As described in https://social.technet.microsoft.com/Forums/windows/en-US/47faab6b-d717-4068-bee4-c694811e0066/credential-manager-problems-error-0x80090345?forum=w8itpronetworking and https://lists.samba.org/archive/samba/2015-January/188388.html Since KB2992611 clients appear to now be using the ClientWrap part of the protocol, which was unimplemented.
Created attachment 10721 [details] Patch to impelement ServerWrap in BackupKey
Created attachment 10808 [details] 4.2 patch cherry-picked from master The attached patch has the cherry-pick markers.
Additionally, this issue describes Active Directory Users and Computers failing to add objects to a Samba AD DC after this KB has been applied. Both issues are resolved by implementing the ServerWrap protocol in BackupKey.
Pushed to autobuild-v4-2-test.
Pushed to v4-2-test. Closing out bug report. Thanks!
*** Bug 10980 has been marked as a duplicate of this bug. ***
Working with Sernet Packages (Samba 4.2) and Windows 8.1 as domain member, I can not confirm that this issue is fixed. We still are not able to use the Credential Manager via the Control Panel. Am I missing something? Regards Stefan
The problem does not occur on Windows 7 devices. Error messages is 0x80090345 when starting Credential Manager on Windows 8.1. Regards Stefan
(In reply to Stefan Tollkühn from comment #8) Are you using Samba as an AD DC, or as a classic DC?
Hi Andrew, thanks for replying. I wasn't sure if opening a new bug would be better. Anyway, we deployed a Samba4 AD DC with 3 DCs over 2 Sites (2 DCs on our main site, 1 DC at our other office). All three were upgraded from 4.1 (latest packages from SerNet). We raised the forrest and the domain level from a 2k3 to 2k8R2. We are using no Windows Servers (neither as member or DC) just Windows Clients (7 Pro/Ultimate and 8.1 Pro). I first noticed the problem yesterday, when we were running still Samba 4.1.x. After digging through search for 0x80090345 I found this bug report and immediately updated to 4.2.1-7. I can provide you the configs and logs if needed. Thanks and regards Stefan
(In reply to Stefan Tollkühn from comment #10) Hi Stefan, this fixed it for me: https://lists.samba.org/archive/samba/2014-November/187205.html I'd guess i got a bad RSA Key stored in there. Regards, Marc
(In reply to Marc Jaschke from comment #11) Can you please file a new bug asking for this to be detected with dbcheck. That would be the appropriate way to fix it (it would then do the same). Bonus points if you provide a dbcheck patch :-)
Hi Marc, thank you, this did the trick. But instead of using ldbdel I used AD Explorer from sysinternals. Thank you very much. Regards Stefan
*** Bug 11538 has been marked as a duplicate of this bug. ***
*** Bug 11754 has been marked as a duplicate of this bug. ***