Project

General

Profile

Actions

Bug #14046

closed

Windows Server 2022 and Windows 11 cannot connect to SMB share

Added by Andy Fiddaman about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
smb - SMB server and client
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

Windows Server 2022 and Windows 11 introduce AES-256-GCM and AES-256-CCM cryptographic suites for SMB 3.1.1 and therefore offers four ciphers during negotiation:

The illumos kernel aborts negotiation if more than two ciphers are presented, since the original SMB 3.1.1 spec only included two.

  6  78071    smb2_find_best_dialect:return     0x311
  6  78072      smb31_decode_neg_ctxs:entry     0xfffffe2d7c565040      0xfffffe00400da9a0      0x311   0x8     0xfffffe32ab38569c      0xfffffe32ab385414
  6  78073     smb31_decode_neg_ctxs:return     0xc000000d
  6   2070 smb2_newrq_negotiate:op-Negotiate-start clnt=10.0.0.77 mid=0x1 uid=0x0 tid=0x0
  6   2069 smb2_newrq_negotiate:op-Negotiate-done clnt=10.0.0.77 mid=0x1 status=0xc000000d

Files

clipboard-202109021156-ecmjm.png (165 KB) clipboard-202109021156-ecmjm.png Andy Fiddaman, 2021-09-02 10:56 AM

Related issues

Related to illumos gate - Feature #13914: smbd encrypt_cipher property should list enabled ciphers explicitlyIn ProgressAlexander Stetsenko2021-06-29

Actions
Related to illumos gate - Feature #14047: Add support for SMB 3.1.1 AES-256In ProgressAlexander Stetsenko

Actions
Actions #1

Updated by Andy Fiddaman about 2 months ago

  • Related to Feature #13914: smbd encrypt_cipher property should list enabled ciphers explicitly added
Actions #2

Updated by Andy Fiddaman about 2 months ago

  • Gerrit CR set to 1689
Actions #3

Updated by Andy Fiddaman about 2 months ago

Actions #4

Updated by Andy Fiddaman about 1 month ago

Tested by connecting to a patched system using SMB clients on Windows 10, Windows 11, MacOS and Linux.
Packet traces show Windows 11 offering four ciphers and the patched system selecting AES-128-GCM.

Actions #5

Updated by Electric Monk about 1 month ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 74e3b2c76b52940c79c5399e1c9c91a35b2b0c16

commit  74e3b2c76b52940c79c5399e1c9c91a35b2b0c16
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date:   2021-09-15T08:15:17.000Z

    14046 Windows Server 2022 and Windows 11 cannot connect to SMB share
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF