[2012/06/27 17:22:50.590215, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0xb8a724a8 [2012/06/27 17:22:50.590385, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/06/27 17:22:50.590440, 5] smbd/server.c:624(smbd_parent_housekeeping) parent housekeeping [2012/06/27 17:22:50.590487, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/06/27 17:22:51.915267, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:51.915368, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:51.915424, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:51.915520, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:22:51.915602, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 54160000FFFFFFFF [2012/06/27 17:22:51.915681, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb8a7a150 [2012/06/27 17:22:51.915775, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 54160000FFFFFFFF [2012/06/27 17:22:51.915987, 3] smbd/server_exit.c:180(exit_server_common) Server exit (termination signal) [2012/06/27 17:22:51.916869, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:51.918234, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:51.918305, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:51.919125, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:22:51.919330, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 4F160000FFFFFFFF [2012/06/27 17:22:51.921336, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb8a6a858 [2012/06/27 17:22:51.921421, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 4F160000FFFFFFFF [2012/06/27 17:22:51.921591, 3] smbd/server_exit.c:180(exit_server_common) Server exit (termination signal) [2012/06/27 17:22:52, 0] smbd/server.c:1051(main) smbd version 3.6.5-cdc-4.5.4-118 started. Copyright Andrew Tridgell and the Samba Team 1992-2011 [2012/06/27 17:22:52, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 [2012/06/27 17:22:52, 4] param/loadparm.c:9621(lp_load_ex) pm_process() returned Yes [2012/06/27 17:22:52, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find homes [2012/06/27 17:22:52, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2012/06/27 17:22:52, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2012/06/27 17:22:52, 4] smbd/sec_ctx.c:174(get_current_groups) get_current_groups: user is in 1 groups: 0 [2012/06/27 17:22:52, 2] lib/tallocmsg.c:124(register_msg_pool_usage) Registered MSG_REQ_POOL_USAGE [2012/06/27 17:22:52, 2] lib/dmallocmsg.c:78(register_dmalloc_msgs) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2012/06/27 17:22:52.165942, 3] param/loadparm.c:9585(lp_load_ex) lp_load_ex: refreshing parameters [2012/06/27 17:22:52.166017, 3] param/loadparm.c:5203(init_globals) Initialising global parameters [2012/06/27 17:22:52.166075, 2] param/loadparm.c:4996(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2012/06/27 17:22:52.166174, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2012/06/27 17:22:52.166242, 3] param/loadparm.c:8323(do_section) Processing section "[global]" doing parameter security = ADS doing parameter realm = ASMB.TEST doing parameter workgroup = ASMB doing parameter netbios name = ubs1204v3 [2012/06/27 17:22:52.166367, 4] param/loadparm.c:7574(handle_netbios_name) handle_netbios_name: set global_myname to: UBS1204V3 doing parameter auth methods = guest, sam, winbind, ntdomain doing parameter machine password timeout = 0 doing parameter passdb backend = tdbsam:/etc/samba/private/passdb.tdb doing parameter kerberos method = secrets and keytab doing parameter client use spnego principal = true doing parameter send spnego principal = Yes doing parameter server signing = auto doing parameter template shell = /bin/bash doing parameter winbind use default domain = Yes doing parameter winbind enum users = No doing parameter winbind enum groups = No doing parameter winbind nested groups = Yes doing parameter ignore syssetgroups error = No doing parameter idmap uid = 1000 - 200000000 [2012/06/27 17:22:52.166895, 1] param/loadparm.c:8005(lp_do_parameter) WARNING: The "idmap uid" option is deprecated doing parameter idmap gid = 1000 - 200000000 [2012/06/27 17:22:52.167011, 1] param/loadparm.c:8005(lp_do_parameter) WARNING: The "idmap gid" option is deprecated doing parameter enable core files = false doing parameter syslog = 0 doing parameter log level = 10 [2012/06/27 17:22:52.167159, 5] ../lib/util/debug.c:330(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 [2012/06/27 17:22:52.167508, 2] param/loadparm.c:8340(do_section) Processing section "[samba-test]" [2012/06/27 17:22:52.167604, 8] param/loadparm.c:6493(add_a_service) add_a_service: Creating snum = 0 for samba-test [2012/06/27 17:22:52.167658, 10] param/loadparm.c:6531(hash_a_service) hash_a_service: creating servicehash [2012/06/27 17:22:52.167702, 10] param/loadparm.c:6540(hash_a_service) hash_a_service: hashing index 0 for service name samba-test doing parameter path = /samba-test doing parameter public = yes doing parameter writable = yes [2012/06/27 17:22:52.167834, 2] param/loadparm.c:8340(do_section) Processing section "[homes]" [2012/06/27 17:22:52.167914, 8] param/loadparm.c:6493(add_a_service) add_a_service: Creating snum = 1 for homes [2012/06/27 17:22:52.167963, 10] param/loadparm.c:6540(hash_a_service) hash_a_service: hashing index 1 for service name homes doing parameter comment = Home directories doing parameter read only = No doing parameter browseable = No [2012/06/27 17:22:52.168097, 4] param/loadparm.c:9621(lp_load_ex) pm_process() returned Yes [2012/06/27 17:22:52.168188, 8] param/loadparm.c:6493(add_a_service) add_a_service: Creating snum = 2 for IPC$ [2012/06/27 17:22:52.168240, 10] param/loadparm.c:6540(hash_a_service) hash_a_service: hashing index 2 for service name IPC$ [2012/06/27 17:22:52.168301, 3] param/loadparm.c:6643(lp_add_ipc) adding IPC service [2012/06/27 17:22:52.168347, 10] param/loadparm_server_role.c:101(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2012/06/27 17:22:52.168403, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2012/06/27 17:22:52.168466, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:22:52.168769, 2] lib/interface.c:341(add_interface) added interface eth0 ip=fe80::20c:29ff:feb7:b9f5%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2012/06/27 17:22:52.168944, 2] lib/interface.c:341(add_interface) added interface eth0 ip=10.100.51.157 bcast=10.100.51.255 netmask=255.255.255.0 [2012/06/27 17:22:52.169030, 3] smbd/server.c:1086(main) loaded services [2012/06/27 17:22:52.169090, 5] lib/util.c:242(init_names) Netbios name list:- my_netbios_names[0]="UBS1204V3" [2012/06/27 17:22:52.169205, 0] smbd/server.c:1107(main) standard input is not a socket, assuming -D option [2012/06/27 17:22:52.169259, 3] smbd/server.c:1118(main) Becoming a daemon. [2012/06/27 17:22:52.176513, 8] ../lib/util/util.c:263(fcntl_lock) fcntl_lock 9 13 0 1 1 [2012/06/27 17:22:52.176644, 8] ../lib/util/util.c:298(fcntl_lock) fcntl_lock: Lock call successful [2012/06/27 17:22:52.176907, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam [2012/06/27 17:22:52.176977, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam' [2012/06/27 17:22:52.177023, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend ldapsam_compat [2012/06/27 17:22:52.177067, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'ldapsam_compat' [2012/06/27 17:22:52.177118, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam [2012/06/27 17:22:52.177168, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam' [2012/06/27 17:22:52.177212, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend NDS_ldapsam_compat [2012/06/27 17:22:52.177256, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'NDS_ldapsam_compat' [2012/06/27 17:22:52.177308, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend IPA_ldapsam [2012/06/27 17:22:52.177354, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'IPA_ldapsam' [2012/06/27 17:22:52.177400, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend smbpasswd [2012/06/27 17:22:52.177445, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'smbpasswd' [2012/06/27 17:22:52.177491, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend tdbsam [2012/06/27 17:22:52.177535, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'tdbsam' [2012/06/27 17:22:52.177582, 5] passdb/pdb_interface.c:71(smb_register_passdb) Attempting to register passdb backend wbc_sam [2012/06/27 17:22:52.177629, 5] passdb/pdb_interface.c:84(smb_register_passdb) Successfully added passdb backend 'wbc_sam' [2012/06/27 17:22:52.177673, 5] passdb/pdb_interface.c:141(make_pdb_method_name) Attempting to find a passdb backend to match tdbsam:/etc/samba/private/passdb.tdb (tdbsam) [2012/06/27 17:22:52.177757, 5] passdb/pdb_interface.c:162(make_pdb_method_name) Found pdb backend tdbsam [2012/06/27 17:22:52.177811, 5] passdb/pdb_interface.c:173(make_pdb_method_name) pdb backend tdbsam:/etc/samba/private/passdb.tdb has a valid init [2012/06/27 17:22:52.178732, 10] registry/reg_backend_db.c:526(regdb_init) regdb_init: registry db openend. refcount reset (1) [2012/06/27 17:22:52.178831, 10] registry/reg_cachehook.c:70(reghook_cache_init) reghook_cache_init: new tree with default ops 0xb780c7e0 for key [] [2012/06/27 17:22:52.179114, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/06/27 17:22:52.179204, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Samba Printer Port], len: 2 [2012/06/27 17:22:52.179269, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/06/27 17:22:52.179344, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DefaultSpoolDirectory], len: 70 [2012/06/27 17:22:52.179405, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.179474, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/27 17:22:52.179526, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.179577, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.179644, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/27 17:22:52.179695, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.179749, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c8c0 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] [2012/06/27 17:22:52.179795, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.179845, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers] to tree [2012/06/27 17:22:52.179890, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.179936, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c7e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/06/27 17:22:52.179981, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.180028, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] to tree [2012/06/27 17:22:52.180085, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.180134, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c7e0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/06/27 17:22:52.180179, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.180225, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] to tree [2012/06/27 17:22:52.180270, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.180316, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c900 for key [\HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] [2012/06/27 17:22:52.180360, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.180406, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] to tree [2012/06/27 17:22:52.180451, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.180496, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf] [2012/06/27 17:22:52.180540, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.180585, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2012/06/27 17:22:52.180629, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.180674, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c940 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] [2012/06/27 17:22:52.180719, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.180765, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] to tree [2012/06/27 17:22:52.180810, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.180863, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c980 for key [\HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] [2012/06/27 17:22:52.180909, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.180955, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] to tree [2012/06/27 17:22:52.181000, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.181045, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c9c0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] [2012/06/27 17:22:52.181090, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.181136, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] to tree [2012/06/27 17:22:52.181182, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.181227, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780ca00 for key [\HKPT] [2012/06/27 17:22:52.181271, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.181317, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKPT] to tree [2012/06/27 17:22:52.181361, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.181406, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780ca40 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/06/27 17:22:52.181452, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.181496, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] to tree [2012/06/27 17:22:52.181540, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.181586, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780ca80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] [2012/06/27 17:22:52.181631, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.181907, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] to tree [2012/06/27 17:22:52.181975, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.182024, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/06/27 17:22:52.183147, 6] libads/ldap.c:365(ads_find_dc) ads_find_dc: (ldap) looking for realm 'ASMB.TEST' [2012/06/27 17:22:52.183259, 5] lib/gencache.c:68(gencache_init) Opening cache file at /var/lib/samba/gencache.tdb [2012/06/27 17:22:52.184037, 5] lib/gencache.c:111(gencache_init) Opening cache file at /var/lib/samba/gencache_notrans.tdb [2012/06/27 17:22:52.184558, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" [2012/06/27 17:22:52.184628, 4] libsmb/namequery_dc.c:76(ads_dc_name) ads_dc_name: domain=ASMB [2012/06/27 17:22:52.184701, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" [2012/06/27 17:22:52.184755, 6] libads/ldap.c:385(ads_find_dc) ads_find_dc: (cldap) looking for realm 'ASMB.TEST' [2012/06/27 17:22:52.184807, 8] libsmb/namequery.c:2652(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name ASMB.TEST (sitename Default-First-Site-Name) using [ads] [2012/06/27 17:22:52.184917, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "sa2-w2k3r2x64.asmb.test" for "ASMB.TEST" domain [2012/06/27 17:22:52.184979, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: "sa2-w2k3r2x64.asmb.test, *" [2012/06/27 17:22:52.185031, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up ASMB.TEST#1c (sitename Default-First-Site-Name) [2012/06/27 17:22:52.185114, 5] libsmb/namecache.c:165(namecache_fetch) name ASMB.TEST#1C found. [2012/06/27 17:22:52.185282, 8] libsmb/namequery.c:2482(get_dc_list) Adding 2 DC's from auto lookup [2012/06/27 17:22:52.185373, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" [2012/06/27 17:22:52.185432, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up sa2-w2k3r2x64.asmb.test#20 (sitename Default-First-Site-Name) [2012/06/27 17:22:52.185494, 5] libsmb/namecache.c:165(namecache_fetch) name sa2-w2k3r2x64.asmb.test#20 found. [2012/06/27 17:22:52.185612, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 [2012/06/27 17:22:52.185720, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 [2012/06/27 17:22:52.185793, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.235 [2012/06/27 17:22:52.185846, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/06/27 17:22:52.185896, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2012/06/27 17:22:52.185942, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 10.100.60.234:389 10.100.60.235:389 [2012/06/27 17:22:52.186010, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 [2012/06/27 17:22:52.186061, 5] libads/ldap.c:232(ads_try_connect) ads_try_connect: sending CLDAP request to 10.100.60.234 (realm: ASMB.TEST) [2012/06/27 17:22:52.187001, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000001f8 (504) 0: NBT_SERVER_PDC 0: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 5f62e8f9-f9ab-42dc-9c56-ced07e050542 forest : 'asmb.test' dns_domain : 'asmb.test' pdc_dns_name : 'sa2-w2k3r2x64.asmb.test' domain_name : 'ASMB' pdc_name : 'SA2-W2K3R2X64' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2012/06/27 17:22:52.190071, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ASMB], sitename = [Default-First-Site-Name], expire = [2147483647] [2012/06/27 17:22:52.190510, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB and timeout = Tue Jan 19 11:14:07 2038 (806694675 seconds ahead) [2012/06/27 17:22:52.197553, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [asmb.test], sitename = [Default-First-Site-Name], expire = [2147483647] [2012/06/27 17:22:52.197793, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB.TEST and timeout = Tue Jan 19 11:14:07 2038 (806694675 seconds ahead) [2012/06/27 17:22:52.197901, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.100.60.234 [2012/06/27 17:22:52.197975, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" [2012/06/27 17:22:52.198029, 10] libads/ldap.c:171(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2012/06/27 17:22:52.198101, 10] libads/kerberos.c:880(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.ASMB, realm = ASMB.TEST, domain = ASMB [2012/06/27 17:22:52.198187, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "sa2-w2k3r2x64.asmb.test" for "ASMB.TEST" domain [2012/06/27 17:22:52.198247, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: "sa2-w2k3r2x64.asmb.test, *" [2012/06/27 17:22:52.198305, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up ASMB.TEST#1c (sitename Default-First-Site-Name) [2012/06/27 17:22:52.198383, 5] libsmb/namecache.c:165(namecache_fetch) name ASMB.TEST#1C found. [2012/06/27 17:22:52.198496, 8] libsmb/namequery.c:2482(get_dc_list) Adding 2 DC's from auto lookup [2012/06/27 17:22:52.198571, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" [2012/06/27 17:22:52.198625, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up sa2-w2k3r2x64.asmb.test#20 (sitename Default-First-Site-Name) [2012/06/27 17:22:52.198686, 5] libsmb/namecache.c:165(namecache_fetch) name sa2-w2k3r2x64.asmb.test#20 found. [2012/06/27 17:22:52.198785, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 [2012/06/27 17:22:52.198857, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 [2012/06/27 17:22:52.198936, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.235 [2012/06/27 17:22:52.198991, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/06/27 17:22:52.199040, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2012/06/27 17:22:52.199086, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 10.100.60.234:389 10.100.60.235:389 [2012/06/27 17:22:52.199169, 5] libsmb/namequery.c:194(saf_fetch) saf_fetch: Returning "sa2-w2k3r2x64.asmb.test" for "ASMB.TEST" domain [2012/06/27 17:22:52.199227, 3] libsmb/namequery.c:2461(get_dc_list) get_dc_list: preferred server list: "sa2-w2k3r2x64.asmb.test, *" [2012/06/27 17:22:52.199276, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up ASMB.TEST#1c (sitename (null)) [2012/06/27 17:22:52.199374, 5] libsmb/namecache.c:165(namecache_fetch) name ASMB.TEST#1C found. [2012/06/27 17:22:52.199484, 8] libsmb/namequery.c:2482(get_dc_list) Adding 2 DC's from auto lookup [2012/06/27 17:22:52.199559, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" [2012/06/27 17:22:52.199613, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up sa2-w2k3r2x64.asmb.test#20 (sitename Default-First-Site-Name) [2012/06/27 17:22:52.199675, 5] libsmb/namecache.c:165(namecache_fetch) name sa2-w2k3r2x64.asmb.test#20 found. [2012/06/27 17:22:52.199773, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 [2012/06/27 17:22:52.199845, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.234 [2012/06/27 17:22:52.199908, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain ASMB.TEST server 10.100.60.235 [2012/06/27 17:22:52.199956, 10] libsmb/namequery.c:1079(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2012/06/27 17:22:52.200004, 4] libsmb/namequery.c:2601(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2012/06/27 17:22:52.200050, 4] libsmb/namequery.c:2602(get_dc_list) get_dc_list: 10.100.60.234:389 10.100.60.235:389 [2012/06/27 17:22:52.200114, 10] libads/kerberos.c:825(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 10.100.60.234 kdc = 10.100.60.235 kdc = 10.100.60.235 [2012/06/27 17:22:52.200382, 5] libads/kerberos.c:948(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.ASMB with realm ASMB.TEST KDC list = kdc = 10.100.60.234 kdc = 10.100.60.235 kdc = 10.100.60.235 [2012/06/27 17:22:52.200504, 4] libsmb/namequery_dc.c:148(ads_dc_name) ads_dc_name: using server='SA2-W2K3R2X64.ASMB.TEST' IP=10.100.60.234 [2012/06/27 17:22:52.200571, 5] libads/sitename_cache.c:105(sitename_fetch) sitename_fetch: Returning sitename for ASMB.TEST: "Default-First-Site-Name" [2012/06/27 17:22:52.200625, 10] libsmb/namequery.c:1975(internal_resolve_name) internal_resolve_name: looking up SA2-W2K3R2X64.ASMB.TEST#20 (sitename Default-First-Site-Name) [2012/06/27 17:22:52.200687, 5] libsmb/namecache.c:165(namecache_fetch) name SA2-W2K3R2X64.ASMB.TEST#20 found. [2012/06/27 17:22:52.200778, 5] libads/ldap.c:232(ads_try_connect) ads_try_connect: sending CLDAP request to 10.100.60.234 (realm: ASMB.TEST) [2012/06/27 17:22:52.202308, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000001f8 (504) 0: NBT_SERVER_PDC 0: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 5f62e8f9-f9ab-42dc-9c56-ced07e050542 forest : 'asmb.test' dns_domain : 'asmb.test' pdc_dns_name : 'sa2-w2k3r2x64.asmb.test' domain_name : 'ASMB' pdc_name : 'SA2-W2K3R2X64' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) [2012/06/27 17:22:52.205449, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [ASMB], sitename = [Default-First-Site-Name], expire = [2147483647] [2012/06/27 17:22:52.205516, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB and timeout = Tue Jan 19 11:14:07 2038 (806694675 seconds ahead) [2012/06/27 17:22:52.205615, 10] libads/sitename_cache.c:70(sitename_store) sitename_store: realm = [asmb.test], sitename = [Default-First-Site-Name], expire = [2147483647] [2012/06/27 17:22:52.205671, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = AD_SITENAME/DOMAIN/ASMB.TEST and timeout = Tue Jan 19 11:14:07 2038 (806694675 seconds ahead) [2012/06/27 17:22:52.205805, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.100.60.234 [2012/06/27 17:22:52.205861, 10] libads/ldap.c:68(ldap_open_with_timeout) Opening connection to LDAP server 'sa2-w2k3r2x64.asmb.test:389', timeout 15 seconds [2012/06/27 17:22:52.212205, 10] libads/ldap.c:82(ldap_open_with_timeout) Connected to LDAP server 'sa2-w2k3r2x64.asmb.test:389' [2012/06/27 17:22:52.212280, 3] libads/ldap.c:694(ads_connect) Connected to LDAP server sa2-w2k3r2x64.asmb.test [2012/06/27 17:22:52.212328, 10] libads/ldap.c:171(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2012/06/27 17:22:52.212377, 10] libsmb/namequery.c:89(saf_store) saf_store: domain = [ASMB], server = [sa2-w2k3r2x64.asmb.test], expire = [1340789872] [2012/06/27 17:22:52.212428, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/ASMB and timeout = Wed Jun 27 17:37:52 2012 (900 seconds ahead) [2012/06/27 17:22:52.212520, 10] libsmb/namequery.c:89(saf_store) saf_store: domain = [ASMB.TEST], server = [sa2-w2k3r2x64.asmb.test], expire = [1340789872] [2012/06/27 17:22:52.212574, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = SAF/DOMAIN/ASMB.TEST and timeout = Wed Jun 27 17:37:52 2012 (900 seconds ahead) [2012/06/27 17:22:52.212725, 5] ../lib/util/charset/codepoints.c:235(map_locale) Substituting charset 'ANSI_X3.4-1968' for LOCALE [2012/06/27 17:22:52.215749, 4] libads/ldap.c:2857(ads_current_time) time offset is 0 seconds [2012/06/27 17:22:52.216375, 4] libads/sasl.c:1211(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2012/06/27 17:22:52.216940, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2012/06/27 17:22:52.217006, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2012/06/27 17:22:52.217053, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2012/06/27 17:22:52.217097, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2012/06/27 17:22:52.217149, 3] libads/sasl.c:878(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = sa2-w2k3r2x64$@ASMB.TEST [2012/06/27 17:22:52.217729, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2012/06/27 17:22:52.217829, 10] libads/sasl.c:899(ads_sasl_spnego_bind) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit [2012/06/27 17:22:52.217964, 10] libads/kerberos.c:191(kerberos_kinit_password_ext) kerberos_kinit_password: as UBS1204V3$@ASMB.TEST using [MEMORY:prtpub_cache] as ccache and config [/var/lib/samba/smb_krb5/krb5.conf.ASMB] [2012/06/27 17:22:52.232139, 3] libsmb/clikrb5.c:632(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Thu, 28 Jun 2012 03:22:52 CST [2012/06/27 17:22:52.232227, 10] libsmb/clikrb5.c:821(ads_krb5_mk_req) ads_krb5_mk_req: Ticket (sa2-w2k3r2x64$@ASMB.TEST) in ccache (MEMORY:prtpub_cache) is valid until: (Thu, 28 Jun 2012 03:22:52 CST - 1340824972) [2012/06/27 17:22:52.232291, 3] libsmb/clikrb5.c:840(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2012/06/27 17:22:52.235140, 10] libsmb/clikrb5.c:1044(get_krb5_smb_session_key) Got KRB5 session key of length 16 [2012/06/27 17:22:52.236701, 0] printing/nt_printing_ads.c:358(check_published_printers) check_published_printers: Could not create system session_info [2012/06/27 17:22:52.237524, 0] printing/nt_printing.c:102(nt_printing_init) nt_printing_init: error checking published printers: WERR_ACCESS_DENIED [2012/06/27 17:22:52.239669, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/06/27 17:22:52.239730, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/06/27 17:22:52.239943, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/06/27 17:22:52.240027, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/06/27 17:22:52.240080, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/06/27 17:22:52.265070, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username root, was [2012/06/27 17:22:52.265156, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name root, was [2012/06/27 17:22:52.265210, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain UBS1204V3, was [2012/06/27 17:22:52.265264, 4] lib/substitute.c:527(automount_server) Home server: ubs1204v3 [2012/06/27 17:22:52.265321, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path \\ubs1204v3\root\profile, was [2012/06/27 17:22:52.265371, 4] lib/substitute.c:527(automount_server) Home server: ubs1204v3 [2012/06/27 17:22:52.265422, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir \\ubs1204v3\root, was [2012/06/27 17:22:52.265473, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/06/27 17:22:52.265521, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script , was [2012/06/27 17:22:52.265571, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3088021615-3987404115-869989681-1000 [2012/06/27 17:22:52.265624, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3088021615-3987404115-869989681-1000 from rid 1000 [2012/06/27 17:22:52.265729, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username root, was root [2012/06/27 17:22:52.265782, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-22-1-0 [2012/06/27 17:22:52.269403, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 0 [2012/06/27 17:22:52.269486, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.269541, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.269589, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.269635, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.269712, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.269902, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.269988, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.270060, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.270113, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 0 -> sid S-1-22-2-0 [2012/06/27 17:22:52.270180, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.270248, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.270311, 3] passdb/lookup_sid.c:1737(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for root [2012/06/27 17:22:52.270361, 10] auth/server_info.c:354(samu_to_SamInfo3) Unix User found in struct samu. Rid marked as special and sid (S-1-22-1-0) saved as extra sid [2012/06/27 17:22:52.270425, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/06/27 17:22:52.270476, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/06/27 17:22:52.270524, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/06/27 17:22:52.270594, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [root] [2012/06/27 17:22:52.273772, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: UBS1204V3\root => domain=[UBS1204V3], name=[root] [2012/06/27 17:22:52.273972, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/06/27 17:22:52.274025, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.274073, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.274117, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.274160, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.274204, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.274329, 4] passdb/pdb_tdb.c:523(tdbsam_open) tdbsam_open: successfully opened /etc/samba/private/passdb.tdb [2012/06/27 17:22:52.274393, 5] passdb/pdb_tdb.c:562(tdbsam_getsampwnam) pdb_getsampwnam (TDB): error fetching database. Key: USER_root [2012/06/27 17:22:52.274465, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.274515, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.274560, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.274604, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.274647, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.274690, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.274767, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.274837, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.274905, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.274972, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/06/27 17:22:52.275018, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/06/27 17:22:52.284731, 10] passdb/lookup_sid.c:1527(sid_to_uid) sid S-1-22-1-0 -> uid 0 [2012/06/27 17:22:52.284960, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [root] [2012/06/27 17:22:52.285236, 10] auth/token_util.c:339(create_local_nt_token) Create local NT token for S-1-22-1-0 [2012/06/27 17:22:52.286574, 10] passdb/lookup_sid.c:1611(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2012/06/27 17:22:52.286648, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.286698, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.286744, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.286788, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.286831, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.286918, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.286971, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-544 -> gid 1000 [2012/06/27 17:22:52.288185, 10] passdb/lookup_sid.c:1611(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2012/06/27 17:22:52.288257, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.288308, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.288353, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.288398, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.288442, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.288528, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.288582, 10] passdb/lookup_sid.c:1285(legacy_sid_to_gid) LEGACY: sid S-1-5-32-545 -> gid 1001 [2012/06/27 17:22:52.288634, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.288682, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.288751, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.288796, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.288840, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.288978, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.289131, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-1-0] [2012/06/27 17:22:52.289202, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-22-2-0] [2012/06/27 17:22:52.289263, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/06/27 17:22:52.289335, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/06/27 17:22:52.289393, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2012/06/27 17:22:52.289512, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (8): SID[ 0]: S-1-22-1-0 SID[ 1]: S-1-22-2-0 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-1002 SID[ 6]: S-1-22-2-1003 SID[ 7]: S-1-22-2-1004 Privileges (0x 0): Rights (0x 0): [2012/06/27 17:22:52.289790, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 4 supplementary groups Group[ 0]: 0 Group[ 1]: 1002 Group[ 2]: 1003 Group[ 3]: 1004 [2012/06/27 17:22:52.289926, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2012/06/27 17:22:52.289975, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2012/06/27 17:22:52.290227, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2012/06/27 17:22:52.290300, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user UBS1204V3\nobody [2012/06/27 17:22:52.290349, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is ubs1204v3\nobody [2012/06/27 17:22:52.295672, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is UBS1204V3\nobody [2012/06/27 17:22:52.298599, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is UBS1204V3\NOBODY [2012/06/27 17:22:52.300513, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in ubs1204v3\nobody [2012/06/27 17:22:52.300575, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [UBS1204V3\nobody]! [2012/06/27 17:22:52.300628, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user nobody [2012/06/27 17:22:52.300676, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is nobody [2012/06/27 17:22:52.300727, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [nobody]! [2012/06/27 17:22:52.307212, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 65534 [2012/06/27 17:22:52.307289, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.307344, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.307395, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.307444, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.307492, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.307582, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.307660, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.307735, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.307792, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 65534 -> sid S-1-22-2-65534 [2012/06/27 17:22:52.307862, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.307936, 10] groupdb/mapping_tdb.c:235(find_map) failed to unpack map [2012/06/27 17:22:52.308003, 3] passdb/lookup_sid.c:1737(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for nobody [2012/06/27 17:22:52.308854, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for nobody [2012/06/27 17:22:52.308942, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.309001, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.309071, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.309123, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.309170, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.309322, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.309401, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3088021615-3987404115-869989681-501] [2012/06/27 17:22:52.309469, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3088021615-3987404115-869989681-513] [2012/06/27 17:22:52.309535, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3088021615-3987404115-869989681-546] [2012/06/27 17:22:52.309599, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/06/27 17:22:52.309713, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/06/27 17:22:52.309789, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2012/06/27 17:22:52.325543, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.325618, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.325671, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.325761, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.325811, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.325897, 5] passdb/pdb_interface.c:1604(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2012/06/27 17:22:52.325960, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/06/27 17:22:52.326011, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/06/27 17:22:52.326060, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/06/27 17:22:52.326109, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.326156, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.326242, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. [2012/06/27 17:22:52.326322, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.326378, 5] passdb/pdb_interface.c:1666(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2012/06/27 