メインコンテンツまでスキップ

CVE-2022-38023のDCでRequireSeal: 1にもかかわらずNTLMが失敗します

Views:
1,584
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

環境

  • ONTAP 9
  • CIFS / SMB
  • ネットログオン
  • NTLM
  • CVE-2012-38023

問題

  • IPを使用したNTLM認証を介してCIFS共有にアクセスできません

注: FQDNまたはホスト名を使用したアクセスが機能する場合があります

  • ERROR ドメインコントローラ(DC)のWindowsイベントログに、影響を受けるSVMのイベントID 5838が表示され、 Windows OSを参照しています。

Log Name: System
Source: NETLOGON
Date: 4/21/2023 8:06:11 AM
Event ID: 5838
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: demodomadc1.demo.domaina.local
Description:
The Netlogon service encountered a client using RPC signing instead of RPC sealing.

Machine SamAccountName: CIFSSERVERNAME
Domain: demo.domaina.local.
Account Type: Domain Member
Machine Operating System: Windows 10 Enterprise
Machine Operating System Build: 10.0 (19044)
Machine Operating System Service Pack: N/A
Client IP Address: Unknown IP

注:  SVMのCIFS サーバのADコンピュータオブジェクトでは 、マシンオペレーティングシステム 属性がWindowsに設定されています

  • Netlogonサービスを使用したCIFSアクセスが失敗する:
4/16/2023 23:13:02  NODE1   ERROR     secd.cifsAuth.problem: vserver (SVM1) General CIFS authentication problem. Error: User authentication procedure failed (Retries: 2)
CIFS SMB2 Share mapping - Client Ip = 10.227.140.172
**[   22] Attempt 1 FAILURE: Unexpected state: Error 6756 at file:src/FrameWork/ClientInfo.cpp func:RemoveAllSharesFromGlobalSession line:4034
**[   22] Attempt 1 FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))
**[   36] Attempt 2 FAILURE: Unexpected state: Error 6756 at file:src/FrameWork/ClientInfo.cpp func:RemoveAllSharesFromGlobalSession line:4034
**[   36] Attempt 2 FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))
[ 36 ms] Login attempt by domain user 'Netapp\user' using NTLMv2 style security
[   37] Successfully connected to ip 192.168.1.1, port 445 using TCP
[   44] Successfully authenticated with DC netapp.domain.com
**[   59] FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))
[   59] CIFS authentication failed
[   59] Retry requested, but maximum attempts (3) reached; giving up.

注意: 0xc000005e は一般的なエラーであるため、すべての症状が一致する必要があります

  • 2023年4月11日以降 、CVE-2022-38023のMicrosoft WindowsパッチがDCにインストールされ、 RequireSeal レジストリ値が1 (互換モード)に設定されています。
  • SVMのCIFSサーバ名を確認します。

::*> cifs show -vserver SVM1

Vserver: SVM1
CIFS Server NetBIOS Name: CIFSSERVERNAME
NetBIOS Domain/Workgroup Name: DEMO
Fully Qualified Domain Name: DEMO.DOMAINA.LOCAL
Organizational Unit: CN=Computers
Default Site Used by LIFs Without Site Membership:
Workgroup Name: -
Kerberos Realm: -
Authentication Style: domain
CIFS Server Administrative Status: up
CIFS Server Description:
List of NetBIOS Aliases: -

  •  DCのPowerShellを使用してOperatingSystem属性を確認します。

PS C:\Users\Administrator> Get-ADComputer CIFSSERVERNAME -Properties OperatingSystem,OperatingSystemVersion
DistinguishedName      : CN=CIFSSERVERNAME,CN=Computers,DC=demo,DC=domaina,DC=local
DNSHostName            : cifsservername.demo.domaina.local
Enabled                : True
Name                   : CIFSSERVERNAME
ObjectClass            : computer
ObjectGUID             : 39c55236-7d8d-4c7d-a24b-aee1899e6053
OperatingSystem        : Windows 10 Enterprise
OperatingSystemVersion : 10.0 (194044)
SamAccountName         : CIFSSERVERNAME$
SID                    : S-1-5-21-441962528-1452217077-79953549-1312
UserPrincipalName      :

すべての使用可能なすべての使用可能なもの

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.