Wolf
2023-Jul-11 21:18 UTC
[Samba] Samba 4.17.8+dfsg-2 (Debian 12) | Test-ComputerSecureChannel False | no RDP access after july update
Hi, since the windows updates today we can not longer connect over RDP (freerdp) to any of our windows machines with a domain user: failed with NTSTATUS: STATUS_TRUSTED_RELATIONSHIP_FAILURE Local windows user works as expected and also RDP from one windows machine to another windows machine with a domain user works. I see Test-ComputerSecureChannel show False on windows 10/11, so I tried Test-ComputerSecureChannel -Repair and again result False. Samba log show: [...] [2023/07/11 23:02:11.348659, 3] ../../libcli/auth/schannel_state_tdb.c:129(schannel_store_session_key_tdb) schannel_store_session_key_tdb: stored schannel info with key SECRETS/SCHANNEL/CADMACHINE [2023/07/11 23:02:11.348684, 1] ../../librpc/ndr/ndr.c:668(_ndr_push_error) ndr_push_netr_Capabilities: ndr_push_error(Bad Switch): Bad switch value 2 at librpc/gen_ndr/ndr_netlogon.c:7652 [...] Not sure this is also the root cause of the RDP problem. Any idea whats wrong here? Thank you. Samuel
Samuel Wolf
2023-Jul-12 10:30 UTC
[Samba] Samba 4.17.8+dfsg-2 (Debian 12) | Test-ComputerSecureChannel False | no RDP access after july update
Hi, does anyone know if this is a windows or samba 4.17.8+dfsg-2 (Debian 12) problem? Windows 10 and 11 with patch level june/2023 show: Test-ComputerSecureChannel -Verbose True As soon I install the july/2023 patch windows show: Test-ComputerSecureChannel -Verbose False Moved the machine to local workgroup, delete machine account on the ad controller and rejoin it (which works), but Test-ComputerSecureChannel -Verbose show again False. Any idea? Thanks. Samuel Am Di., 11. Juli 2023 um 23:18 Uhr schrieb Samuel Wolf <samuelwolf85 at googlemail.com>:> > Hi, > > since the windows updates today we can not longer connect over RDP > (freerdp) to any of our windows machines > with a domain user: > failed with NTSTATUS: STATUS_TRUSTED_RELATIONSHIP_FAILURE > > Local windows user works as expected and also RDP from one windows > machine to another windows machine with a domain user works. > I see Test-ComputerSecureChannel show False on windows 10/11, so I > tried Test-ComputerSecureChannel -Repair and again result False. > > Samba log show: > [...] > [2023/07/11 23:02:11.348659, 3] > ../../libcli/auth/schannel_state_tdb.c:129(schannel_store_session_key_tdb) > schannel_store_session_key_tdb: stored schannel info with key > SECRETS/SCHANNEL/CADMACHINE > [2023/07/11 23:02:11.348684, 1] ../../librpc/ndr/ndr.c:668(_ndr_push_error) > ndr_push_netr_Capabilities: ndr_push_error(Bad Switch): Bad switch > value 2 at librpc/gen_ndr/ndr_netlogon.c:7652 > [...] > > Not sure this is also the root cause of the RDP problem. > > Any idea whats wrong here? > > Thank you. > > Samuel
michael.groh+samba at minad.de
2023-Jul-12 10:37 UTC
[Samba] Samba 4.17.8+dfsg-2 (Debian 12) | Test-ComputerSecureChannel False | no RDP access after july update
Hello Samuel, i have exactly the same problem. After the Windows Server 2022 VMs rebooted after Microsofts July Patches, both VMs have lost their domain-trust. I am using Ubuntu 22.04, so my Samba version is 2:4.15.13+dfsg-0ubuntu1.1. On those Machines, eventlog shows NETLOGON with the event-ID 3210, the "Test-ComputerSecureChannel" shows False and -Repair also does not work. Even removing and rejoining those servers from the AD will not fix this problem. On one of the machines, i removed the updates and everything started to work again. Also, there are some Windows 11 clients in my AD that will not let me connect via RDP - and WinRM does not work, so i can't use ansible to remove those updates. Maybe this is worth escalating? Thank you for your work, Michael