Network Storage Protocols Discussions

signed smb error: SPNEGO- NTLMSSP negotiation in wrong state

SANTOSHJEERGI

Hi I'm facing error while accessing netapp smb share,

Hostname length is less then 16 characters,

On netapp console, we observe below message when trying to access share

   Tue May  7 16:26:50 PDT [netappedge1stapr:auth.trace.spnegoAuthentication.statusMsg:info]: AUTH: SPNEGO- NTLMSSP negotiation in wrong state for Negotiate message..


What this indicates, at what point during processing NTLM Auth packet is hit. when is it expected.

Attaching pcap for your kind perusal, please apply filter (smb || smb2 && ip.addr==10.199.64.90)

  vaguely suppose it means ntlm flags is incorrect ,

4 REPLIES 4

waldrop

Looking at the trace you provided, if I had to guess this is an issue with SMB signing.  My analysis is below:

frame 51 - client after determined in the initial neg protocol exchange that SMB2 is supported, now starts another neg protocol to determine which version of SMB2 can be used.  Note the "Security Mode" of 0x02 and that "Signing Require = True but Enabled = False"

frame 53 - controller response and again not the security mode section of the frame "0x03 with both Signing Required and enabled set to True"

In an SMB conversation the last exchange of frames that can occur before SMB signing needs to be confirmed is the "Tree Connect".  In your case, the conversation stops at Session Setup, which is not unexpected if SMB Signing is an issue.  Start with investigating SMB signing, could start by setting the client to "Required" and re-test.

SANTOSHJEERGI

On wireshark Session set up response is STATUS_NOT_SUPPORTED.

kodavali

what is the lmcompatibility setting on the controller and the singing settings?

SANTOSHJEERGI

cifs.LMCompatibilityLevel   is  1

can you please tell when is this SPNEGO- NTLMSSP negotiation in wrong state is expected?

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public