Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#30 ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETER

none
closed-fixed
nobody
blue (1)
high
2014-03-20
2013-07-11
William M. Rawls
No

Windows 8.1 and Windows Server 2012 R2 have changed something such that a winexe command that would otherwise work against other versions of windows for some reason fails with:

ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETER

We use winexe extensively and everything has been fine until we tried Windows 8.1 "Blue".

When the same command is then run with -d 11 the last few lines look like this:

Shutdown SMB signing
SMB Signing is not negotiated by the peer
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 21 20 90 DB A7 BC 3B 8D ! ....;.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB Signing is not negotiated by the peer
IN: async_open(\pipe\ahexec, 2)
IN: async_open_recv
ERROR: smb_raw_open_recv - NT_STATUS_INVALID_PARAMETER
ERROR: on_ctrl_pipe_error - NT_STATUS_INVALID_PARAMETER
ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETER

The winexesvc service is installed and running.

NOTE: We have had to add two lines to any EXE in our own code (C#) to get previously outbound communication working where it was working fine even in Windows 8:

        ServicePointManager.Expect100Continue = true;
        ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;

I wonder if something similar is going on here?

Discussion

1 2 > >> (Page 1 of 2)
  • I should clarify that I get the same results for both Windows 8.1 and Windows Server 2012 R2.

     
  • I've managed to download and compile the windows service which I believe to be where a change would need to be made. I also turned on the debug output. Here's the contents of the log from the failed attempt (Windows Blue / Server 2012 R2):

    ----Begin Bad
    winexesvc: StartServiceCtrlDispatcher 126
    winexesvc: RegisterServiceCtrlHandler
    winexesvc: Returning the Main Thread
    server_loop: alive
    server_loop: CreatePipesSA done
    server_loop: Create Pipe
    server_loop: Connect Pipe
    server_loop: Connect Pipe(0) pending
    ----End Bad

    For reference, here's the same command executed against another machine running Windows Server 2008 R2 using the same winexesvc.exe with debug logging turned on:

    ----Begin Good
    winexesvc: StartServiceCtrlDispatcher 126
    winexesvc: StartServiceCtrlDispatcher (1063)
    winexesvc: StartServiceCtrlDispatcher 126
    winexesvc: RegisterServiceCtrlHandler
    server_loop: alive
    winexesvc: Returning the Main Thread
    server_loop: CreatePipesSA done
    server_loop: Create Pipe
    server_loop: Connect Pipe
    server_loop: Connect Pipe(0) pending
    server_loop: CreateThread
    server_loop: Thread created
    server_loop: Create Pipe
    server_loop: Connect Pipe
    server_loop: Connect Pipe(0) pending
    Retrieved line: "get version"
    Retrieved line: "run ipconfig"
    WaitForMultipleObjects=1
    server_loop: CreateThread
    server_loop: Thread created
    server_loop: Create Pipe
    server_loop: Connect Pipe
    server_loop: Connect Pipe(0) pending
    Retrieved line: "get version"
    Retrieved line: "run ipconfig"
    WaitForMultipleObjects=1
    ----End Good

     
    Last edit: William M. Rawls 2013-07-11
  • ahajda
    ahajda
    2013-07-12

    It seems the problem is between winexe and windows 8.1, winexesvc seems to be ok so far.
    Could you check if smbclient works properly? Ie run it with the same credentials and try to connect to share //host/admin$, pleasu use -d99 option, please post logs.

     
  • I will point out there was no problem with winexe contacting, authenticating and installing the winexesvc service into Windows Blue. It was not until winexe attempted to receive from the ahexec pipe that things stopped.

    Here's the requested runs: (IPs and names changed but consistent)

    smbclient against Windows Blue 8.1 Accessing ADMIN$ (no issues?):

