Bug 13123 - Reset-ComputerMachinePassword doesn't work
Reset-ComputerMachinePassword doesn't work
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.6.9
All All
: P5 major
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-07 15:37 UTC by tim.dittler
Modified: 2017-11-14 10:25 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description tim.dittler 2017-11-07 15:37:55 UTC
I tried to update from 4.5 to 4.6, but afterwards our install agent doesn't work anymore and says "The computer account couldn't be created or renewed".

If I delete the computer account via RSAT  installation works. So it's just the renewing account that has troubles. I tried to reproduce this and realized that the PS command Reset-ComputerMachinePassword works in 4.5, but not in 4.6.

The error in 4.6 is
PS C:\Users\Administrator> Reset-ComputerMachinePassword -Credential $cred
Reset-ComputerMachinePassword : Das Kennwort des sicheren Kanals für das Computerkonto konnte in der Domäne nicht
zurückgesetzt werden. Fehler beim Vorgang mit der folgenden Ausnahme: Der Server ist nicht funktionstüchtig.
.
In Zeile:1 Zeichen:1
+ Reset-ComputerMachinePassword -Credential $cred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OperationStopped: (vm01:String) [Reset-ComputerMachinePassword], InvalidOperation
    Exception
+ FullyQualifiedErrorId : FailToResetPasswordOnDomain,Microsoft.PowerShell.Commands.ResetComputerMachinePasswordCommand

At the same time, log.samba creates the following 4 lines:
[2017/11/07 16:24:32.489649,  0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2017/11/07 16:24:32.506014,  0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2017/11/07 16:24:32.522244,  0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2017/11/07 16:24:32.537621,  0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!

The behaviour is the same if I update 4.5 to 4.6 or install 4.6 freshly.
Comment 1 tim.dittler 2017-11-07 15:39:36 UTC
Also, the problem is still present in 4.7.1