v.1.3.3 - Error! 1369

[PukinDogs]

Ran this not long ago without issue under version 1.3.2 Updated today and the List of Users won't complete currently.

Command:

./dsusers.py ../../ntds.dit.export/datatable.3 ../../ntds.dit.export/link_table.5 workingfolder --syshive ../../SYSTEM --lmoutfile lmoutfile.txt --ntoutfile ntoutfile.txt -- pwdformat ophc --passwordhashes --passwordhistory

... [+] Loading Saved map files (Stage 2)...

List of users: ==========[!] Error! 1369

[csababarta]

It seems that the framework is not able to load the cached data from the work directory. You can delete the content of the work directory and have the framework reprocess the data tables. After deleting the content you can rerun the command and the framework will reprocess everything and recreate the caches.

[PukinDogs]

I deleted the working folder and reran the command. Same error.

There are two warnings to note however:

[!] Warning: Opening saved maps failed: [Errno 2] No such file or directory: '/mnt/WorkingFolder/offlid.map'

[!] Warning: Opening saved maps failed: [Errno 2] No such file or directory: '/mnt/WorkingFolder/links.map'

Then the same Error 1369. Hope that helps.

[PukinDogs]

I did check the folder to confirm those files exist and they are created.

[csababarta]

In this case those messages are only warnings, meaning that the framework did not find the files. As the working directory was empty (you deleted all the file from it), the framework recreated all the cache files. That is why you saw them. I think everything should be working for you now. Let me know if the framework could process the data tables.

[PukinDogs]

Even after deleting the folder, it still stalls at the same point as my first post.

I'm looking to verify the esedbexport is working properly. Then I'll try it again tomorrow, I did notice this libesedb is listed as experimental. Maybe thats the issue. I'm using "libesedb-20150409"

[PukinDogs]

rolling back to esedbexport (20141110) did not resolve the issue. Not sure what else to try here, could I get a copy of the previous version of NTDsXtract 1.3.2?