    ----Begin Blue
    INFO: Current debug levels:
    all: 99
    tdb: 99
    printdrivers: 99
    lanman: 99
    smb: 99
    rpc_parse: 99
    rpc_srv: 99
    rpc_cli: 99
    passdb: 99
    sam: 99
    auth: 99
    winbind: 99
    vfs: 99
    idmap: 99
    quota: 99
    acls: 99
    locking: 99
    msdfs: 99
    dmapi: 99
    registry: 99
    lp_load_ex: refreshing parameters
    Initialising global parameters
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
    INFO: Current debug levels:
    all: 99
    tdb: 99
    printdrivers: 99
    lanman: 99
    smb: 99
    rpc_parse: 99
    rpc_srv: 99
    rpc_cli: 99
    passdb: 99
    sam: 99
    auth: 99
    winbind: 99
    vfs: 99
    idmap: 99
    quota: 99
    acls: 99
    locking: 99
    msdfs: 99
    dmapi: 99
    registry: 99
    params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
    Processing section "[global]"
    doing parameter workgroup = MYDOMAIN
    doing parameter server string = Samba Server Version %v
    doing parameter log file = /var/log/samba/log.%m
    doing parameter max log size = 50
    doing parameter security = user
    doing parameter passdb backend = tdbsam
    doing parameter load printers = yes
    doing parameter cups options = raw
    pm_process() returned Yes
    lp_servicenumber: couldn't find homes
    set_server_role: role = ROLE_STANDALONE
    Substituting charset 'UTF-8' for LOCALE
    added interface eth0 ip=10.10.10.45 bcast=10.10.10.63 netmask=255.255.255.224
    Netbios name list:-
    my_netbios_names[0]="MYMGR"
    Client started (version 3.6.9-151.el6).
    s3_event: Added timed event "tevent_req_timedout": 0x11ee558
    s3_event: Added timed event "tevent_req_timedout": 0x11ee8f0
    Running timed event "tevent_req_timedout" 0x11ee558
    s3_event: Destroying timer event 0x11ee558 "tevent_req_timedout"
    s3_event: Added timed event "tevent_req_timedout": 0x11ee4b8
    Connecting to 10.10.10.51 at port 445
    s3_event: Added timed event "tevent_req_timedout": 0x11eead0
    s3_event: Destroying timer event 0x11eead0 "tevent_req_timedout"
    s3_event: Destroying timer event 0x11ee4b8 "tevent_req_timedout"
    Socket options:
    SO_KEEPALIVE = 0
    SO_REUSEADDR = 0
    SO_BROADCAST = 0
    TCP_NODELAY = 1
    TCP_KEEPCNT = 9
    TCP_KEEPIDLE = 7200
    TCP_KEEPINTVL = 75
    IPTOS_LOWDELAY = 0
    IPTOS_THROUGHPUT = 0
    SO_SNDBUF = 22120
    SO_RCVBUF = 87380
    SO_SNDLOWAT = 1
    SO_RCVLOWAT = 1
    SO_SNDTIMEO = 0
    SO_RCVTIMEO = 0
    TCP_QUICKACK = 1
    session request ok
    Substituting charset 'UTF-8' for LOCALE
    s3_event: Added timed event "tevent_req_timedout": 0x11ee848
    s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x11cd2f0
    s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x11cd2f0
    s3_event: Destroying timer event 0x11ee848 "tevent_req_timedout"
    Doing spnego session setup (blob length=293)
    got OID=1.3.6.1.4.1.311.2.2.30
    got OID=1.3.6.1.4.1.311.2.2.10
    got principal=<null>
    negotiate: struct NEGOTIATE_MESSAGE
    Signature : 'NTLMSSP'
    MessageType : NtLmNegotiate (1)
    NegotiateFlags : 0x60088215 (1611170325)
    1: NTLMSSP_NEGOTIATE_UNICODE
    0: NTLMSSP_NEGOTIATE_OEM
    1: NTLMSSP_REQUEST_TARGET
    1: NTLMSSP_NEGOTIATE_SIGN
    0: NTLMSSP_NEGOTIATE_SEAL
    0: NTLMSSP_NEGOTIATE_DATAGRAM
    0: NTLMSSP_NEGOTIATE_LM_KEY
    0: NTLMSSP_NEGOTIATE_NETWARE
    1: NTLMSSP_NEGOTIATE_NTLM
    0: NTLMSSP_NEGOTIATE_NT_ONLY
    0: NTLMSSP_ANONYMOUS
    0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
    0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
    0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
    1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    0: NTLMSSP_TARGET_TYPE_DOMAIN
    0: NTLMSSP_TARGET_TYPE_SERVER
    0: NTLMSSP_TARGET_TYPE_SHARE
    1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    0: NTLMSSP_NEGOTIATE_IDENTIFY
    0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
    0: NTLMSSP_NEGOTIATE_TARGET_INFO
    0: NTLMSSP_NEGOTIATE_VERSION
    1: NTLMSSP_NEGOTIATE_128
    1: NTLMSSP_NEGOTIATE_KEY_EXCH
    0: NTLMSSP_NEGOTIATE_56
    DomainNameLen : 0x000b (11)
    DomainNameMaxLen : 0x000b (11)
    DomainName :
    DomainName : 'MYDOMAIN'
    WorkstationLen : 0x0006 (6)
    WorkstationMaxLen : 0x0006 (6)
    Workstation :

