Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

STATUS_SERVER_UNAVAILABLE - STATUS_OTHER(0xc0000466) #830

Closed
sgonchigar opened this issue May 25, 2024 · 2 comments
Closed

STATUS_SERVER_UNAVAILABLE - STATUS_OTHER(0xc0000466) #830

sgonchigar opened this issue May 25, 2024 · 2 comments

Comments

@sgonchigar
Copy link

sgonchigar commented May 25, 2024
edited
Loading

Hello,

Thank you for making this utility available. Have been using it for 1+year. 2 months back some changes were made on the networking side, vlan switch etc. What used to be 95% successful calls are now 50-60%. The error is 466. It's like pass,pass......fail, fail...pass,pass and so on. While researching, came across this similar issue here jborean93/smbprotocol#61. looking to see if you have any suggestions that I can try.

[main] INFO com.hierynomus.smbj.connection.PacketEncryptor - Initialized PacketEncryptor with Cipher << AES_128_GCM >>
[main] INFO com.hierynomus.smbj.connection.Connection - Successfully connected to: server
Exception in thread "main" com.hierynomus.mssmb2.SMBApiException: STATUS_OTHER (0xc0000466): Authentication failed for 'AD profile' using com.hierynomus.smbj.auth.NtlmSealer@1003cfeb
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:154)
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:152)
at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:119)
at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)
at CIFS_List_Dir_v2.main(CIFS_List_Dir_v2.java:175)

Thank you for your any input. Was using 0.13 version.
@sgonchigar sgonchigar changed the title STATUS_SERVER_UNAVAILABLE - STASTU_OTHER(0xc0000466) STATUS_SERVER_UNAVAILABLE - STATUS_OTHER(0xc0000466) May 25, 2024
@sgonchigar
Copy link
Author

sgonchigar commented Jun 30, 2024
edited
Loading

compared the debug logs between working and non-working share, What I am seeing is in non-working is "Signing with NTLM Extended Session Security"

