none
Kerberos authenticatin from MAC not detected RRS feed

  • Question

  • We have a mixed environment using MAC OSX and NoMAD to connect to AD resources. The user is logged on local. Our file server is a Synology NAS using Windows integration. ATA does not detect the Kerberos Signin and also not detect the kerberos SMB connection to the Synology. Do I miss something. Our setup is complete virtual. all DC's are lightweight. ATA center is a new install on server 2019.

    Thursday, December 19, 2019 8:53 AM

All replies

  • Any health alerts on the console?
    Thursday, December 19, 2019 9:13 AM
  • Not at all. Looks like this is completely missed in detection. If I connect to the Synology using standard mac authentication in finder using smb://synology it is also not detected. 
    Thursday, December 19, 2019 9:43 AM
  • Are you able to capture those missed authentications using netmon 3.4 on the DC ?

    If yes, I can send you info privately how to share them (or preferably, open a ticket with support and ask them to add me to the email thread), I want to run this cap file in the lab and see if and why we skip this traffic...

    Thursday, December 19, 2019 9:59 AM
  • I can capture the traffic using wireshark from my mac. <style></style>
    Thursday, December 19, 2019 10:16 AM
  • That would be suboptimal , as it's not exactly what the Gateway that is monitoring the DC is seeing,

    so best option is to capture it using netmon where the gateway is running.

    Thursday, December 19, 2019 10:23 AM
  • We have 3 leightweight gateways. The gateway is running on the DC. So if the kerberos session with the DC is working why is it not seen?

    I cannot disclose this sensitive information as it contains kerberos tickets. 

    I see standard req and rep kerberos to bad I cannot easily add a screenshot.

    

    Thursday, December 19, 2019 10:40 AM
  • I have created a ticket with support and will update when I hear something.<style></style>
    Thursday, December 19, 2019 10:49 AM
  • I see in wireshark that MAC is trying a kerberos ticket on udp instead of tcp and gets an error

    KRB Error : KRB5KDC_ERR_PREAUTH_REQUIRED

    KRB ERROR : KRB5KRB_ERR_RESPONSE_TOO_BIG

    dont know if this causes that it is not detected?

    Thursday, December 19, 2019 12:03 PM
  • I do see errors in the gateway updater log

    2019-12-18 14:42:38.8961 12268 4   Error [WebClient+<InvokeAsync>d__8`1] System.Net.Http.HttpRequestException: PostAsync failed [requestTypeName=GetGatewaySoftwareUpdateDataRequest] ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond


    Thursday, December 19, 2019 1:44 PM
  • Hello,

    Thanks for sharing the info about this case.

    It's helpful to other people experiencing the same problem, if the root cause is found out.

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 26, 2019 8:26 AM
    Moderator
  • After a Christmas brake we will continue to work on this case. For now we see a split in the authentication ldap en kerberos going to two different dc’s. The kerberos is first trying udp and after failure splits up in two tcp request and answers. With netmon capture on the kerberos dc we see that the gateway process is not triggered. Another capture is requested and is the next step.
    Thursday, December 26, 2019 9:26 AM