    Workstation : 'MYMGR'
    challenge: struct CHALLENGE_MESSAGE
    Signature : 'NTLMSSP'
    MessageType : NtLmChallenge (0x2)
    TargetNameLen : 0x0012 (18)
    TargetNameMaxLen : 0x0012 (18)
    TargetName :
    TargetName : 'WRBLUE64A'
    NegotiateFlags : 0x628a8215 (1653244437)
    1: NTLMSSP_NEGOTIATE_UNICODE
    0: NTLMSSP_NEGOTIATE_OEM
    1: NTLMSSP_REQUEST_TARGET
    1: NTLMSSP_NEGOTIATE_SIGN
    0: NTLMSSP_NEGOTIATE_SEAL
    0: NTLMSSP_NEGOTIATE_DATAGRAM
    0: NTLMSSP_NEGOTIATE_LM_KEY
    0: NTLMSSP_NEGOTIATE_NETWARE
    1: NTLMSSP_NEGOTIATE_NTLM
    0: NTLMSSP_NEGOTIATE_NT_ONLY
    0: NTLMSSP_ANONYMOUS
    0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
    0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
    0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
    1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    0: NTLMSSP_TARGET_TYPE_DOMAIN
    1: NTLMSSP_TARGET_TYPE_SERVER
    0: NTLMSSP_TARGET_TYPE_SHARE
    1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    0: NTLMSSP_NEGOTIATE_IDENTIFY
    0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
    1: NTLMSSP_NEGOTIATE_TARGET_INFO
    1: NTLMSSP_NEGOTIATE_VERSION
    1: NTLMSSP_NEGOTIATE_128
    1: NTLMSSP_NEGOTIATE_KEY_EXCH
    0: NTLMSSP_NEGOTIATE_56
    ServerChallenge : 311bf7385055fdd5
    Reserved : 0000000000000000
    TargetInfoLen : 0x0068 (104)
    TargetNameInfoMaxLen : 0x0068 (104)
    TargetInfo :

    TargetInfo: struct AV_PAIR_LIST
    count : 0x00000006 (6)
    pair: ARRAY(6)
    pair: struct AV_PAIR
    AvId : MsvAvNbDomainName (0x2)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x2)
    AvNbDomainName : 'WRBLUE64A'
    pair: struct AV_PAIR
    AvId : MsvAvNbComputerName (0x1)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x1)
    AvNbComputerName : 'WRBLUE64A'
    pair: struct AV_PAIR
    AvId : MsvAvDnsDomainName (0x4)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x4)
    AvDnsDomainName : 'wrBlue64A'
    pair: struct AV_PAIR
    AvId : MsvAvDnsComputerName (0x3)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x3)
    AvDnsComputerName : 'wrBlue64A'
    pair: struct AV_PAIR
    AvId : MsvAvTimestamp (0x7)
    AvLen : 0x0008 (8)
    Value : union ntlmssp_AvValue(case 0x7)
    AvTimestamp : Fri Jul 12 12:41:20 PM 2013 PDT
    pair: struct AV_PAIR
    AvId : MsvAvEOL (0x0)
    AvLen : 0x0000 (0)
    Value : union ntlmssp_AvValue(case 0x0)
    Version: struct ntlmssp_VERSION
    ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6)
    ProductMinorVersion : UNKNOWN_ENUM_VALUE (0x3)
    ProductBuild : 0x24d7 (9431)
    Reserved : 000000
    NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF)
    Got challenge flags:
    Got NTLMSSP neg_flags=0x628a8215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    NTLMSSP: Set final flags:
    Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    authenticate: struct AUTHENTICATE_MESSAGE
    Signature : 'NTLMSSP'
    MessageType : NtLmAuthenticate (3)
    LmChallengeResponseLen : 0x0018 (24)
    LmChallengeResponseMaxLen: 0x0018 (24)
    LmChallengeResponse :
    LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
    v1: struct LM_RESPONSE
    Response : ffefeed7339c1ba1a21b69bf788fa900c6bc6c9ff50eabe9
    NtChallengeResponseLen : 0x0094 (148)
    NtChallengeResponseMaxLen: 0x0094 (148)
    NtChallengeResponse :

    NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 148)
    v2: struct NTLMv2_RESPONSE
    Response : 8feb358469c697abeb9a80e0c3f3fa6e
    Challenge: struct NTLMv2_CLIENT_CHALLENGE
    RespType : 0x01 (1)
    HiRespType : 0x01 (1)
    Reserved1 : 0x0000 (0)
    Reserved2 : 0x00000000 (0)
    TimeStamp : Fri Jul 12 12:41:14 PM 2013 PDT
    ChallengeFromClient : a233254d940c1760
    Reserved3 : 0x00000000 (0)
    AvPairs: struct AV_PAIR_LIST
    count : 0x00000006 (6)
    pair: ARRAY(6)
    pair: struct AV_PAIR
    AvId : MsvAvNbDomainName (0x2)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x2)
    AvNbDomainName : 'WRBLUE64A'
    pair: struct AV_PAIR
    AvId : MsvAvNbComputerName (0x1)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x1)
    AvNbComputerName : 'WRBLUE64A'
    pair: struct AV_PAIR
    AvId : MsvAvDnsDomainName (0x4)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x4)
    AvDnsDomainName : 'wrBlue64A'
    pair: struct AV_PAIR
    AvId : MsvAvDnsComputerName (0x3)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x3)
    AvDnsComputerName : 'wrBlue64A'
    pair: struct AV_PAIR
    AvId : MsvAvTimestamp (0x7)
    AvLen : 0x0008 (8)
    Value : union ntlmssp_AvValue(case 0x7)
    AvTimestamp : Fri Jul 12 12:41:20 PM 2013 PDT
    pair: struct AV_PAIR
    AvId : MsvAvEOL (0x0)
    AvLen : 0x0000 (0)
    Value : union ntlmssp_AvValue(case 0x0)
    DomainNameLen : 0x0016 (22)
    DomainNameMaxLen : 0x0016 (22)
    DomainName :
    DomainName : 'MYDOMAIN'
    UserNameLen : 0x001a (26)
    UserNameMaxLen : 0x001a (26)
    UserName :