17:22:52.326442, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.326494, 10] passdb/lookup_sid.c:1280(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-21-3088021615-3987404115-869989681-546 [2012/06/27 17:22:52.326550, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.326601, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.326651, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.326699, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.326752, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.326860, 5] passdb/pdb_interface.c:1604(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 546. [2012/06/27 17:22:52.326918, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/06/27 17:22:52.326969, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/06/27 17:22:52.327018, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/06/27 17:22:52.327067, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.327124, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.327208, 5] passdb/pdb_tdb.c:614(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 546 by key RID_00000222. [2012/06/27 17:22:52.327285, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.327338, 5] passdb/pdb_interface.c:1666(lookup_global_sam_rid) Can't find a unix id for an unmapped group [2012/06/27 17:22:52.327393, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.327445, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-21-3088021615-3987404115-869989681-546 [2012/06/27 17:22:52.327500, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-21-3088021615-3987404115-869989681-546 to gid, ignoring it [2012/06/27 17:22:52.327562, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (11): SID[ 0]: S-1-5-21-3088021615-3987404115-869989681-501 SID[ 1]: S-1-5-21-3088021615-3987404115-869989681-513 SID[ 2]: S-1-5-21-3088021615-3987404115-869989681-546 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-32-546 SID[ 6]: S-1-22-1-65534 SID[ 7]: S-1-22-2-1006 SID[ 8]: S-1-22-2-1002 SID[ 9]: S-1-22-2-1003 SID[ 10]: S-1-22-2-1005 Privileges (0x 0): Rights (0x 0): [2012/06/27 17:22:52.327869, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 65534 Primary group is 65534 and contains 4 supplementary groups Group[ 0]: 1006 Group[ 1]: 1002 Group[ 2]: 1003 Group[ 3]: 1005 [2012/06/27 17:22:52.328128, 3] rpc_server/svcctl/srv_svcctl_reg.c:569(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2012/06/27 17:22:52.328199, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.328252, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.328318, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.328381, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.328431, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.328561, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.328622, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/06/27 17:22:52.328701, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/06/27 17:22:52.328790, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/06/27 17:22:52.328851, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/06/27 17:22:52.328914, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/06/27 17:22:52.329024, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/27 17:22:52.329334, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/06/27 17:22:52.329399, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/06/27 17:22:52.329461, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/06/27 17:22:52.329510, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/06/27 17:22:52.329559, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.329605, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM] [2012/06/27 17:22:52.333731, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.333875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 result : WERR_OK [2012/06/27 17:22:52.334131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 keyname: struct winreg_String name_len : 0x0044 (68) name_size : 0x0044 (68) name : * name : 'SYSTEM\CurrentControlSet\Services' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/27 17:22:52.334689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.334807, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.334863, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/06/27 17:22:52.334917, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.334966, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.335016, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.335063, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.335136, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.335192, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.335247, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.335314, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.335367, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.335414, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.335485, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.335540, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.335592, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.335646, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.335694, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.335744, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.335791, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.335877, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.335933, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.336075, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 result : WERR_OK [2012/06/27 17:22:52.336314, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/06/27 17:22:52.336591, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.336739, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services' (ops 0xb780c7e0) [2012/06/27 17:22:52.336799, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.336863, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.336940, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000007 (7) max_subkeylen : * max_subkeylen : 0x0000001c (28) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000000 (0) max_valnamelen : * max_valnamelen : 0x00000002 (2) max_valbufsize : * max_valbufsize : 0x00000000 (0) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.337530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 enum_index : 0x00000000 (0) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/27 17:22:52.339314, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.339431, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.339524, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001a (26) size : 0x001e (30) name : * name : 'LanmanServer' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.339948, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 enum_index : 0x00000001 (1) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/27 17:22:52.340484, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.340600, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.340690, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Eventlog' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.341134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 enum_index : 0x00000002 (2) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/27 17:22:52.341623, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.341787, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.341879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000c (12) size : 0x001e (30) name : * name : 'Tcpip' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.342331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 enum_index : 0x00000003 (3) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/27 17:22:52.342926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.343040, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.343134, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0012 (18) size : 0x001e (30) name : * name : 'Netlogon' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.343584, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 enum_index : 0x00000004 (4) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/27 17:22:52.344090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.344204, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.344293, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x0010 (16) size : 0x001e (30) name : * name : 'Spooler' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.344710, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 enum_index : 0x00000005 (5) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/27 17:22:52.345275, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.345424, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.345521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x001e (30) size : 0x001e (30) name : * name : 'RemoteRegistry' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.346200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey in: struct winreg_EnumKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 enum_index : 0x00000006 (6) name : * name: struct winreg_StringBuf length : 0x0000 (0) size : 0x001e (30) name : * name : '' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) [2012/06/27 17:22:52.346667, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.346800, 8] rpc_server/winreg/srv_winreg_nt.c:420(_winreg_EnumKey) _winreg_EnumKey: enumerating key [HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.346891, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumKey: struct winreg_EnumKey out: struct winreg_EnumKey name : * name: struct winreg_StringBuf length : 0x000a (10) size : 0x001e (30) name : * name : 'WINS' keyclass : * keyclass: struct winreg_StringBuf length : 0x0000 (0) size : 0x0002 (2) name : * name : '' last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.349727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0054 (84) name_size : 0x0054 (84) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/27 17:22:52.350540, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.350672, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler' [2012/06/27 17:22:52.350759, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.350822, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.350879, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.350928, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.350981, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.351028, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.351106, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.351163, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.351219, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.351268, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.351318, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.351366, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.351438, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.351496, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.351548, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.351607, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.351675, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.351729, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.351778, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.351865, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.351923, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2012/06/27 17:22:52.351975, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.352031, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/27 17:22:52.352096, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/27 17:22:52.352151, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.352199, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/27 17:22:52.352279, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.352339, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.352448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.352767, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.353233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.353361, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Start] [2012/06/27 17:22:52.353416, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler' (ops 0xb780c7e0) [2012/06/27 17:22:52.353468, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/27 17:22:52.353540, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/27 17:22:52.353599, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/27 17:22:52.353653, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.353762, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/27 17:22:52.353837, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 28 [2012/06/27 17:22:52.353893, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 84 [2012/06/27 17:22:52.353946, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 106 [2012/06/27 17:22:52.353998, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.354118, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.354587, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.354698, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Type] [2012/06/27 17:22:52.354755, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.354875, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.355321, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.355429, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ErrorControl] [2012/06/27 17:22:52.355484, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.355637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/27 17:22:52.356521, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.356667, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ObjectName] [2012/06/27 17:22:52.356727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.356857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(28) [0] : 0x50 (80) [1] : 0x00 (0) [2] : 0x72 (114) [3] : 0x00 (0) [4] : 0x69 (105) [5] : 0x00 (0) [6] : 0x6e (110) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x53 (83) [13] : 0x00 (0) [14] : 0x70 (112) [15] : 0x00 (0) [16] : 0x6f (111) [17] : 0x00 (0) [18] : 0x6f (111) [19] : 0x00 (0) [20] : 0x6c (108) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) size : 0x0000001c (28) [2012/06/27 17:22:52.357894, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.358005, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:DisplayName] [2012/06/27 17:22:52.358095, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.358237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x63 (99) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x6e (110) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x72 (114) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x66 (102) [23] : 0x00 (0) [24] : 0x79 (121) [25] : 0x00 (0) [26] : 0x2f (47) [27] : 0x00 (0) [28] : 0x73 (115) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x6d (109) [33] : 0x00 (0) [34] : 0x62 (98) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x2f (47) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x62 (98) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) [2012/06/27 17:22:52.360530, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.360642, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:ImagePath] [2012/06/27 17:22:52.360698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.360819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(106) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x66 (102) [35] : 0x00 (0) [36] : 0x6f (111) [37] : 0x00 (0) [38] : 0x72 (114) [39] : 0x00 (0) [40] : 0x20 (32) [41] : 0x00 (0) [42] : 0x73 (115) [43] : 0x00 (0) [44] : 0x70 (112) [45] : 0x00 (0) [46] : 0x6f (111) [47] : 0x00 (0) [48] : 0x6f (111) [49] : 0x00 (0) [50] : 0x6c (108) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x6e (110) [55] : 0x00 (0) [56] : 0x67 (103) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x66 (102) [61] : 0x00 (0) [62] : 0x69 (105) [63] : 0x00 (0) [64] : 0x6c (108) [65] : 0x00 (0) [66] : 0x65 (101) [67] : 0x00 (0) [68] : 0x73 (115) [69] : 0x00 (0) [70] : 0x20 (32) [71] : 0x00 (0) [72] : 0x74 (116) [73] : 0x00 (0) [74] : 0x6f (111) [75] : 0x00 (0) [76] : 0x20 (32) [77] : 0x00 (0) [78] : 0x70 (112) [79] : 0x00 (0) [80] : 0x72 (114) [81] : 0x00 (0) [82] : 0x69 (105) [83] : 0x00 (0) [84] : 0x6e (110) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x64 (100) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x76 (118) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x63 (99) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x73 (115) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) size : 0x0000006a (106) [2012/06/27 17:22:52.363746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.363857, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler:Description] [2012/06/27 17:22:52.363913, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.364044, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000003-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.364220, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.364351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.364467, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.364532, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.364585, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.364795, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0066 (102) name_size : 0x0066 (102) name : * name : 'SYSTEM\CurrentControlSet\Services\Spooler\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/27 17:22:52.365529, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.365639, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\Spooler\Security' [2012/06/27 17:22:52.365734, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.365793, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.365848, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.365896, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.365946, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.365993, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.366066, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.366123, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.366178, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.366227, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.366307, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.366359, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.366432, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.366489, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.366541, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.366596, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.366644, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.366694, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.366741, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.366825, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.366880, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Spooler] [2012/06/27 