[main] DEBUG com.hierynomus.protocol.commons.socket.ProxySocketFactory - Connecting to server1.test.net
[main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Starting PacketReader on thread: Packet Reader for server1.test.net
[main] DEBUG com.hierynomus.smbj.connection.SMBProtocolNegotiator - Negotiating dialects [SMB_2_0_2, SMB_2_1, SMB_3_0, SMB_3_0_2, SMB_3_1_1]
[main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet SMB_COM_NEGOTIATE
[main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 0 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet SMB2_NEGOTIATE with message id << 0 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 1 credits for SMB2_NEGOTIATE with message id << 0 >>, now available: 1 credits
[Packet Reader for server1.test.net] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 0 >> to SMB2_NEGOTIATE with message id << 0 >>
[main] DEBUG com.hierynomus.smbj.connection.Connection - Granted 1 (out of 1) credits to SMB2_NEGOTIATE with message id << 1 >>
[main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet SMB2_NEGOTIATE with message id << 1 >>
[main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 1 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet SMB2_NEGOTIATE with message id << 1 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 1 credits for SMB2_NEGOTIATE with message id << 1 >>, now available: 1 credits
[Packet Reader for server1.test.net] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 1 >> to SMB2_NEGOTIATE with message id << 1 >>
[main] DEBUG com.hierynomus.smbj.connection.SMBProtocolNegotiator - Negotiated the following connection settings: ConnectionContext{
serverGuid=0111111-6246-4234-a290-c11111bfaed9,
serverName='server1.test.net',
negotiatedProtocol=NegotiatedProtocol{dialect=SMB_3_1_1, maxTransactSize=65536, maxReadSize=1048576, maxWriteSize=1048576},
clientGuid=1111111ae-111a3-4ae6-a41d-cedca2f7cdaa,
clientCapabilities=[SMB2_GLOBAL_CAP_DFS, SMB2_GLOBAL_CAP_LARGE_MTU],
serverCapabilities=[SMB2_GLOBAL_CAP_DFS, SMB2_GLOBAL_CAP_LEASING, SMB2_GLOBAL_CAP_LARGE_MTU, SMB2_GLOBAL_CAP_PERSISTENT_HANDLES],
clientSecurityMode=1,
serverSecurityMode=3,
server='com.hierynomus.smbj.server.Server@c8ac4009'
}
[main] INFO com.hierynomus.smbj.connection.PacketEncryptor - Initialized PacketEncryptor with Cipher << null >>
[main] INFO com.hierynomus.smbj.connection.Connection - Successfully connected to: server1.test.net
[main] DEBUG com.hierynomus.smbj.auth.NtlmAuthenticator - Initialized Authentication of using NTLM
[main] DEBUG com.hierynomus.smbj.connection.Connection - Granted 1 (out of 1) credits to SMB2_SESSION_SETUP with message id << 2 >>
[main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet SMB2_SESSION_SETUP with message id << 2 >>
[main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 2 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet SMB2_SESSION_SETUP with message id << 2 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 128 credits for SMB2_SESSION_SETUP with message id << 2 >>, now available: 128 credits
[Packet Reader for server1.test.net] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 2 >> to SMB2_SESSION_SETUP with message id << 2 >>
[main] DEBUG com.hierynomus.smbj.connection.SMBSessionBuilder - More processing required for authentication of using com.hierynomus.smbj.auth.NtlmSealer@7c348a50
[main] DEBUG com.hierynomus.smbj.auth.NtlmAuthenticator - Received token: a1 82 00 fd .........
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,1],]
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,0],]
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,1],]
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,2],]
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1Sequence[[ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,0],], ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,1],], ASN1TaggedObject[ASN1Tag[CONTEXT_SPECIFIC,CONSTRUCTED,2],]]]
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1Enumerated[1]
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1ObjectIdentifier[1.3.6.1.4.1.311.2.2.10]
[main] DEBUG com.hierynomus.asn1.ASN1InputStream - Read ASN.1 object: ASN1OctetString[[78, 84, 76, ........]]
[main] DEBUG com.hierynomus.smbj.auth.NtlmAuthenticator - Received NTLM challenge from: test
[main] DEBUG com.hierynomus.smbj.auth.NtlmSealer - Calculating signing and sealing keys for NTLM Extended Session Security
[main] DEBUG com.hierynomus.smbj.auth.NtlmSealer - Signing with NTLM Extended Session Security
[main] DEBUG com.hierynomus.smbj.connection.Connection - Granted 1 (out of 128) credits to SMB2_SESSION_SETUP with message id << 3 >>
[main] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpTransport - Writing packet SMB2_SESSION_SETUP with message id << 3 >>
[main] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Awaiting << 3 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.transport.tcp.direct.DirectTcpPacketReader - Received packet SMB2_SESSION_SETUP with message id << 3 >>
[Packet Reader for server1.test.net] DEBUG com.hierynomus.smbj.connection.packet.SMB2CreditGrantingPacketHandler - Server granted us 1 credits for SMB2_SESSION_SETUP with message id << 3 >>, now available: 128 credits
[Packet Reader for server1.test.net] DEBUG com.hierynomus.protocol.commons.concurrent.Promise - Setting << 3 >> to SMB2_SESSION_SETUP with message id << 3 >>
Exception in thread "main" com.hierynomus.mssmb2.SMBApiException: STATUS_OTHER (0xc0000466): Authentication failed for 'AD profile' using com.hierynomus.smbj.auth.NtlmSealer@7c348a50
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:154)
at com.hierynomus.smbj.connection.SMBSessionBuilder.setupSession(SMBSessionBuilder.java:152)
at com.hierynomus.smbj.connection.SMBSessionBuilder.establish(SMBSessionBuilder.java:119)
at com.hierynomus.smbj.connection.Connection.authenticate(Connection.java:202)
at CIFS_List_Dir_v2.main(CIFS_List_Dir_v2.java:147)

@sgonchigar
Copy link
Author

IT team applied below patch and it resolved the issue.
Root cause: SU530: [Impact Critical] NTLM authentication fails due to enforcement of Netlogon RPC sealing (Microsoft CVE-2022-38023)
Problem resolution: Upgraded NetApp to ONTAP Release 9.10.1P12, a fixed version of the SU530 issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sgonchigar