    UserName : 'Administrator'
    WorkstationLen : 0x000c (12)
    WorkstationMaxLen : 0x000c (12)
    Workstation :
    Workstation : 'MYMGR'
    EncryptedRandomSessionKeyLen: 0x0010 (16)
    EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
    EncryptedRandomSessionKey:

    EncryptedRandomSessionKey: DATA_BLOB length=16
    [0000] 14 A8 B2 46 B7 B4 7C 8F C2 E2 E2 5D B2 00 DD 81 ...F..|. ...]....
    NegotiateFlags : 0x60088215 (1611170325)
    1: NTLMSSP_NEGOTIATE_UNICODE
    0: NTLMSSP_NEGOTIATE_OEM
    1: NTLMSSP_REQUEST_TARGET
    1: NTLMSSP_NEGOTIATE_SIGN
    0: NTLMSSP_NEGOTIATE_SEAL
    0: NTLMSSP_NEGOTIATE_DATAGRAM
    0: NTLMSSP_NEGOTIATE_LM_KEY
    0: NTLMSSP_NEGOTIATE_NETWARE
    1: NTLMSSP_NEGOTIATE_NTLM
    0: NTLMSSP_NEGOTIATE_NT_ONLY
    0: NTLMSSP_ANONYMOUS
    0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
    0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
    0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
    1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    0: NTLMSSP_TARGET_TYPE_DOMAIN
    0: NTLMSSP_TARGET_TYPE_SERVER
    0: NTLMSSP_TARGET_TYPE_SHARE
    1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    0: NTLMSSP_NEGOTIATE_IDENTIFY
    0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
    0: NTLMSSP_NEGOTIATE_TARGET_INFO
    0: NTLMSSP_NEGOTIATE_VERSION
    1: NTLMSSP_NEGOTIATE_128
    1: NTLMSSP_NEGOTIATE_KEY_EXCH
    0: NTLMSSP_NEGOTIATE_56
    NTLMSSP Sign/Seal - Initialising with flags:
    Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    cli_init_creds: user Administrator domain MYDOMAIN
    Domain=[WRBLUE64A] OS=[Windows 8.1 Enterprise Preview 9431] Server=[Windows 8.1 Enterprise Preview 6.3]
    session setup ok
    s3_event: Added timed event "tevent_req_timedout": 0x11ee1d0
    s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x11cd2f0
    s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x11cd2f0
    s3_event: Destroying timer event 0x11ee1d0 "tevent_req_timedout"
    tconx ok
    smb: >
    ----End Blue
    subsequent "ls" produced the expected results (c:\windows contents)

    smbclient against Windows Server 2008 R2 Accessing ADMIN$ (no issues?):