17:22:52.366933, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.366988, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/27 17:22:52.367036, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/27 17:22:52.367087, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.367134, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler] [2012/06/27 17:22:52.367202, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.367276, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/27 17:22:52.367331, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.367387, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/27 17:22:52.367435, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/27 17:22:52.367486, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.367533, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/27 17:22:52.367597, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/27 17:22:52.367650, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.367702, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.367806, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.368076, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/27 17:22:52.371092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.371213, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security:Security] [2012/06/27 17:22:52.371267, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security' (ops 0xb780c7e0) [2012/06/27 17:22:52.371327, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] [2012/06/27 17:22:52.371414, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/27 17:22:52.371493, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.371612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000004-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.371794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.371903, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.372006, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.372055, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.372106, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.372314, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/27 17:22:52.373056, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.373167, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON' [2012/06/27 17:22:52.373230, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.373299, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.373357, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.373405, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.373455, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.373501, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.373570, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.373627, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.373754, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.373808, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.373859, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.373907, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.373981, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.374038, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.374105, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.374176, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.374225, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.374275, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.374322, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.374407, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.374464, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2012/06/27 17:22:52.374516, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.374571, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/27 17:22:52.374619, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/27 17:22:52.374669, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.374716, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/27 17:22:52.374796, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.374852, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.374957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.375229, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.375672, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.376473, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Start] [2012/06/27 17:22:52.376532, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON' (ops 0xb780c7e0) [2012/06/27 17:22:52.376584, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/27 17:22:52.376653, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/27 17:22:52.376709, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/27 17:22:52.376761, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.376813, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/27 17:22:52.376864, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/27 17:22:52.376920, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 84 [2012/06/27 17:22:52.376973, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 164 [2012/06/27 17:22:52.377046, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.377169, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.377610, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.377757, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Type] [2012/06/27 17:22:52.377815, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.377944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.378395, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.378504, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ErrorControl] [2012/06/27 17:22:52.378559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.378677, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/27 17:22:52.379580, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.379690, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ObjectName] [2012/06/27 17:22:52.379745, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.379869, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(20) [0] : 0x4e (78) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x20 (32) [7] : 0x00 (0) [8] : 0x4c (76) [9] : 0x00 (0) [10] : 0x6f (111) [11] : 0x00 (0) [12] : 0x67 (103) [13] : 0x00 (0) [14] : 0x6f (111) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : 0x00000014 (20) [2012/06/27 17:22:52.380689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.380799, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:DisplayName] [2012/06/27 17:22:52.380854, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.380995, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x63 (99) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x6e (110) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x72 (114) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x66 (102) [23] : 0x00 (0) [24] : 0x79 (121) [25] : 0x00 (0) [26] : 0x2f (47) [27] : 0x00 (0) [28] : 0x73 (115) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x6d (109) [33] : 0x00 (0) [34] : 0x62 (98) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x2f (47) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x62 (98) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) [2012/06/27 17:22:52.383200, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.383329, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:ImagePath] [2012/06/27 17:22:52.383387, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.383511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(164) [0] : 0x46 (70) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6c (108) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x73 (115) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x76 (118) [17] : 0x00 (0) [18] : 0x69 (105) [19] : 0x00 (0) [20] : 0x63 (99) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x20 (32) [25] : 0x00 (0) [26] : 0x70 (112) [27] : 0x00 (0) [28] : 0x72 (114) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x76 (118) [33] : 0x00 (0) [34] : 0x69 (105) [35] : 0x00 (0) [36] : 0x64 (100) [37] : 0x00 (0) [38] : 0x69 (105) [39] : 0x00 (0) [40] : 0x6e (110) [41] : 0x00 (0) [42] : 0x67 (103) [43] : 0x00 (0) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x61 (97) [47] : 0x00 (0) [48] : 0x63 (99) [49] : 0x00 (0) [50] : 0x63 (99) [51] : 0x00 (0) [52] : 0x65 (101) [53] : 0x00 (0) [54] : 0x73 (115) [55] : 0x00 (0) [56] : 0x73 (115) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x74 (116) [61] : 0x00 (0) [62] : 0x6f (111) [63] : 0x00 (0) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x70 (112) [67] : 0x00 (0) [68] : 0x6f (111) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x69 (105) [73] : 0x00 (0) [74] : 0x63 (99) [75] : 0x00 (0) [76] : 0x79 (121) [77] : 0x00 (0) [78] : 0x20 (32) [79] : 0x00 (0) [80] : 0x61 (97) [81] : 0x00 (0) [82] : 0x6e (110) [83] : 0x00 (0) [84] : 0x64 (100) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x70 (112) [89] : 0x00 (0) [90] : 0x72 (114) [91] : 0x00 (0) [92] : 0x6f (111) [93] : 0x00 (0) [94] : 0x66 (102) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6c (108) [99] : 0x00 (0) [100] : 0x65 (101) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x64 (100) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x74 (116) [109] : 0x00 (0) [110] : 0x61 (97) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x28 (40) [115] : 0x00 (0) [116] : 0x6e (110) [117] : 0x00 (0) [118] : 0x6f (111) [119] : 0x00 (0) [120] : 0x74 (116) [121] : 0x00 (0) [122] : 0x72 (114) [123] : 0x00 (0) [124] : 0x65 (101) [125] : 0x00 (0) [126] : 0x6d (109) [127] : 0x00 (0) [128] : 0x6f (111) [129] : 0x00 (0) [130] : 0x74 (116) [131] : 0x00 (0) [132] : 0x65 (101) [133] : 0x00 (0) [134] : 0x6c (108) [135] : 0x00 (0) [136] : 0x79 (121) [137] : 0x00 (0) [138] : 0x20 (32) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x61 (97) [143] : 0x00 (0) [144] : 0x6e (110) [145] : 0x00 (0) [146] : 0x61 (97) [147] : 0x00 (0) [148] : 0x67 (103) [149] : 0x00 (0) [150] : 0x65 (101) [151] : 0x00 (0) [152] : 0x61 (97) [153] : 0x00 (0) [154] : 0x62 (98) [155] : 0x00 (0) [156] : 0x6c (108) [157] : 0x00 (0) [158] : 0x65 (101) [159] : 0x00 (0) [160] : 0x29 (41) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) size : 0x000000a4 (164) [2012/06/27 17:22:52.387466, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.387578, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON:Description] [2012/06/27 17:22:52.387634, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.387766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000005-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.387940, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.388047, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.388151, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.388201, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.388252, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.388478, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0068 (104) name_size : 0x0068 (104) name : * name : 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/27 17:22:52.389250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.389427, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\NETLOGON\Security' [2012/06/27 17:22:52.389488, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.389542, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.389623, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.389706, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.389770, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.389818, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.389892, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.389950, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.390005, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.390053, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.390104, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.390151, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.390221, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.390291, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.390345, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.390400, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.390448, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.390499, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.390555, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.390640, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.390697, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [NETLOGON] [2012/06/27 17:22:52.390750, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.390805, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/27 17:22:52.390854, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/27 17:22:52.390905, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.390952, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] [2012/06/27 17:22:52.391023, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.391078, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/27 17:22:52.391130, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.391185, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/27 17:22:52.391234, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/27 17:22:52.391285, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.391340, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/27 17:22:52.391404, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/27 17:22:52.391458, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.391511, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.391615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.391873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/27 17:22:52.394852, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.394962, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security:Security] [2012/06/27 17:22:52.395016, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security' (ops 0xb780c7e0) [2012/06/27 17:22:52.395068, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] [2012/06/27 17:22:52.395137, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/27 17:22:52.395191, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.395316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000006-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.395487, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.395594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.395714, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.395771, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.395823, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.396032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0062 (98) name_size : 0x0062 (98) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/27 17:22:52.396781, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.396892, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry' [2012/06/27 17:22:52.396947, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.397000, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.397063, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.397111, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.397161, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.397208, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.397278, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.397335, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.397390, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.397438, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.397489, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.397557, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.397632, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.397726, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.397785, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.397840, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.397895, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.397947, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.397994, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.398078, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.398134, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2012/06/27 17:22:52.398186, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.398241, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/27 17:22:52.398289, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/27 17:22:52.398339, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.398386, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/27 17:22:52.398455, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.398532, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.398642, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.398902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.399356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.399464, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Start] [2012/06/27 17:22:52.399517, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry' (ops 0xb780c7e0) [2012/06/27 17:22:52.399590, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/27 17:22:52.399664, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/27 17:22:52.399721, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/27 17:22:52.399773, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.399826, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/27 17:22:52.399878, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 48 [2012/06/27 17:22:52.399930, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 84 [2012/06/27 17:22:52.399981, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 126 [2012/06/27 17:22:52.400032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.400153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.400638, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.400748, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Type] [2012/06/27 17:22:52.400804, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.400922, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.401355, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.401484, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ErrorControl] [2012/06/27 17:22:52.401544, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.401664, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/27 17:22:52.402661, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.402773, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ObjectName] [2012/06/27 17:22:52.402829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.402957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(48) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x65 (101) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x6f (111) [7] : 0x00 (0) [8] : 0x74 (116) [9] : 0x00 (0) [10] : 0x65 (101) [11] : 0x00 (0) [12] : 0x20 (32) [13] : 0x00 (0) [14] : 0x52 (82) [15] : 0x00 (0) [16] : 0x65 (101) [17] : 0x00 (0) [18] : 0x67 (103) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x73 (115) [23] : 0x00 (0) [24] : 0x74 (116) [25] : 0x00 (0) [26] : 0x72 (114) [27] : 0x00 (0) [28] : 0x79 (121) [29] : 0x00 (0) [30] : 0x20 (32) [31] : 0x00 (0) [32] : 0x53 (83) [33] : 0x00 (0) [34] : 0x65 (101) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x76 (118) [39] : 0x00 (0) [40] : 0x69 (105) [41] : 0x00 (0) [42] : 0x63 (99) [43] : 0x00 (0) [44] : 0x65 (101) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) size : 0x00000030 (48) [2012/06/27 17:22:52.404398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.404526, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:DisplayName] [2012/06/27 17:22:52.404584, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.404708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x63 (99) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x6e (110) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x72 (114) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x66 (102) [23] : 0x00 (0) [24] : 0x79 (121) [25] : 0x00 (0) [26] : 0x2f (47) [27] : 0x00 (0) [28] : 0x73 (115) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x6d (109) [33] : 0x00 (0) [34] : 0x62 (98) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x2f (47) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x62 (98) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x73 (115) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) [2012/06/27 17:22:52.407005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.407119, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:ImagePath] [2012/06/27 17:22:52.407177, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.407317, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(126) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x72 (114) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x6d (109) [59] : 0x00 (0) [60] : 0x6f (111) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x65 (101) [65] : 0x00 (0) [66] : 0x20 (32) [67] : 0x00 (0) [68] : 0x61 (97) [69] : 0x00 (0) [70] : 0x63 (99) [71] : 0x00 (0) [72] : 0x63 (99) [73] : 0x00 (0) [74] : 0x65 (101) [75] : 0x00 (0) [76] : 0x73 (115) [77] : 0x00 (0) [78] : 0x73 (115) [79] : 0x00 (0) [80] : 0x20 (32) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x6f (111) [85] : 0x00 (0) [86] : 0x20 (32) [87] : 0x00 (0) [88] : 0x74 (116) [89] : 0x00 (0) [90] : 0x68 (104) [91] : 0x00 (0) [92] : 0x65 (101) [93] : 0x00 (0) [94] : 0x20 (32) [95] : 0x00 (0) [96] : 0x53 (83) [97] : 0x00 (0) [98] : 0x61 (97) [99] : 0x00 (0) [100] : 0x6d (109) [101] : 0x00 (0) [102] : 0x62 (98) [103] : 0x00 (0) [104] : 0x61 (97) [105] : 0x00 (0) [106] : 0x20 (32) [107] : 0x00 (0) [108] : 0x72 (114) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x67 (103) [113] : 0x00 (0) [114] : 0x69 (105) [115] : 0x00 (0) [116] : 0x73 (115) [117] : 0x00 (0) [118] : 0x74 (116) [119] : 0x00 (0) [120] : 0x72 (114) [121] : 0x00 (0) [122] : 0x79 (121) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) size : 0x0000007e (126) [2012/06/27 17:22:52.410519, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.410653, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry:Description] [2012/06/27 17:22:52.410711, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.410836, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000007-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.411003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.411111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.411238, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.411295, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.411348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.411563, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0074 (116) name_size : 0x0074 (116) name : * name : 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/27 17:22:52.412328, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.412469, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' [2012/06/27 17:22:52.412526, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.412580, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.412635, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.412683, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.412733, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.412780, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.412856, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.412913, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.412969, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.413017, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.413068, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.413115, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.413199, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.413282, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.413340, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.413396, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.413445, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.413495, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.413543, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.413627, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.413720, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [RemoteRegistry] [2012/06/27 17:22:52.413783, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.413840, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/27 17:22:52.413888, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/27 17:22:52.413939, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.413987, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] [2012/06/27 17:22:52.414057, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.414111, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/27 17:22:52.414187, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.414270, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/27 17:22:52.414322, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/27 17:22:52.414374, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.414421, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/27 17:22:52.414491, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/27 17:22:52.414546, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.414599, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.414704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.414966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/27 17:22:52.418764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.418883, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security:Security] [2012/06/27 17:22:52.418938, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security' (ops 0xb780c7e0) [2012/06/27 17:22:52.418991, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] [2012/06/27 17:22:52.419087, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/27 17:22:52.419185, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.419311, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000008-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.419479, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.419612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.419720, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.419770, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.419821, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.420133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x004e (78) name_size : 0x004e (78) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_ACTION_NONE (0) [2012/06/27 17:22:52.420956, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.421070, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS' [2012/06/27 17:22:52.421125, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.421179, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.421233, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.421282, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.421333, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.421380, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.421453, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.421509, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.421564, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.421613, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.421664, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.421758, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.421833, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.421897, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.421952, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.422007, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.422056, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.422106, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.422153, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.422237, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.422292, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2012/06/27 17:22:52.422351, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.422408, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/27 17:22:52.422456, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/27 17:22:52.422506, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.422553, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/27 17:22:52.422622, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.422678, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.422785, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.423038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000c (12) name_size : 0x000c (12) name : * name : 'Start' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x02 (2) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.423495, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.423603, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Start] [2012/06/27 17:22:52.423664, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS' (ops 0xb780c7e0) [2012/06/27 17:22:52.423717, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/27 17:22:52.423787, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Start], len: 4 [2012/06/27 17:22:52.423844, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Type], len: 4 [2012/06/27 17:22:52.423897, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.423949, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ObjectName], len: 24 [2012/06/27 17:22:52.424002, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 74 [2012/06/27 17:22:52.424054, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ImagePath], len: 84 [2012/06/27 17:22:52.424106, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Description], len: 178 [2012/06/27 17:22:52.424157, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.424279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x000a (10) name_size : 0x000a (10) name : * name : 'Type' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.424711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.424817, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Type] [2012/06/27 17:22:52.424871, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.424989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x001a (26) name_size : 0x001a (26) name : * name : 'ErrorControl' type : REG_DWORD (4) data : * data: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : 0x00000004 (4) [2012/06/27 17:22:52.425455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.425564, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ErrorControl] [2012/06/27 17:22:52.425620, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.425792, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0016 (22) name_size : 0x0016 (22) name : * name : 'ObjectName' type : REG_SZ (1) data : * data: ARRAY(24) [0] : 0x4c (76) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x63 (99) [5] : 0x00 (0) [6] : 0x61 (97) [7] : 0x00 (0) [8] : 0x6c (108) [9] : 0x00 (0) [10] : 0x53 (83) [11] : 0x00 (0) [12] : 0x79 (121) [13] : 0x00 (0) [14] : 0x73 (115) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x65 (101) [19] : 0x00 (0) [20] : 0x6d (109) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) size : 0x00000018 (24) [2012/06/27 17:22:52.426661, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.426785, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ObjectName] [2012/06/27 17:22:52.426841, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.426970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'DisplayName' type : REG_SZ (1) data : * data: ARRAY(74) [0] : 0x57 (87) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x64 (100) [7] : 0x00 (0) [8] : 0x6f (111) [9] : 0x00 (0) [10] : 0x77 (119) [11] : 0x00 (0) [12] : 0x73 (115) [13] : 0x00 (0) [14] : 0x20 (32) [15] : 0x00 (0) [16] : 0x49 (73) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x6e (110) [27] : 0x00 (0) [28] : 0x65 (101) [29] : 0x00 (0) [30] : 0x74 (116) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x4e (78) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x6d (109) [39] : 0x00 (0) [40] : 0x65 (101) [41] : 0x00 (0) [42] : 0x20 (32) [43] : 0x00 (0) [44] : 0x53 (83) [45] : 0x00 (0) [46] : 0x65 (101) [47] : 0x00 (0) [48] : 0x72 (114) [49] : 0x00 (0) [50] : 0x76 (118) [51] : 0x00 (0) [52] : 0x69 (105) [53] : 0x00 (0) [54] : 0x63 (99) [55] : 0x00 (0) [56] : 0x65 (101) [57] : 0x00 (0) [58] : 0x20 (32) [59] : 0x00 (0) [60] : 0x28 (40) [61] : 0x00 (0) [62] : 0x57 (87) [63] : 0x00 (0) [64] : 0x49 (73) [65] : 0x00 (0) [66] : 0x4e (78) [67] : 0x00 (0) [68] : 0x53 (83) [69] : 0x00 (0) [70] : 0x29 (41) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) size : 0x0000004a (74) [2012/06/27 17:22:52.428947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.429061, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:DisplayName] [2012/06/27 17:22:52.429117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.429264, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0014 (20) name_size : 0x0014 (20) name : * name : 'ImagePath' type : REG_SZ (1) data : * data: ARRAY(84) [0] : 0x2f (47) [1] : 0x00 (0) [2] : 0x6f (111) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x74 (116) [7] : 0x00 (0) [8] : 0x2f (47) [9] : 0x00 (0) [10] : 0x63 (99) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x6e (110) [15] : 0x00 (0) [16] : 0x74 (116) [17] : 0x00 (0) [18] : 0x72 (114) [19] : 0x00 (0) [20] : 0x69 (105) [21] : 0x00 (0) [22] : 0x66 (102) [23] : 0x00 (0) [24] : 0x79 (121) [25] : 0x00 (0) [26] : 0x2f (47) [27] : 0x00 (0) [28] : 0x73 (115) [29] : 0x00 (0) [30] : 0x61 (97) [31] : 0x00 (0) [32] : 0x6d (109) [33] : 0x00 (0) [34] : 0x62 (98) [35] : 0x00 (0) [36] : 0x61 (97) [37] : 0x00 (0) [38] : 0x2f (47) [39] : 0x00 (0) [40] : 0x6c (108) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x62 (98) [45] : 0x00 (0) [46] : 0x2f (47) [47] : 0x00 (0) [48] : 0x73 (115) [49] : 0x00 (0) [50] : 0x61 (97) [51] : 0x00 (0) [52] : 0x6d (109) [53] : 0x00 (0) [54] : 0x62 (98) [55] : 0x00 (0) [56] : 0x61 (97) [57] : 0x00 (0) [58] : 0x2f (47) [59] : 0x00 (0) [60] : 0x73 (115) [61] : 0x00 (0) [62] : 0x76 (118) [63] : 0x00 (0) [64] : 0x63 (99) [65] : 0x00 (0) [66] : 0x63 (99) [67] : 0x00 (0) [68] : 0x74 (116) [69] : 0x00 (0) [70] : 0x6c (108) [71] : 0x00 (0) [72] : 0x2f (47) [73] : 0x00 (0) [74] : 0x6e (110) [75] : 0x00 (0) [76] : 0x6d (109) [77] : 0x00 (0) [78] : 0x62 (98) [79] : 0x00 (0) [80] : 0x64 (100) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) size : 0x00000054 (84) [2012/06/27 17:22:52.431446, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.431559, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:ImagePath] [2012/06/27 17:22:52.431617, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.431755, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0018 (24) name_size : 0x0018 (24) name : * name : 'Description' type : REG_SZ (1) data : * data: ARRAY(178) [0] : 0x49 (73) [1] : 0x00 (0) [2] : 0x6e (110) [3] : 0x00 (0) [4] : 0x74 (116) [5] : 0x00 (0) [6] : 0x65 (101) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x6e (110) [11] : 0x00 (0) [12] : 0x61 (97) [13] : 0x00 (0) [14] : 0x6c (108) [15] : 0x00 (0) [16] : 0x20 (32) [17] : 0x00 (0) [18] : 0x73 (115) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x76 (118) [25] : 0x00 (0) [26] : 0x69 (105) [27] : 0x00 (0) [28] : 0x63 (99) [29] : 0x00 (0) [30] : 0x65 (101) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x00 (0) [34] : 0x70 (112) [35] : 0x00 (0) [36] : 0x72 (114) [37] : 0x00 (0) [38] : 0x6f (111) [39] : 0x00 (0) [40] : 0x76 (118) [41] : 0x00 (0) [42] : 0x69 (105) [43] : 0x00 (0) [44] : 0x64 (100) [45] : 0x00 (0) [46] : 0x69 (105) [47] : 0x00 (0) [48] : 0x6e (110) [49] : 0x00 (0) [50] : 0x67 (103) [51] : 0x00 (0) [52] : 0x20 (32) [53] : 0x00 (0) [54] : 0x61 (97) [55] : 0x00 (0) [56] : 0x20 (32) [57] : 0x00 (0) [58] : 0x4e (78) [59] : 0x00 (0) [60] : 0x65 (101) [61] : 0x00 (0) [62] : 0x74 (116) [63] : 0x00 (0) [64] : 0x42 (66) [65] : 0x00 (0) [66] : 0x49 (73) [67] : 0x00 (0) [68] : 0x4f (79) [69] : 0x00 (0) [70] : 0x53 (83) [71] : 0x00 (0) [72] : 0x20 (32) [73] : 0x00 (0) [74] : 0x70 (112) [75] : 0x00 (0) [76] : 0x6f (111) [77] : 0x00 (0) [78] : 0x69 (105) [79] : 0x00 (0) [80] : 0x6e (110) [81] : 0x00 (0) [82] : 0x74 (116) [83] : 0x00 (0) [84] : 0x2d (45) [85] : 0x00 (0) [86] : 0x74 (116) [87] : 0x00 (0) [88] : 0x6f (111) [89] : 0x00 (0) [90] : 0x2d (45) [91] : 0x00 (0) [92] : 0x70 (112) [93] : 0x00 (0) [94] : 0x6f (111) [95] : 0x00 (0) [96] : 0x69 (105) [97] : 0x00 (0) [98] : 0x6e (110) [99] : 0x00 (0) [100] : 0x74 (116) [101] : 0x00 (0) [102] : 0x20 (32) [103] : 0x00 (0) [104] : 0x6e (110) [105] : 0x00 (0) [106] : 0x61 (97) [107] : 0x00 (0) [108] : 0x6d (109) [109] : 0x00 (0) [110] : 0x65 (101) [111] : 0x00 (0) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x73 (115) [115] : 0x00 (0) [116] : 0x65 (101) [117] : 0x00 (0) [118] : 0x72 (114) [119] : 0x00 (0) [120] : 0x76 (118) [121] : 0x00 (0) [122] : 0x65 (101) [123] : 0x00 (0) [124] : 0x72 (114) [125] : 0x00 (0) [126] : 0x28 (40) [127] : 0x00 (0) [128] : 0x6e (110) [129] : 0x00 (0) [130] : 0x6f (111) [131] : 0x00 (0) [132] : 0x74 (116) [133] : 0x00 (0) [134] : 0x20 (32) [135] : 0x00 (0) [136] : 0x72 (114) [137] : 0x00 (0) [138] : 0x65 (101) [139] : 0x00 (0) [140] : 0x6d (109) [141] : 0x00 (0) [142] : 0x6f (111) [143] : 0x00 (0) [144] : 0x74 (116) [145] : 0x00 (0) [146] : 0x65 (101) [147] : 0x00 (0) [148] : 0x6c (108) [149] : 0x00 (0) [150] : 0x79 (121) [151] : 0x00 (0) [152] : 0x20 (32) [153] : 0x00 (0) [154] : 0x6d (109) [155] : 0x00 (0) [156] : 0x61 (97) [157] : 0x00 (0) [158] : 0x6e (110) [159] : 0x00 (0) [160] : 0x61 (97) [161] : 0x00 (0) [162] : 