Hi everyone!
We have a Linux application with an old product installed failing to authenticate to our W2K19 DCs. When enabling SMBv1 and SMB audit (https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3), I found several error messages, all identical to the following:
Event[98]:
Log Name: Microsoft-Windows-SMBServer/Security
Source: Microsoft-Windows-SMBServer
Date: 2020-10-22T11:35:02.268
Event ID: 551
Task: N/A
Level: Error
Opcode: Info
Keyword: Audit Failure
User: S-1-5-18
User Name: NT AUTHORITY\SYSTEM
Computer: srvwi087.tce.ms
Description:
SMB Session Authentication Failure
Client Name: \192.168.0.149
Client Address: 192.168.0.149:56880
User Name:
Session ID: 0x348AF000006D
Status: The attempted logon is invalid. This is either due to a bad username or authentication information. (0xC000006D)
SPN: session setup failed before the SPN could be queried
SPN Validation Policy: SPN optional / no validation
Guidance:
You should expect this error when attempting to connect to shares using incorrect credentials.
This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients.
This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, an incorrect service principal name, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
So, based on the above, how can I investigate further to find out what are these incompatible settings? Any ideas? By the way, the same application works on W2K8R2 DC, but we need to turn off this old DC.
Thanks all.