    ----Begin 2008
    INFO: Current debug levels:
    all: 99
    tdb: 99
    printdrivers: 99
    lanman: 99
    smb: 99
    rpc_parse: 99
    rpc_srv: 99
    rpc_cli: 99
    passdb: 99
    sam: 99
    auth: 99
    winbind: 99
    vfs: 99
    idmap: 99
    quota: 99
    acls: 99
    locking: 99
    msdfs: 99
    dmapi: 99
    registry: 99
    lp_load_ex: refreshing parameters
    Initialising global parameters
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
    INFO: Current debug levels:
    all: 99
    tdb: 99
    printdrivers: 99
    lanman: 99
    smb: 99
    rpc_parse: 99
    rpc_srv: 99
    rpc_cli: 99
    passdb: 99
    sam: 99
    auth: 99
    winbind: 99
    vfs: 99
    idmap: 99
    quota: 99
    acls: 99
    locking: 99
    msdfs: 99
    dmapi: 99
    registry: 99
    params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
    Processing section "[global]"
    doing parameter workgroup = MYDOMAIN
    doing parameter server string = Samba Server Version %v
    doing parameter log file = /var/log/samba/log.%m
    doing parameter max log size = 50
    doing parameter security = user
    doing parameter passdb backend = tdbsam
    doing parameter load printers = yes
    doing parameter cups options = raw
    pm_process() returned Yes
    lp_servicenumber: couldn't find homes
    set_server_role: role = ROLE_STANDALONE
    Substituting charset 'UTF-8' for LOCALE
    added interface eth0 ip=10.10.10.45 bcast=10.10.10.63 netmask=255.255.255.224
    Netbios name list:-
    my_netbios_names[0]="MYMGR"
    Client started (version 3.6.9-151.el6).
    s3_event: Added timed event "tevent_req_timedout": 0x1b02558
    s3_event: Added timed event "tevent_req_timedout": 0x1b028f0
    Running timed event "tevent_req_timedout" 0x1b02558
    s3_event: Destroying timer event 0x1b02558 "tevent_req_timedout"
    s3_event: Added timed event "tevent_req_timedout": 0x1b024b8
    Connecting to 10.10.10.35 at port 445
    s3_event: Added timed event "tevent_req_timedout": 0x1b02ad0
    s3_event: Destroying timer event 0x1b02ad0 "tevent_req_timedout"
    s3_event: Destroying timer event 0x1b024b8 "tevent_req_timedout"
    Socket options:
    SO_KEEPALIVE = 0
    SO_REUSEADDR = 0
    SO_BROADCAST = 0
    TCP_NODELAY = 1
    TCP_KEEPCNT = 9
    TCP_KEEPIDLE = 7200
    TCP_KEEPINTVL = 75
    IPTOS_LOWDELAY = 0
    IPTOS_THROUGHPUT = 0
    SO_SNDBUF = 22120
    SO_RCVBUF = 87380
    SO_SNDLOWAT = 1
    SO_RCVLOWAT = 1
    SO_SNDTIMEO = 0
    SO_RCVTIMEO = 0
    TCP_QUICKACK = 1
    session request ok
    Substituting charset 'UTF-8' for LOCALE
    s3_event: Added timed event "tevent_req_timedout": 0x1b02848
    s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x1ae12f0
    s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x1ae12f0
    s3_event: Destroying timer event 0x1b02848 "tevent_req_timedout"
    Doing spnego session setup (blob length=136)
    got OID=1.3.6.1.4.1.311.2.2.30
    got OID=1.2.840.48018.1.2.2
    got OID=1.2.840.113554.1.2.2
    got OID=1.2.840.113554.1.2.2.3
    got OID=1.3.6.1.4.1.311.2.2.10
    got principal=not_defined_in_RFC4178@please_ignore
    negotiate: struct NEGOTIATE_MESSAGE
    Signature : 'NTLMSSP'
    MessageType : NtLmNegotiate (1)
    NegotiateFlags : 0x60088215 (1611170325)
    1: NTLMSSP_NEGOTIATE_UNICODE
    0: NTLMSSP_NEGOTIATE_OEM
    1: NTLMSSP_REQUEST_TARGET
    1: NTLMSSP_NEGOTIATE_SIGN
    0: NTLMSSP_NEGOTIATE_SEAL
    0: NTLMSSP_NEGOTIATE_DATAGRAM
    0: NTLMSSP_NEGOTIATE_LM_KEY
    0: NTLMSSP_NEGOTIATE_NETWARE
    1: NTLMSSP_NEGOTIATE_NTLM
    0: NTLMSSP_NEGOTIATE_NT_ONLY
    0: NTLMSSP_ANONYMOUS
    0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
    0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
    0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
    1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    0: NTLMSSP_TARGET_TYPE_DOMAIN
    0: NTLMSSP_TARGET_TYPE_SERVER
    0: NTLMSSP_TARGET_TYPE_SHARE
    1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    0: NTLMSSP_NEGOTIATE_IDENTIFY
    0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
    0: NTLMSSP_NEGOTIATE_TARGET_INFO
    0: NTLMSSP_NEGOTIATE_VERSION
    1: NTLMSSP_NEGOTIATE_128
    1: NTLMSSP_NEGOTIATE_KEY_EXCH
    0: NTLMSSP_NEGOTIATE_56
    DomainNameLen : 0x000b (11)
    DomainNameMaxLen : 0x000b (11)
    DomainName :
    DomainName : 'MYDOMAIN'
    WorkstationLen : 0x0006 (6)
    WorkstationMaxLen : 0x0006 (6)
    Workstation :

    Workstation : 'MYMGR'
    challenge: struct CHALLENGE_MESSAGE
    Signature : 'NTLMSSP'
    MessageType : NtLmChallenge (0x2)
    TargetNameLen : 0x0016 (22)
    TargetNameMaxLen : 0x0016 (22)
    TargetName :
    TargetName : 'MYDOMAIN'
    NegotiateFlags : 0x62898215 (1653178901)
    1: NTLMSSP_NEGOTIATE_UNICODE
    0: NTLMSSP_NEGOTIATE_OEM
    1: NTLMSSP_REQUEST_TARGET
    1: NTLMSSP_NEGOTIATE_SIGN
    0: NTLMSSP_NEGOTIATE_SEAL
    0: NTLMSSP_NEGOTIATE_DATAGRAM
    0: NTLMSSP_NEGOTIATE_LM_KEY
    0: NTLMSSP_NEGOTIATE_NETWARE
    1: NTLMSSP_NEGOTIATE_NTLM
    0: NTLMSSP_NEGOTIATE_NT_ONLY
    0: NTLMSSP_ANONYMOUS
    0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
    0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
    0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
    1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    1: NTLMSSP_TARGET_TYPE_DOMAIN
    0: NTLMSSP_TARGET_TYPE_SERVER
    0: NTLMSSP_TARGET_TYPE_SHARE
    1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    0: NTLMSSP_NEGOTIATE_IDENTIFY
    0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
    1: NTLMSSP_NEGOTIATE_TARGET_INFO
    1: NTLMSSP_NEGOTIATE_VERSION
    1: NTLMSSP_NEGOTIATE_128
    1: NTLMSSP_NEGOTIATE_KEY_EXCH
    0: NTLMSSP_NEGOTIATE_56
    ServerChallenge : eb2a13f81388e85f
    Reserved : 0000000000000000
    TargetInfoLen : 0x0102 (258)
    TargetNameInfoMaxLen : 0x0102 (258)
    TargetInfo :

