The Samba-Bugzilla – Bug 11097
Win8.1 Credentials Manager issue after KB2992611 on Samba domain due to missing ServerWrap in BackupKey
Last modified: 2017-01-19 04:37:28 UTC
As described in
Since KB2992611 clients appear to now be using the ClientWrap part of the protocol, which was unimplemented.
Created attachment 10721 [details]
Patch to impelement ServerWrap in BackupKey
Created attachment 10808 [details]
4.2 patch cherry-picked from master
The attached patch has the cherry-pick markers.
Additionally, this issue describes Active Directory Users and Computers failing to add objects to a Samba AD DC after this KB has been applied. Both issues are resolved by implementing the ServerWrap protocol in BackupKey.
Pushed to autobuild-v4-2-test.
Pushed to v4-2-test.
Closing out bug report.
*** Bug 10980 has been marked as a duplicate of this bug. ***
Working with Sernet Packages (Samba 4.2) and Windows 8.1 as domain member, I can not confirm that this issue is fixed. We still are not able to use the Credential Manager via the Control Panel.
Am I missing something?
The problem does not occur on Windows 7 devices.
Error messages is 0x80090345 when starting Credential Manager on Windows 8.1.
(In reply to Stefan Tollkühn from comment #8)
Are you using Samba as an AD DC, or as a classic DC?
thanks for replying. I wasn't sure if opening a new bug would be better. Anyway, we deployed a Samba4 AD DC with 3 DCs over 2 Sites (2 DCs on our main site, 1 DC at our other office). All three were upgraded from 4.1 (latest packages from SerNet). We raised the forrest and the domain level from a 2k3 to 2k8R2. We are using no Windows Servers (neither as member or DC) just Windows Clients (7 Pro/Ultimate and 8.1 Pro). I first noticed the problem yesterday, when we were running still Samba 4.1.x. After digging through search for 0x80090345 I found this bug report and immediately updated to 4.2.1-7.
I can provide you the configs and logs if needed.
Thanks and regards
(In reply to Stefan Tollkühn from comment #10)
this fixed it for me:
I'd guess i got a bad RSA Key stored in there.
(In reply to Marc Jaschke from comment #11)
Can you please file a new bug asking for this to be detected with dbcheck. That would be the appropriate way to fix it (it would then do the same). Bonus points if you provide a dbcheck patch :-)
thank you, this did the trick. But instead of using ldbdel I used AD Explorer from sysinternals.
Thank you very much.
*** Bug 11538 has been marked as a duplicate of this bug. ***
*** Bug 11754 has been marked as a duplicate of this bug. ***