search

hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
707 stars 180 forks source link

STATUS_INVALID_PARAMETER (0xc000000d): Failure during dialect negotiation (SMB_2_1, SMB_3_1_1) #777

Open pekuz opened 1 year ago

pekuz commented 1 year ago

Using 0.11.5.

Prepared a config using the config builder:

        builder.withDialects(new SMB2Dialect[]{SMB_2_1, SMB_3_1_1})
                .withDfsEnabled(false)
                .withMultiProtocolNegotiate(false)  // no SMB1
                .withRandomProvider(new Random(System.currentTimeMillis()))
                .withSigningRequired(false)
                .withSecurityProvider(new BCSecurityProvider())

But later getting from Windows Server 2016 an unexpected response:

STATUS_INVALID_PARAMETER (0xc000000d): Failure during dialect negotiation
at com.hierynomus.smbj.connection.SMBProtocolNegotiator.negotiateDialect(SMBProtocolNegotiator.java:79)
at com.hierynomus.smbj.connection.Connection.connect(Connection.java:141)

By observation, the choice of two dialects is at cause:

    .withDialects(new SMB2Dialect[]{SMB_2_1, SMB_3_1_1})

The intent is to configure two dialects, one recent and one for backward compatibility with older Windows and let negotiation pick the highest version both ends agree on.

pekuz commented 1 year ago

working combinations are:

 .withDialects(new SMB2Dialect[]{SMB_2_1})

or

 .withDialects(new SMB2Dialect[]{SMB_3_1_1})

or not setting dialects at all, which defaults to:

  .withDialects(SMB_3_1_1, SMB_3_0_2, SMB_3_0, SMB_2_1, SMB_2_0_2)
hierynomus commented 1 year ago

Have you tried setting signingRequired to true? That's the only one that might be influencing the behaviour of the server.

pekuz commented 1 year ago

Hi Jeroen,

signingRequired was default, false. I tried to vary encryptData but to no effect.

My initial motivation for selecting the two dialects is to simplify testing.

Now, from MS doc, I understand 3.1.1 should imply all lower versions in 3.x and 2.x line. It has not matched observed behaviour, if I selected 3.1.1 (only) client could not connect to Windows Server 2008 shares (they are capped at 2.1).

My weakly-informed conclusion that some parameter combinations are upfront invalid by the spec, and it’d be, at least, convenient to validate at the client side rather than sending an invalid request to the server.

Hope it helps Cc.

From: Jeroen van Erp @.> Sent: Monday, August 14, 2023 12:21 To: hierynomus/smbj @.> Cc: Petr Kuzel @.>; Author @.> Subject: Re: [hierynomus/smbj] STATUS_INVALID_PARAMETER (0xc000000d): Failure during dialect negotiation (SMB_2_1, SMB_3_1_1) (Issue #777)

Have you tried setting signingRequired to true? That's the only one that might be influencing the behaviour of the server.

— Reply to this email directly, view it on GitHubhttps://github.com/hierynomus/smbj/issues/777#issuecomment-1677064769, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AFR3WFPO2IJGU6QZW6SXTALXVH32LANCNFSM6AAAAAA2WUZCBA. You are receiving this because you authored the thread.Message ID: @.***>