    TargetInfo: struct AV_PAIR_LIST
    count : 0x00000007 (7)
    pair: ARRAY(7)
    pair: struct AV_PAIR
    AvId : MsvAvNbDomainName (0x2)
    AvLen : 0x0016 (22)
    Value : union ntlmssp_AvValue(case 0x2)
    AvNbDomainName : 'MYDOMAIN'
    pair: struct AV_PAIR
    AvId : MsvAvNbComputerName (0x1)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x1)
    AvNbComputerName : 'MYLAB3'
    pair: struct AV_PAIR
    AvId : MsvAvDnsDomainName (0x4)
    AvLen : 0x0036 (54)
    Value : union ntlmssp_AvValue(case 0x4)
    AvDnsDomainName : 'MYdomain.my.company.com'
    pair: struct AV_PAIR
    AvId : MsvAvDnsComputerName (0x3)
    AvLen : 0x004a (74)
    Value : union ntlmssp_AvValue(case 0x3)
    AvDnsComputerName : 'MYLAB3.MYdomain.my.company.com'
    pair: struct AV_PAIR
    AvId : MsvAvDnsTreeName (0x5)
    AvLen : 0x0036 (54)
    Value : union ntlmssp_AvValue(case 0x5)
    AvDnsTreeName : 'MYdomain.my.company.com'
    pair: struct AV_PAIR
    AvId : MsvAvTimestamp (0x7)
    AvLen : 0x0008 (8)
    Value : union ntlmssp_AvValue(case 0x7)
    AvTimestamp : Fri Jul 12 12:49:33 PM 2013 PDT
    pair: struct AV_PAIR
    AvId : MsvAvEOL (0x0)
    AvLen : 0x0000 (0)
    Value : union ntlmssp_AvValue(case 0x0)
    Version: struct ntlmssp_VERSION
    ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6)
    ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1)
    ProductBuild : 0x1db1 (7601)
    Reserved : 000000
    NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF)
    Got challenge flags:
    Got NTLMSSP neg_flags=0x62898215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    NTLMSSP: Set final flags:
    Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    authenticate: struct AUTHENTICATE_MESSAGE
    Signature : 'NTLMSSP'
    MessageType : NtLmAuthenticate (3)
    LmChallengeResponseLen : 0x0018 (24)
    LmChallengeResponseMaxLen: 0x0018 (24)
    LmChallengeResponse :
    LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
    v1: struct LM_RESPONSE
    Response : 3eba257ca6cf727d8cdabc89800e6e0773e7a6cb9038576a
    NtChallengeResponseLen : 0x012e (302)
    NtChallengeResponseMaxLen: 0x012e (302)
    NtChallengeResponse :

    NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 302)
    v2: struct NTLMv2_RESPONSE
    Response : d05718e66dec94a4a5b031f6f54ca337
    Challenge: struct NTLMv2_CLIENT_CHALLENGE
    RespType : 0x01 (1)
    HiRespType : 0x01 (1)
    Reserved1 : 0x0000 (0)
    Reserved2 : 0x00000000 (0)
    TimeStamp : Fri Jul 12 12:50:10 PM 2013 PDT
    ChallengeFromClient : cd7e8570d41ff6be
    Reserved3 : 0x00000000 (0)
    AvPairs: struct AV_PAIR_LIST
    count : 0x00000007 (7)
    pair: ARRAY(7)
    pair: struct AV_PAIR
    AvId : MsvAvNbDomainName (0x2)
    AvLen : 0x0016 (22)
    Value : union ntlmssp_AvValue(case 0x2)
    AvNbDomainName : 'MYDOMAIN'
    pair: struct AV_PAIR
    AvId : MsvAvNbComputerName (0x1)
    AvLen : 0x0012 (18)
    Value : union ntlmssp_AvValue(case 0x1)
    AvNbComputerName : 'MYLAB3'
    pair: struct AV_PAIR
    AvId : MsvAvDnsDomainName (0x4)
    AvLen : 0x0036 (54)
    Value : union ntlmssp_AvValue(case 0x4)
    AvDnsDomainName : 'MYdomain.my.company.com'
    pair: struct AV_PAIR
    AvId : MsvAvDnsComputerName (0x3)
    AvLen : 0x004a (74)
    Value : union ntlmssp_AvValue(case 0x3)
    AvDnsComputerName : 'MYLAB3.MYdomain.my.company.com'
    pair: struct AV_PAIR
    AvId : MsvAvDnsTreeName (0x5)
    AvLen : 0x0036 (54)
    Value : union ntlmssp_AvValue(case 0x5)
    AvDnsTreeName : 'MYdomain.my.company.com'
    pair: struct AV_PAIR
    AvId : MsvAvTimestamp (0x7)
    AvLen : 0x0008 (8)
    Value : union ntlmssp_AvValue(case 0x7)
    AvTimestamp : Fri Jul 12 12:49:33 PM 2013 PDT
    pair: struct AV_PAIR
    AvId : MsvAvEOL (0x0)
    AvLen : 0x0000 (0)
    Value : union ntlmssp_AvValue(case 0x0)
    DomainNameLen : 0x0016 (22)
    DomainNameMaxLen : 0x0016 (22)
    DomainName :
    DomainName : 'MYDOMAIN'
    UserNameLen : 0x001a (26)
    UserNameMaxLen : 0x001a (26)
    UserName :