0x67 (103) [163] : 0x00 (0) [164] : 0x65 (101) [165] : 0x00 (0) [166] : 0x61 (97) [167] : 0x00 (0) [168] : 0x62 (98) [169] : 0x00 (0) [170] : 0x6c (108) [171] : 0x00 (0) [172] : 0x65 (101) [173] : 0x00 (0) [174] : 0x29 (41) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) size : 0x000000b2 (178) [2012/06/27 17:22:52.435916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.436029, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS:Description] [2012/06/27 17:22:52.436085, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.436241, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000009-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.436457, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.436577, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.436682, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.436733, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.436785, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.436998, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey in: struct winreg_CreateKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000001-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0060 (96) name_size : 0x0060 (96) name : * name : 'SYSTEM\CurrentControlSet\Services\WINS\Security' keyclass: struct winreg_String name_len : 0x0002 (2) name_size : 0x0002 (2) name : * name : '' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY secdesc : NULL action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) [2012/06/27 17:22:52.437752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 01 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.437862, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Services\WINS\Security' [2012/06/27 17:22:52.437925, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.437980, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.438036, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.438084, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.438135, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.438183, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.438258, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.438323, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.438380, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.438427, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.438478, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.438536, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.438628, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.438686, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.438739, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.438794, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.438842, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.438893, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.438940, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.439022, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.439078, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [WINS] [2012/06/27 17:22:52.439129, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.439209, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/27 17:22:52.439258, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/27 17:22:52.439309, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.439379, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS] [2012/06/27 17:22:52.439458, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.439513, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Security] [2012/06/27 17:22:52.439565, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/06/27 17:22:52.439620, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/27 17:22:52.439669, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/27 17:22:52.439719, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.439765, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/27 17:22:52.439827, 10] registry/reg_backend_db.c:1630(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/27 17:22:52.439880, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/06/27 17:22:52.439932, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.440042, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CreateKey: struct winreg_CreateKey out: struct winreg_CreateKey new_handle : * new_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-ea4f-ecd00e180000 action_taken : * action_taken : REG_OPENED_EXISTING_KEY (2) result : WERR_OK [2012/06/27 17:22:52.440303, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue in: struct winreg_SetValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-ea4f-ecd00e180000 name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : REG_BINARY (3) data : * data: ARRAY(120) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x14 (20) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x02 (2) [21] : 0x00 (0) [22] : 0x64 (100) [23] : 0x00 (0) [24] : 0x04 (4) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x14 (20) [31] : 0x00 (0) [32] : 0x8d (141) [33] : 0x01 (1) [34] : 0x02 (2) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x01 (1) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x01 (1) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x18 (24) [51] : 0x00 (0) [52] : 0xfd (253) [53] : 0x01 (1) [54] : 0x02 (2) [55] : 0x00 (0) [56] : 0x01 (1) [57] : 0x02 (2) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x05 (5) [64] : 0x20 (32) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x23 (35) [69] : 0x02 (2) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x18 (24) [75] : 0x00 (0) [76] : 0xff (255) [77] : 0x01 (1) [78] : 0x0f (15) [79] : 0x00 (0) [80] : 0x01 (1) [81] : 0x02 (2) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x05 (5) [88] : 0x20 (32) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x25 (37) [93] : 0x02 (2) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x18 (24) [99] : 0x00 (0) [100] : 0xff (255) [101] : 0x01 (1) [102] : 0x0f (15) [103] : 0x00 (0) [104] : 0x01 (1) [105] : 0x02 (2) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x05 (5) [112] : 0x20 (32) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x20 (32) [117] : 0x02 (2) [118] : 0x00 (0) [119] : 0x00 (0) size : 0x00000078 (120) [2012/06/27 17:22:52.443277, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.443392, 8] rpc_server/winreg/srv_winreg_nt.c:812(_winreg_SetValue) _winreg_SetValue: Setting value for [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security:Security] [2012/06/27 17:22:52.443446, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security' (ops 0xb780c7e0) [2012/06/27 17:22:52.443499, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] [2012/06/27 17:22:52.443569, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Security], len: 120 [2012/06/27 17:22:52.443624, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_SetValue: struct winreg_SetValue out: struct winreg_SetValue result : WERR_OK [2012/06/27 17:22:52.443739, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000a-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.443905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.444011, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.444114, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.444163, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.444212, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.444411, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000002-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.444605, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.444716, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.444821, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.444884, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/06/27 17:22:52.444947, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.445151, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/06/27 17:22:52.445257, 3] rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2012/06/27 17:22:52.445331, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/06/27 17:22:52.445413, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \winreg [2012/06/27 17:22:52.445479, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/06/27 17:22:52.445546, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/27 17:22:52.445868, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/06/27 17:22:52.445932, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/06/27 17:22:52.445986, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/06/27 17:22:52.446034, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/06/27 17:22:52.446084, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.446130, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM] [2012/06/27 17:22:52.446206, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.446318, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-ea4f-ecd00e180000 result : WERR_OK [2012/06/27 17:22:52.446643, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000b-0000-0000-ea4f-ecd00e180000 keyname: struct winreg_String name_len : 0x0056 (86) name_size : 0x0056 (86) name : * name : 'SYSTEM\CurrentControlSet\Services\Eventlog' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/06/27 17:22:52.447207, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.447316, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SYSTEM] [2012/06/27 17:22:52.447390, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/06/27 17:22:52.447448, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] [2012/06/27 17:22:52.447497, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM] [2012/06/27 17:22:52.447547, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.447594, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM] [2012/06/27 17:22:52.447671, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentControlSet] [2012/06/27 17:22:52.447730, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.447785, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.447833, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.447883, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.447931, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet] [2012/06/27 17:22:52.448007, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.448063, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Services] [2012/06/27 17:22:52.448114, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.448169, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.448217, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.448274, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.448334, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services] [2012/06/27 17:22:52.448447, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.448507, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Eventlog] [2012/06/27 17:22:52.448560, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.448616, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.448701, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.448762, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.448811, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.448894, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.448951, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.449057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-ea4f-ecd00e180000 result : WERR_OK [2012/06/27 17:22:52.449283, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-ea4f-ecd00e180000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/06/27 17:22:52.449584, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.449762, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Services\Eventlog' (ops 0xb780c7e0) [2012/06/27 17:22:52.449822, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.449896, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/27 17:22:52.449953, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.450006, 10] registry/reg_backend_db.c:1871(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.450081, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000002 (2) max_valnamelen : * max_valnamelen : 0x0000001a (26) max_valbufsize : * max_valbufsize : 0x00000014 (20) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/06/27 17:22:52.450642, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000000c-0000-0000-ea4f-ecd00e180000 [2012/06/27 17:22:52.450821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.450929, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 00 00 00 00 00 00 00 EA 4F EC D0 ........ .....O.. [0010] 0E 18 00 00 .... [2012/06/27 17:22:52.451033, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/06/27 17:22:52.451083, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/06/27 17:22:52.451133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/06/27 17:22:52.451404, 3] printing/pcap.c:138(pcap_cache_reload) reloading printcap cache [2012/06/27 17:22:52.451484, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2012/06/27 17:22:52.451555, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb792f370 [2012/06/27 17:22:52.451700, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2012/06/27 17:22:52.451821, 5] printing/print_cups.c:408(cups_pcap_load_async) cups_pcap_load_async: asynchronously loading cups printers [2012/06/27 17:22:52.452111, 10] printing/print_cups.c:425(cups_pcap_load_async) cups_pcap_load_async: child pid = 6162 [2012/06/27 17:22:52.452228, 10] printing/print_cups.c:545(cups_cache_reload) cups_cache_reload: async read on fd 28 [2012/06/27 17:22:52.452313, 3] printing/pcap.c:189(pcap_cache_reload) reload status: ok [2012/06/27 17:22:52.452405, 3] printing/printing.c:1644(start_background_queue) start_background_queue: Starting background LPQ thread [2012/06/27 17:22:52.452882, 3] ../lib/util/util_net.c:70(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] [2012/06/27 17:22:52.453009, 3] ../lib/util/util_net.c:70(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name :: [Address family for hostname not supported] [2012/06/27 17:22:52.453149, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 445 [2012/06/27 17:22:52.453228, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:22:52.453663, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:22:52.454133, 10] lib/util_sock.c:680(open_socket_in) bind succeeded on port 139 [2012/06/27 17:22:52.454202, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 0 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:22:52.454609, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 16384 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:22:52.455006, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 0E180000FFFFFFFF [2012/06/27 17:22:52.455068, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb792fac8 [2012/06/27 17:22:52.455142, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 0E180000FFFFFFFF [2012/06/27 17:22:52.455214, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(parent_housekeeping) 0xb792d4d8 [2012/06/27 17:22:52.455279, 5] lib/messages.c:300(messaging_register) Overriding messaging pointer for type 1 - private_data=(nil) [2012/06/27 17:22:52.455418, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (2->1) [2012/06/27 17:22:52.455500, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/06/27 17:22:52.455568, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/06/27 17:22:52.455678, 2] smbd/server.c:839(smbd_parent_loop) waiting for connections [2012/06/27 17:22:52.455861, 5] printing/printing.c:1667(start_background_queue) start_background_queue: background LPQ thread started [2012/06/27 17:22:52.456186, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 13180000FFFFFFFF [2012/06/27 17:22:52.456265, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb792fa90 [2012/06/27 17:22:52.456335, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 13180000FFFFFFFF [2012/06/27 17:22:52.456405, 5] printing/printing.c:1703(start_background_queue) start_background_queue: background LPQ thread waiting for messages [2012/06/27 17:22:52.456757, 5] printing/print_cups.c:277(cups_cache_reload_async) reloading cups printcap cache [2012/06/27 17:22:52.457491, 10] printing/print_cups.c:89(cups_connect) connecting to cups server /var/run/cups/cups.sock:631 [2012/06/27 17:22:52.462012, 5] printing/print_cups.c:471(cups_async_callback) cups_async_callback: callback received for printer data. fd = 28 [2012/06/27 17:22:52.462134, 10] printing/print_cups.c:155(recv_pcap_blob) successfully recvd blob of len 12 [2012/06/27 17:22:52.462237, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2012/06/27 17:22:52.462329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7929448 [2012/06/27 17:22:52.462396, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2012/06/27 17:22:52.462494, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:22:52.462564, 10] smbd/server_reload.c:49(reload_printers) reloading printer services from pcap cache [2012/06/27 17:22:52.462658, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:22:52.462729, 10] registry/reg_init_smbconf.c:41(registry_init_smbconf) registry_init_smbconf called [2012/06/27 17:22:52.462829, 10] registry/reg_backend_db.c:526(regdb_init) regdb_init: registry db openend. refcount reset (1) [2012/06/27 17:22:52.463174, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] [2012/06/27 17:22:52.463281, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [Samba Printer Port], len: 2 [2012/06/27 17:22:52.463356, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/06/27 17:22:52.463433, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DefaultSpoolDirectory], len: 70 [2012/06/27 17:22:52.463489, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.463583, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/27 17:22:52.463644, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.463698, 10] registry/reg_backend_db.c:1764(regdb_fetch_values_internal) regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] [2012/06/27 17:22:52.463770, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [DisplayName], len: 20 [2012/06/27 17:22:52.463828, 8] registry/reg_backend_db.c:1710(regdb_unpack_values) specific: [ErrorControl], len: 4 [2012/06/27 17:22:52.463895, 10] registry/reg_cachehook.c:94(reghook_cache_add) reghook_cache_add: Adding ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf] [2012/06/27 17:22:52.463949, 8] lib/adt_tree.c:215(pathtree_add) pathtree_add: Enter [2012/06/27 17:22:52.464023, 10] lib/adt_tree.c:282(pathtree_add) pathtree_add: Successfully added node [HKLM\SOFTWARE\Samba\smbconf] to tree [2012/06/27 17:22:52.464083, 8] lib/adt_tree.c:284(pathtree_add) pathtree_add: Exit [2012/06/27 17:22:52.464132, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (1->0) [2012/06/27 17:22:52.464195, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.464249, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/06/27 