2013-05-07 11:49 PM
Hi I'm facing error while accessing netapp smb share,
Hostname length is less then 16 characters,
On netapp console, we observe below message when trying to access share
Tue May 7 16:26:50 PDT [netappedge1stapr:auth.trace.spnegoAuthentication.statusMsg:info]: AUTH: SPNEGO- NTLMSSP negotiation in wrong state for Negotiate message..
What this indicates, at what point during processing NTLM Auth packet is hit. when is it expected.
Attaching pcap for your kind perusal, please apply filter (smb || smb2 && ip.addr==10.199.64.90)
vaguely suppose it means ntlm flags is incorrect ,
2013-08-14 09:50 AM
Looking at the trace you provided, if I had to guess this is an issue with SMB signing. My analysis is below:
frame 51 - client after determined in the initial neg protocol exchange that SMB2 is supported, now starts another neg protocol to determine which version of SMB2 can be used. Note the "Security Mode" of 0x02 and that "Signing Require = True but Enabled = False"
frame 53 - controller response and again not the security mode section of the frame "0x03 with both Signing Required and enabled set to True"
In an SMB conversation the last exchange of frames that can occur before SMB signing needs to be confirmed is the "Tree Connect". In your case, the conversation stops at Session Setup, which is not unexpected if SMB Signing is an issue. Start with investigating SMB signing, could start by setting the client to "Required" and re-test.