    UserName : 'Administrator'
    WorkstationLen : 0x000c (12)
    WorkstationMaxLen : 0x000c (12)
    Workstation :
    Workstation : 'MYMGR'
    EncryptedRandomSessionKeyLen: 0x0010 (16)
    EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
    EncryptedRandomSessionKey:

    EncryptedRandomSessionKey: DATA_BLOB length=16
    [0000] 91 3C EE FC A7 AB 69 4F 96 CC 37 19 FD BB 23 44 .<....iO ..7...#D
    NegotiateFlags : 0x60088215 (1611170325)
    1: NTLMSSP_NEGOTIATE_UNICODE
    0: NTLMSSP_NEGOTIATE_OEM
    1: NTLMSSP_REQUEST_TARGET
    1: NTLMSSP_NEGOTIATE_SIGN
    0: NTLMSSP_NEGOTIATE_SEAL
    0: NTLMSSP_NEGOTIATE_DATAGRAM
    0: NTLMSSP_NEGOTIATE_LM_KEY
    0: NTLMSSP_NEGOTIATE_NETWARE
    1: NTLMSSP_NEGOTIATE_NTLM
    0: NTLMSSP_NEGOTIATE_NT_ONLY
    0: NTLMSSP_ANONYMOUS
    0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
    0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
    0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
    1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    0: NTLMSSP_TARGET_TYPE_DOMAIN
    0: NTLMSSP_TARGET_TYPE_SERVER
    0: NTLMSSP_TARGET_TYPE_SHARE
    1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    0: NTLMSSP_NEGOTIATE_IDENTIFY
    0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
    0: NTLMSSP_NEGOTIATE_TARGET_INFO
    0: NTLMSSP_NEGOTIATE_VERSION
    1: NTLMSSP_NEGOTIATE_128
    1: NTLMSSP_NEGOTIATE_KEY_EXCH
    0: NTLMSSP_NEGOTIATE_56
    NTLMSSP Sign/Seal - Initialising with flags:
    Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    cli_init_creds: user Administrator domain MYDOMAIN
    Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7601 Service Pack 1] Server=[Windows Server 2008 R2 Enterprise 6.1]
    session setup ok
    s3_event: Added timed event "tevent_req_timedout": 0x1b02698
    s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x1ae12f0
    s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x1ae12f0
    s3_event: Destroying timer event 0x1b02698 "tevent_req_timedout"
    tconx ok
    smb: >
    ----End 2008

     
  • I've run some custom code that can read and write to a remote named pipe and the ahexec pipe is able to be written to and read from. Also PSExec works fine with 8.1.

     
  • Ok. After much digging and hacking through code as well as reading a bunch of sites and even talking with MS about the subject, it appears the root cause of this problem is that Microsoft has removed SMB 1.0 from Windows 8.1 and Windows Server 2012 R2. See: http://technet.microsoft.com/en-us/library/dn303411.aspx for the full list of things removed. After spending as much time with the winexe code as I have (granted only a few days), it appears that winexe uses the SMB 1.0 library of smbclient. For backwards compatibility that makes sense. I myself use the lowest common demoninator to insure as many people as possible can use my code.

    Assuming I'm on the mark, winexe or winexe-waf (built yesterday) is going to hit a wall if it does not use at least SMB2 when SMB1 isn't available.

    This is the point at which I'm hoping you shoot me down and point something out that I don't know.

    smbclient has no problem communicating with the socket. I assume that executable automatically tries to use newer SMB versions...

    Don't suppose there's some switch I can flip somewhere in the code is there?

     
  • Mark
    Mark
    2013-07-20

    in shell use

    cat </dev/null|winexe

    this works

    Why ... I wouldn't know

     
    Last edit: Thomas Hood 2013-07-20
  • Just tried your suggestion. Same result:

    ERROR: smb_raw_open_recv - NT_STATUS_INVALID_PARAMETER
    ERROR: on_ctrl_pipe_error - NT_STATUS_INVALID_PARAMETER
    ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETER

     
  • I can tell you the error is happening when smbcli_request_is_error(req) is called in smb_raw_open_recv. Apparently req->state is 2. smbcli_request_receive(req) completes fine.