17:22:52.464299, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/06/27 17:22:52.464348, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:22:52.464396, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:22:52.464528, 4] smbd/sec_ctx.c:426(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:22:52.464590, 10] registry/reg_backend_db.c:602(regdb_open) regdb_open: registry db opened. refcount reset (1) [2012/06/27 17:22:52.464643, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/06/27 17:22:52.464695, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (1->2) [2012/06/27 17:22:52.464749, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/06/27 17:22:52.464799, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/06/27 17:22:52.464850, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.464898, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM] [2012/06/27 17:22:52.465001, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/06/27 17:22:52.465062, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/06/27 17:22:52.465117, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/06/27 17:22:52.465166, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/06/27 17:22:52.465217, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.465271, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SOFTWARE] [2012/06/27 17:22:52.465368, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Samba] [2012/06/27 17:22:52.465435, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.465491, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba] [2012/06/27 17:22:52.465540, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba] [2012/06/27 17:22:52.465591, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.465639, 10] registry/reg_cachehook.c:127(reghook_cache_find) [2012/06/27 17:22:52.465722, 10] printing/print_cups.c:130(send_pcap_blob) successfully sent blob of len 12 reghook_cache_find: found ops 0xb780c7e0 for key [\HKLM\SOFTWARE\Samba] [2012/06/27 17:22:52.466090, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.466154, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [smbconf] [2012/06/27 17:22:52.466206, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/06/27 17:22:52.466260, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf] [2012/06/27 17:22:52.466308, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf] [2012/06/27 17:22:52.466358, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.466405, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf] [2012/06/27 17:22:52.466476, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/06/27 17:22:52.466530, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/06/27 17:22:52.466581, 5] param/loadparm.c:7293(process_registry_service) process_registry_service: service name printers [2012/06/27 17:22:52.466633, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2012/06/27 17:22:52.466683, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/06/27 17:22:52.466736, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/06/27 17:22:52.466783, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/06/27 17:22:52.466835, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:22:52.466903, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/06/27 17:22:52.466974, 10] registry/reg_backend_db.c:1618(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2012/06/27 17:22:52.467028, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/06/27 17:22:52.467085, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:22:52.467139, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:22:52.467222, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 12180000FFFFFFFF [2012/06/27 17:22:52.467286, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7931b98 [2012/06/27 17:22:52.467343, 1] lib/serverid.c:197(serverid_deregister) Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND [2012/06/27 17:22:52.467426, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 12180000FFFFFFFF [2012/06/27 17:22:52.467498, 1] smbd/server.c:309(remove_child_pid) Could not remove pid 6162 from serverid.tdb [2012/06/27 17:22:52.467550, 1] smbd/server.c:323(remove_child_pid) Could not find child 6162 -- ignoring [2012/06/27 17:23:19.720555, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key AF190000FFFFFFFF [2012/06/27 17:23:19.720701, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7926430 [2012/06/27 17:23:19.720798, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key AF190000FFFFFFFF [2012/06/27 17:23:19.720889, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 170840 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:23:19.721219, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 170840 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:23:19.721732, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:23:19.721856, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2012/06/27 17:23:19.721901, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:127.0.0.1:52269 to ipv4:127.0.0.1:445 [2012/06/27 17:23:19.721985, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2012/06/27 17:23:19.722081, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2012/06/27 17:23:19.722136, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2012/06/27 17:23:19.722195, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0xb7931b80 [2012/06/27 17:23:19.722246, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0xb792da48 [2012/06/27 17:23:19.722296, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0xb792b9a0 [2012/06/27 17:23:19.722681, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 190 [2012/06/27 17:23:19.722786, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbe [2012/06/27 17:23:19.722843, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 194 (0 toread) [2012/06/27 17:23:19.722888, 5] lib/util.c:332(show_msg) [2012/06/27 17:23:19.722916, 5] lib/util.c:342(show_msg) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=6574 smb_uid=0 smb_mid=1 smt_wct=0 smb_bcc=155 [2012/06/27 17:23:19.723121, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2012/06/27 17:23:19.723546, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 6575) conn 0x0 [2012/06/27 17:23:19.723613, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:23:19.723681, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:23:19.723743, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:23:19.723820, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:23:19.723913, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2012/06/27 17:23:19.723969, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2012/06/27 17:23:19.724015, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2012/06/27 17:23:19.724060, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2012/06/27 17:23:19.724105, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2012/06/27 17:23:19.724154, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [DOS LANMAN2.1] [2012/06/27 17:23:19.724202, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2012/06/27 17:23:19.724247, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Samba] [2012/06/27 17:23:19.724292, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LANMAN 1.0] [2012/06/27 17:23:19.724337, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2012/06/27 17:23:19.724386, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Samba' [2012/06/27 17:23:19.724446, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:23:19.724545, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key AF190000FFFFFFFF [2012/06/27 17:23:19.724595, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb79372e0 [2012/06/27 17:23:19.724666, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key AF190000FFFFFFFF [2012/06/27 17:23:19.724740, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:23:19.724935, 10] lib/util.c:2242(name_to_fqdn) name_to_fqdn: lookup for UBS1204V3 -> ubs1204v3. [2012/06/27 17:23:19.725024, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2012/06/27 17:23:19.725072, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LANMAN 1.0 [2012/06/27 17:23:19.725115, 5] smbd/negprot.c:711(reply_negprot) negprot index=8 [2012/06/27 17:23:19.725159, 5] lib/util.c:332(show_msg) [2012/06/27 17:23:19.725187, 5] lib/util.c:342(show_msg) size=169 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=6574 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=44800 (0xAF00) smb_vwv[ 8]= 25 (0x19) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=50560 (0xC580) smb_vwv[12]=47031 (0xB7B7) smb_vwv[13]=18045 (0x467D) smb_vwv[14]=52564 (0xCD54) smb_vwv[15]= 8193 (0x2001) smb_vwv[16]= 254 (0xFE) smb_bcc=100 [2012/06/27 17:23:19.725756, 10] ../lib/util/util.c:415(dump_data) [0000] 75 62 73 31 32 30 34 76 33 00 00 00 00 00 00 00 ubs1204v 3....... [0010] 60 52 06 06 2B 06 01 05 05 02 A0 48 30 46 A0 24 `R..+... ...H0F.$ [0020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [0030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [0040] 37 02 02 0A A3 1E 30 1C A0 1A 1B 18 63 69 66 73 7.....0. ....cifs [0050] 2F 75 62 73 31 32 30 34 76 33 40 41 53 4D 42 2E /ubs1204 v3@ASMB. [0060] 54 45 53 54 TEST [2012/06/27 17:23:19.774389, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 16644 [2012/06/27 17:23:19.774541, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4104 [2012/06/27 17:23:19.774604, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 16648 (0 toread) [2012/06/27 17:23:19.774651, 5] lib/util.c:332(show_msg) [2012/06/27 17:23:19.774679, 5] lib/util.c:342(show_msg) size=16644 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=65535 smb_pid=6574 smb_uid=0 smb_mid=2 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=16563 (0x40B3) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=16585 [2012/06/27 17:23:19.775068, 10] ../lib/util/util.c:415(dump_data) [0000] 60 82 BF 60 06 06 2B 06 01 05 05 02 A0 82 BF 54 `..`..+. .......T [0010] 30 82 BF 50 A0 24 30 22 06 09 2A 86 48 82 F7 12 0..P.$0" ..*.H... [0020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ [0030] 2B 06 01 04 01 82 37 02 02 0A A2 82 BF 26 04 82 +.....7. .....&.. [0040] BF 22 60 82 BF 1E 06 09 2A 86 48 86 F7 12 01 02 ."`..... *.H..... [0050] 02 01 00 6E 82 BF 0D 30 82 BF 09 A0 03 02 01 05 ...n...0 ........ [0060] A1 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 ........ ........ [0070] BE 40 61 82 BE 3C 30 82 BE 38 A0 03 02 01 05 A1 .@a..<0. .8...... [0080] 0B 1B 09 41 53 4D 42 2E 54 45 53 54 A2 1C 30 1A ...ASMB. TEST..0. [0090] A0 03 02 01 01 A1 13 30 11 1B 04 63 69 66 73 1B .......0 ...cifs. [00A0] 09 75 62 73 31 32 30 34 76 33 A3 82 BE 04 30 82 .ubs1204 v3....0. [00B0] BE 00 A0 03 02 01 17 A1 03 02 01 04 A2 82 BD F2 ........ ........ [00C0] 04 82 BD EE 27 35 16 47 35 49 B1 AA 40 17 CB BC ....'5.G 5I..@... [00D0] 75 F5 CA A7 51 A6 77 23 47 99 B4 B2 D2 57 F1 08 u...Q.w# G....W.. [00E0] 73 60 C9 FA 64 74 9B B2 A5 EC 7F 8F FD 67 1F 99 s`..dt.. .....g.. [00F0] 3F 3A 7C 9C AC 11 31 88 44 84 3D C6 36 22 5A E0 ?:|...1. D.=.6"Z. [0100] D0 8F 16 97 1D A4 BF 6B 83 B9 9A 72 96 E5 09 59 .......k ...r...Y [0110] 4A 48 9A 9D E0 AC 99 79 EF 05 0E 1C 2C 04 77 1C JH.....y ....,.w. [0120] 2C BB 29 CE E5 A8 13 4A D9 B4 9D 6F 64 61 04 B2 ,.)....J ...oda.. [0130] A3 5E FB 37 07 8D B6 92 CE 7C A4 B1 A0 7C 48 31 .^.7.... .|...|H1 [0140] C1 72 FC 0D 7B AD 2E EB 05 2E DD EE 99 6D 0D 17 .r..{... .....m.. [0150] 4C 81 06 F3 16 FD F7 3E C3 ED 76 5C BB FF B5 66 L......> ..v\...f [0160] 40 6A C0 3A E7 CB C3 26 4C 87 78 4F BA 07 D6 D4 @j.:...& L.xO.... [0170] B2 2D E3 E8 9E C9 E5 C4 01 B6 47 03 CF 33 B4 A9 .-...... ..G..3.. [0180] F2 01 88 7A DF 56 92 85 D1 02 FA 91 46 3F 20 2F ...z.V.. ....F? / [0190] 78 55 34 C3 52 58 C8 F4 B4 5F D9 F1 9D 10 9C 2C xU4.RX.. ._....., [01A0] 6F F0 F0 6F 42 07 9C D5 9F 05 D1 5E 3E DB 30 94 o..oB... ...^>.0. [01B0] 56 30 42 75 D0 D5 64 8D 63 89 08 6F 1C C7 1E 65 V0Bu..d. c..o...e [01C0] 7C 40 2B 5E A0 FD 39 D2 68 6C 3A B6 96 EC 8E E3 |@+^..9. hl:..... [01D0] 70 3A 49 81 D2 FB 3A 76 14 2F 98 B8 1B A4 C1 07 p:I...:v ./...... [01E0] 8A 58 1D 48 AA DC 8D E0 ED FB 5F 00 2C C3 F6 24 .X.H.... .._.,..$ [01F0] 43 2A 9C 6F 53 23 5F 0B 43 D1 F0 23 02 69 28 6A C*.oS#_. C..#.i(j [2012/06/27 17:23:19.776403, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 6575) conn 0x0 [2012/06/27 17:23:19.776458, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:23:19.776504, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:23:19.776547, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:23:19.776617, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:23:19.776684, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc805 [2012/06/27 17:23:19.776756, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/06/27 17:23:19.776829, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2012/06/27 17:23:19.776882, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2012/06/27 17:23:19.776943, 10] smbd/sesssetup.c:1003(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 48996, pblob->length = 16563 [2012/06/27 17:23:19.777003, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(1174) cmd=115 (SMBsesssetupX) NT_STATUS_MORE_PROCESSING_REQUIRED [2012/06/27 17:23:19.777057, 5] lib/util.c:332(show_msg) [2012/06/27 17:23:19.777300, 5] lib/util.c:342(show_msg) size=35 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=6574 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=0 [2012/06/27 17:23:19.777538, 10] ../lib/util/util.c:415(dump_data) [2012/06/27 17:23:19.780428, 5] lib/util_sock.c:319(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2012/06/27 17:23:19.780579, 5] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2012/06/27 17:23:19.780661, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:23:19.780709, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:23:19.780753, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:23:19.780830, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:23:19.780969, 3] smbd/server_exit.c:180(exit_server_common) Server exit (failed to receive smb request) [2012/06/27 17:23:19.798014, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key AF190000FFFFFFFF [2012/06/27 17:23:19.798125, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb792df80 [2012/06/27 17:23:19.798188, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key AF190000FFFFFFFF [2012/06/27 17:23:52.488076, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0xb792d4d8 [2012/06/27 17:23:52.488253, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/06/27 17:23:52.488312, 5] smbd/server.c:624(smbd_parent_housekeeping) parent housekeeping [2012/06/27 17:23:52.488360, 3] smbd/server.c:629(smbd_parent_housekeeping) Printcap cache time expired. [2012/06/27 17:23:52.488412, 3] printing/pcap.c:138(pcap_cache_reload) reloading printcap cache [2012/06/27 17:23:52.488494, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2012/06/27 17:23:52.488575, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7929448 [2012/06/27 17:23:52.488655, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2012/06/27 17:23:52.488726, 5] printing/print_cups.c:408(cups_pcap_load_async) cups_pcap_load_async: asynchronously loading cups printers [2012/06/27 17:23:52.489115, 10] printing/print_cups.c:425(cups_pcap_load_async) cups_pcap_load_async: child pid = 6587 [2012/06/27 17:23:52.489266, 10] printing/print_cups.c:545(cups_cache_reload) cups_cache_reload: async read on fd 28 [2012/06/27 17:23:52.489322, 3] printing/pcap.c:189(pcap_cache_reload) reload status: ok [2012/06/27 17:23:52.489381, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/06/27 17:23:52.489795, 5] printing/print_cups.c:277(cups_cache_reload_async) reloading cups printcap cache [2012/06/27 17:23:52.490916, 10] printing/print_cups.c:89(cups_connect) connecting to cups server /var/run/cups/cups.sock:631 [2012/06/27 17:23:52.495474, 5] printing/print_cups.c:471(cups_async_callback) cups_async_callback: callback received for printer data. fd = 28 [2012/06/27 17:23:52.495565, 10] printing/print_cups.c:155(recv_pcap_blob) successfully recvd blob of len 12 [2012/06/27 17:23:52.495639, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 5052494E5445524C4953 [2012/06/27 17:23:52.495701, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7921f60 [2012/06/27 17:23:52.495757, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 5052494E5445524C4953 [2012/06/27 17:23:52.495888, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/06/27 17:23:52.495946, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) src: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) buf : DATA_BLOB length=0 [2012/06/27 17:23:52.496430, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/06/27 17:23:52.496493, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x000017fe (6142) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) src: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) buf : DATA_BLOB length=0 [2012/06/27 17:23:52.497562, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/06/27 17:23:52.497624, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x000017f9 (6137) vnn : 0xffffffff (4294967295) unique_id : 0x0000000000000000 (0) src: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) buf : DATA_BLOB length=0 [2012/06/27 17:23:52.500640, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/06/27 17:23:52.500701, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x00001813 (6163) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) src: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) buf : DATA_BLOB length=0 [2012/06/27 17:23:52.501096, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2012/06/27 17:23:52.501177, 10] lib/messages_local.c:466(message_dispatch) message_dispatch: received_messages = 1 [2012/06/27 17:23:52.501306, 10] lib/messages_local.c:215(messaging_tdb_fetch) messaging_tdb_fetch: [2012/06/27 17:23:52.501366, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x00001813 (6163) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) src: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) buf : DATA_BLOB length=0 [2012/06/27 17:23:52.501826, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) messaging_tdb_signal_handler: sig[10] count[1] msgs[1] [2012/06/27 17:23:52.501886, 10] lib/messages_local.c:466(message_dispatch) message_dispatch: received_messages = 1 [2012/06/27 17:23:52.501946, 10] lib/messages_local.c:215(messaging_tdb_fetch) messaging_tdb_fetch: [2012/06/27 17:23:52.501995, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) result: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_PCAP (519) dest: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) src: struct server_id pid : 0x0000180e (6158) vnn : 0xffffffff (4294967295) unique_id : 0x3d87c7d33b30f243 (4433732068214633027) buf : DATA_BLOB length=0 [2012/06/27 17:23:52.502318, 10] smbd/server.c:130(smb_pcap_updated) Got message saying pcap was updated. Reloading. [2012/06/27 17:23:52.502367, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:23:52.502412, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:23:52.502456, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:23:52.502534, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:23:52.502600, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:23:52.502672, 10] smbd/server_reload.c:49(reload_printers) reloading printer services from pcap cache [2012/06/27 17:23:52.502759, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:23:52.502816, 5] param/loadparm.c:7293(process_registry_service) process_registry_service: service name printers [2012/06/27 17:23:52.502863, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [printers] [2012/06/27 17:23:52.502910, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/06/27 17:23:52.502965, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/06/27 17:23:52.503015, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/06/27 17:23:52.503062, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/06/27 17:23:52.503105, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0xb780c880 for key [\HKLM\SOFTWARE\Samba\smbconf\printers] [2012/06/27 17:23:52.503169, 10] registry/reg_backend_db.c:1618(regdb_fetch_keys_internal) key [HKLM\SOFTWARE\Samba\smbconf\printers] not found [2012/06/27 17:23:52.503218, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/06/27 17:23:52.503287, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:23:52.503348, 7] param/loadparm.c:9843(lp_servicenumber) lp_servicenumber: couldn't find printers [2012/06/27 17:23:52.503425, 10] printing/print_cups.c:130(send_pcap_blob) successfully sent blob of len 12 [2012/06/27 17:23:52.503746, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key BB190000FFFFFFFF [2012/06/27 17:23:52.503816, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb79271a8 [2012/06/27 17:23:52.503868, 1] lib/serverid.c:197(serverid_deregister) Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND [2012/06/27 17:23:52.503917, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key BB190000FFFFFFFF [2012/06/27 17:23:52.503969, 1] smbd/server.c:309(remove_child_pid) Could not remove pid 6587 from serverid.tdb [2012/06/27 17:23:52.504016, 1] smbd/server.c:323(remove_child_pid) Could not find child 6587 -- ignoring [2012/06/27 17:24:52.548141, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0xb7929250 [2012/06/27 17:24:52.548303, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/06/27 17:24:52.548354, 5] smbd/server.c:624(smbd_parent_housekeeping) parent housekeeping [2012/06/27 17:24:52.548397, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/06/27 17:25:52.608548, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0xb7931420 [2012/06/27 17:25:52.608694, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/06/27 17:25:52.608745, 5] smbd/server.c:624(smbd_parent_housekeeping) parent housekeeping [2012/06/27 17:25:52.608788, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/06/27 17:26:52.615046, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0xb792f370 [2012/06/27 17:26:52.615189, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/06/27 17:26:52.615239, 5] smbd/server.c:624(smbd_parent_housekeeping) parent housekeeping [2012/06/27 17:26:52.615281, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/06/27 17:27:52.626840, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0xb792d4d8 [2012/06/27 17:27:52.626995, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/06/27 17:27:52.627048, 5] smbd/server.c:624(smbd_parent_housekeeping) parent housekeeping [2012/06/27 17:27:52.627092, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled [2012/06/27 17:28:07.902320, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key BD190000FFFFFFFF [2012/06/27 17:28:07.902474, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7926f28 [2012/06/27 17:28:07.902566, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key BD190000FFFFFFFF [2012/06/27 17:28:07.902665, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 170840 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:28:07.902990, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 170840 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:28:07.903456, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:28:07.903571, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2012/06/27 17:28:07.903620, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:127.0.0.1:52271 to ipv4:127.0.0.1:445 [2012/06/27 17:28:07.903720, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2012/06/27 17:28:07.903828, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2012/06/27 17:28:07.903882, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2012/06/27 17:28:07.903950, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0xb79273c0 [2012/06/27 17:28:07.904003, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0xb792b2b0 [2012/06/27 17:28:07.904051, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0xb7921e40 [2012/06/27 17:28:07.905266, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key BE190000FFFFFFFF [2012/06/27 17:28:07.905402, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7926f28 [2012/06/27 17:28:07.905468, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key BE190000FFFFFFFF [2012/06/27 17:28:07.905545, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 170840 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:28:07.905895, 5] lib/util_sock.c:165(print_socket_options) Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 1 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_SNDBUF = 170840 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 [2012/06/27 17:28:07.906294, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:28:07.906421, 3] lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2012/06/27 17:28:07.906464, 10] smbd/process.c:3019(smbd_process) Connection allowed from ipv4:127.0.0.1:43074 to ipv4:127.0.0.1:139 [2012/06/27 17:28:07.906543, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2012/06/27 17:28:07.906631, 3] smbd/oplock_linux.c:226(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2012/06/27 17:28:07.906683, 5] lib/messages.c:332(messaging_deregister) Deregistering messaging pointer for type 1 - private_data=(nil) [2012/06/27 17:28:07.906739, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(keepalive) 0xb79273c0 [2012/06/27 17:28:07.906787, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(deadtime) 0xb792b2b0 [2012/06/27 17:28:07.906835, 10] smbd/process.c:920(event_add_idle) event_add_idle: idle_evt(housekeeping) 0xb7921e40 [2012/06/27 17:28:07.907113, 5] lib/util_sock.c:319(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2012/06/27 17:28:07.907186, 5] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2012/06/27 17:28:07.907253, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:28:07.907304, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:28:07.907353, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:28:07.907434, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:28:07.907536, 3] smbd/server_exit.c:180(exit_server_common) Server exit (failed to receive smb request) [2012/06/27 17:28:07.908599, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key BD190000FFFFFFFF [2012/06/27 17:28:07.908677, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7921938 [2012/06/27 17:28:07.908740, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key BD190000FFFFFFFF [2012/06/27 17:28:07.908832, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 68 [2012/06/27 17:28:07.908894, 6] smbd/process.c:1660(process_smb) got message type 0x81 of len 0x44 [2012/06/27 17:28:07.908939, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 72 (0 toread) [2012/06/27 17:28:07.908999, 2] smbd/reply.c:553(reply_special) netbios connect: name1=LOCALHOST 0x20 name2=UBS1204V3 0x0 [2012/06/27 17:28:07.909089, 2] smbd/reply.c:573(reply_special) netbios connect: local=localhost remote=ubs1204v3, name type = 0 [2012/06/27 17:28:07.909152, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:28:07.909254, 5] smbd/reply.c:614(reply_special) init msg_type=0x81 msg_flags=0x0 [2012/06/27 17:28:07.909473, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 190 [2012/06/27 17:28:07.909536, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xbe [2012/06/27 17:28:07.909580, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 194 (0 toread) [2012/06/27 17:28:07.909623, 5] lib/util.c:332(show_msg) [2012/06/27 17:28:07.909649, 5] lib/util.c:342(show_msg) size=190 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=6588 smb_uid=0 smb_mid=2 smt_wct=0 smb_bcc=155 [2012/06/27 17:28:07.909887, 10] ../lib/util/util.c:415(dump_data) [0000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG [0010] 52 41 4D 20 31 2E 30 00 02 4D 49 43 52 4F 53 4F RAM 1.0. .MICROSO [0020] 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 2E 30 33 FT NETWO RKS 1.03 [0030] 00 02 4D 49 43 52 4F 53 4F 46 54 20 4E 45 54 57 ..MICROS OFT NETW [0040] 4F 52 4B 53 20 33 2E 30 00 02 4C 41 4E 4D 41 4E ORKS 3.0 ..LANMAN [0050] 31 2E 30 00 02 4C 4D 31 2E 32 58 30 30 32 00 02 1.0..LM1 .2X002.. [0060] 44 4F 53 20 4C 41 4E 4D 41 4E 32 2E 31 00 02 4C DOS LANM AN2.1..L [0070] 41 4E 4D 41 4E 32 2E 31 00 02 53 61 6D 62 61 00 ANMAN2.1 ..Samba. [0080] 02 4E 54 20 4C 41 4E 4D 41 4E 20 31 2E 30 00 02 .NT LANM AN 1.0.. [0090] 4E 54 20 4C 4D 20 30 2E 31 32 00 NT LM 0. 12. [2012/06/27 17:28:07.910307, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 6590) conn 0x0 [2012/06/27 17:28:07.910365, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:28:07.910410, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:28:07.910454, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:28:07.910524, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:28:07.910632, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2012/06/27 17:28:07.910691, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2012/06/27 17:28:07.910737, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2012/06/27 17:28:07.910781, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2012/06/27 17:28:07.910825, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2012/06/27 17:28:07.910871, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [DOS LANMAN2.1] [2012/06/27 17:28:07.910915, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2012/06/27 17:28:07.910958, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Samba] [2012/06/27 17:28:07.911001, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LANMAN 1.0] [2012/06/27 17:28:07.911043, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2012/06/27 17:28:07.911094, 10] lib/util.c:1624(set_remote_arch) set_remote_arch: Client arch is 'Samba' [2012/06/27 17:28:07.911154, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:28:07.911247, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key BE190000FFFFFFFF [2012/06/27 17:28:07.911295, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb79372e0 [2012/06/27 17:28:07.911342, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key BE190000FFFFFFFF [2012/06/27 17:28:07.911407, 6] param/loadparm.c:7503(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Wed Jun 27 17:20:45 2012 [2012/06/27 17:28:07.911611, 10] lib/util.c:2242(name_to_fqdn) name_to_fqdn: lookup for UBS1204V3 -> ubs1204v3. [2012/06/27 17:28:07.911694, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2012/06/27 17:28:07.911739, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LANMAN 1.0 [2012/06/27 17:28:07.911781, 5] smbd/negprot.c:711(reply_negprot) negprot index=8 [2012/06/27 17:28:07.911823, 5] lib/util.c:332(show_msg) [2012/06/27 17:28:07.911850, 5] lib/util.c:342(show_msg) size=169 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=6588 smb_uid=0 smb_mid=2 smt_wct=17 smb_vwv[ 0]= 8 (0x8) smb_vwv[ 1]=12807 (0x3207) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=48640 (0xBE00) smb_vwv[ 8]= 25 (0x19) smb_vwv[ 9]=64512 (0xFC00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=13952 (0x3680) smb_vwv[12]=32131 (0x7D83) smb_vwv[13]=18217 (0x4729) smb_vwv[14]=52564 (0xCD54) smb_vwv[15]= 8193 (0x2001) smb_vwv[16]= 254 (0xFE) smb_bcc=100 [2012/06/27 17:28:07.912310, 10] ../lib/util/util.c:415(dump_data) [0000] 75 62 73 31 32 30 34 76 33 00 00 00 00 00 00 00 ubs1204v 3....... [0010] 60 52 06 06 2B 06 01 05 05 02 A0 48 30 46 A0 24 `R..+... ...H0F.$ [0020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* [0030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... [0040] 37 02 02 0A A3 1E 30 1C A0 1A 1B 18 63 69 66 73 7.....0. ....cifs [0050] 2F 75 62 73 31 32 30 34 76 33 40 41 53 4D 42 2E /ubs1204 v3@ASMB. [0060] 54 45 53 54 TEST [2012/06/27 17:28:07.914705, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 16644 [2012/06/27 17:28:07.914803, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4104 [2012/06/27 17:28:07.914858, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 16648 (0 toread) [2012/06/27 17:28:07.914901, 5] lib/util.c:332(show_msg) [2012/06/27 17:28:07.914927, 5] lib/util.c:342(show_msg) size=16644 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51205 smb_tid=65535 smb_pid=6588 smb_uid=0 smb_mid=3 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]=65535 (0xFFFF) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 1 (0x1) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=16563 (0x40B3) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]=53340 (0xD05C) smb_vwv[11]=32768 (0x8000) smb_bcc=16585 [2012/06/27 17:28:07.915300, 10] ../lib/util/util.c:415(dump_data) [0000] 60 82 BF 60 06 06 2B 06 01 05 05 02 A0 82 BF 54 `..`..+. .......T [0010] 30 82 BF 50 A0 24 30 22 06 09 2A 86 48 82 F7 12 0..P.$0" ..*.H... [0020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ [0030] 2B 06 01 04 01 82 37 02 02 0A A2 82 BF 26 04 82 +.....7. .....&.. [0040] BF 22 60 82 BF 1E 06 09 2A 86 48 86 F7 12 01 02 ."`..... *.H..... [0050] 02 01 00 6E 82 BF 0D 30 82 BF 09 A0 03 02 01 05 ...n...0 ........ [0060] A1 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 ........ ........ [0070] BE 40 61 82 BE 3C 30 82 BE 38 A0 03 02 01 05 A1 .@a..<0. .8...... [0080] 0B 1B 09 41 53 4D 42 2E 54 45 53 54 A2 1C 30 1A ...ASMB. TEST..0. [0090] A0 03 02 01 01 A1 13 30 11 1B 04 63 69 66 73 1B .......0 ...cifs. [00A0] 09 75 62 73 31 32 30 34 76 33 A3 82 BE 04 30 82 .ubs1204 v3....0. [00B0] BE 00 A0 03 02 01 17 A1 03 02 01 04 A2 82 BD F2 ........ ........ [00C0] 04 82 BD EE 27 35 16 47 35 49 B1 AA 40 17 CB BC ....'5.G 5I..@... [00D0] 75 F5 CA A7 51 A6 77 23 47 99 B4 B2 D2 57 F1 08 u...Q.w# G....W.. [00E0] 73 60 C9 FA 64 74 9B B2 A5 EC 7F 8F FD 67 1F 99 s`..dt.. .....g.. [00F0] 3F 3A 7C 9C AC 11 31 88 44 84 3D C6 36 22 5A E0 ?:|...1. D.=.6"Z. [0100] D0 8F 16 97 1D A4 BF 6B 83 B9 9A 72 96 E5 09 59 .......k ...r...Y [0110] 4A 48 9A 9D E0 AC 99 79 EF 05 0E 1C 2C 04 77 1C JH.....y ....,.w. [0120] 2C BB 29 CE E5 A8 13 4A D9 B4 9D 6F 64 61 04 B2 ,.)....J ...oda.. [0130] A3 5E FB 37 07 8D B6 92 CE 7C A4 B1 A0 7C 48 31 .^.7.... .|...|H1 [0140] C1 72 FC 0D 7B AD 2E EB 05 2E DD EE 99 6D 0D 17 .r..{... .....m.. [0150] 4C 81 06 F3 16 FD F7 3E C3 ED 76 5C BB FF B5 66 L......> ..v\...f [0160] 40 6A C0 3A E7 CB C3 26 4C 87 78 4F BA 07 D6 D4 @j.:...& L.xO.... [0170] B2 2D E3 E8 9E C9 E5 C4 01 B6 47 03 CF 33 B4 A9 .-...... ..G..3.. [0180] F2 01 88 7A DF 56 92 85 D1 02 FA 91 46 3F 20 2F ...z.V.. ....F? / [0190] 78 55 34 C3 52 58 C8 F4 B4 5F D9 F1 9D 10 9C 2C xU4.RX.. ._....., [01A0] 6F F0 F0 6F 42 07 9C D5 9F 05 D1 5E 3E DB 30 94 o..oB... ...^>.0. [01B0] 56 30 42 75 D0 D5 64 8D 63 89 08 6F 1C C7 1E 65 V0Bu..d. c..o...e [01C0] 7C 40 2B 5E A0 FD 39 D2 68 6C 3A B6 96 EC 8E E3 |@+^..9. hl:..... [01D0] 70 3A 49 81 D2 FB 3A 76 14 2F 98 B8 1B A4 C1 07 p:I...:v ./...... [01E0] 8A 58 1D 48 AA DC 8D E0 ED FB 5F 00 2C C3 F6 24 .X.H.... .._.,..$ [01F0] 43 2A 9C 6F 53 23 5F 0B 43 D1 F0 23 02 69 28 6A C*.oS#_. C..#.i(j [2012/06/27 17:28:07.916513, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 6590) conn 0x0 [2012/06/27 17:28:07.916561, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:28:07.916604, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:28:07.916644, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:28:07.916707, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:28:07.916756, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc805 [2012/06/27 17:28:07.916802, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/06/27 17:28:07.916875, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2012/06/27 17:28:07.916940, 10] smbd/password.c:199(register_initial_vuid) register_initial_vuid: allocated vuid = 100 [2012/06/27 17:28:07.917009, 10] smbd/sesssetup.c:1003(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 48996, pblob->length = 16563 [2012/06/27 17:28:07.917067, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(1174) cmd=115 (SMBsesssetupX) NT_STATUS_MORE_PROCESSING_REQUIRED [2012/06/27 17:28:07.917118, 5] lib/util.c:332(show_msg) [2012/06/27 17:28:07.917146, 5] lib/util.c:342(show_msg) size=35 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=6588 smb_uid=0 smb_mid=3 smt_wct=0 smb_bcc=0 [2012/06/27 17:28:07.917339, 10] ../lib/util/util.c:415(dump_data) [2012/06/27 17:28:07.918423, 5] lib/util_sock.c:319(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2012/06/27 17:28:07.918490, 5] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2012/06/27 17:28:07.918541, 4] smbd/sec_ctx.c:318(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/06/27 17:28:07.918583, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/06/27 17:28:07.918624, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/06/27 17:28:07.918687, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/06/27 17:28:07.918787, 3] smbd/server_exit.c:180(exit_server_common) Server exit (failed to receive smb request) [2012/06/27 17:28:07.919708, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key BE190000FFFFFFFF [2012/06/27 17:28:07.919783, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0xb7921938 [2012/06/27 17:28:07.919840, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key BE190000FFFFFFFF [2012/06/27 17:28:52.671778, 10] lib/events.c:221(run_events_poll) Running timed event "smbd_idle_event_handler" 0xb7929250 [2012/06/27 17:28:52.671929, 10] smbd/process.c:863(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) called [2012/06/27 17:28:52.671980, 5] smbd/server.c:624(smbd_parent_housekeeping) parent housekeeping [2012/06/27 17:28:52.672022, 10] smbd/process.c:874(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(parent_housekeeping) (nil) rescheduled