     
  • Mark
    Mark
    2013-07-20

    I use it (cat </dev/null|winexe) in shell script

    preusercmd.sh

    ...
    cat </dev/null|$WINEXE --uninstall --interactive=0 -U $UNAME -W $WRKGRP
    --password=$PWD //$BOX 'cmd.exe /c c:backuppcpre-exec.cmd'
    ....

    This worked for me

     
    Last edit: Thomas Hood 2013-07-20
  • I tried it that way at your suggestion but still same error. Are you running these commands against Windows 8.1 Preview and/or Windows Server 2012 R2 Preview (I'm using nearly the latest build).

     
  • ahajda
    ahajda
    2013-07-21

    I suppose Marks's suggestions are for issue with winexe not working with file redirection.
    Regarding your findings about smb/smb2 I suspect it is the main cause, but I suppose I will not be able to take care of this till 2nd half of August. Anyway thanks for digging it should help in patch development.

     
  • I can easily wait a month or so. If I could find some excellent
    documentation on samba I think I might (and I stress might) be able to
    figure it out. Unfortunately this is my first exposure to the inner
    workings of samba. There seems to be a striking lack of developer
    information on it. I'm sure I'm just missing something obvious.

    Wishing you well,
    William M. Rawls
    http://my.william-rawls.info

     
    Last edit: Thomas Hood 2013-08-20
  • Hey. Will here. My boss has asked me to ask you if the enhancement for
    winexe (for win 8/1) is still something you're hoping to get to in August?

    Wishing you well,
    William M. Rawls
    http://my.william-rawls.info

     
    Last edit: Thomas Hood 2013-08-20
  • ahajda
    ahajda
    2013-08-19

    Yes,

    I hope to solve it this week.

    Regards
    Andrzej

     
    Last edit: Thomas Hood 2013-08-20
  • ahajda
    ahajda
    2013-08-22

    I have just uploaded patch which solves the issue, at least on my test machine.

    Please test it, if possible on different OS-es.

     
    • doubleparadoxx
      doubleparadoxx
      2013-11-06

      Is this patch still available?

       
      • Thomas Hood
        Thomas Hood
        2013-11-07

        The patch was applied to the current source code tree. You can obtain the latest source code tree using git.

        git clone git://git.code.sf.net/p/winexe/winexe-waf winexe-winexe-waf
        

        From this you build a prerelease version of winexe 1.1.

         
  • Thomas Hood
    Thomas Hood
    2013-08-22

    • status: open --> closed-fixed
    • Priority: medium --> high
     
  • Note the following basically says, I had to change firewall rules to make this work by allowing Netlogon through the firewall, then everything was fine on Windows XP 32, 7 32, 7 64, 8 32, 8 64, Windows Blue preview, Server 2008 R2, Server 2012, and Server 2012 R2 preview.

    VM XP Failed to open connection (psexec worked)
    Changed firewall file sharing scope Retested Success !

    VM 7 32 Failed to open connection (psexec worked)
    Unblocked NetLogon Retested Success
    VM 7 64 Failed to open connection (psexec worked)
    Unblocked NetLogon Retested Success
    VM 8 32 Failed to open connection (psexec worked)
    Unblocked NetLogon Retested Success
    VM 8 64 Passed Luckily the firewall was messed up so it didn't suffer the same issue
    VM Blue Failed to open connection (psexec worked)
    Unblocked NetLogon Retested Success

    VM 2008 Passed
    HV 2008 Passed
    HV 2012 Passed
    HV 12R2 Passed

    While the testing across OSes was anything but extensive, it still show that the basics are still working across all versions.

     
    Last edit: William M. Rawls 2013-08-23
    • Thomas Hood
      Thomas Hood
      2013-08-24

      1. Wow. We should be testing winexe like this all the time. How do you do it?

      2. Why does psexec works and winexe not (without firewall changes)?

       
  • Thank you so much for your work on this one.

     
    1. I have a hypervisor (Hyper-V in my case) set up already with a virtual machine with each of the operating systems for testing code I write for our products. So it was easy enough to spin up an ubuntu and the other VMs and run the same winexe command against them.

    2. I'd say because psexec isn't sending the authentication the same way as winexe 1.1. I have to double check this but winexe 1.0 also works on all the OSes except the new ones which leads me to believe the way winexe 1.1 does it requires the netlogon service where 1.0 didn't... But that's just conjecture.

     
  • anup wattamwar
    anup wattamwar
    2014-03-13

    how to work this on linux...i am getting the msg NT_STATUS_INVALID_PARAMETER while connecting on windows8.1
    i have tried to compile complete source but not working on ubuntu.
    any patch for winexe-1.0.0 or when is the new winexe-1.1 is releasing

     
  • Thomas Hood
    Thomas Hood
    2014-03-13

    any patch for winexe-1.0.0

    Sorry, no.

    when is the new winexe-1.1 is releasing

    Please build winexe 1.1-prerelease from source (i.e., from the "current" i.e. "winexe-waf" git repository) and use that until winexe is officially released.

     
1 2 > >> (Page 1 of 2)