TS-231P and Windows Domain Auth - Warning in LSA service

Windows Access Rights Management
Locked
mx5gr
First post
Posts: 1
Joined: Wed Jun 07, 2017 10:16 pm

TS-231P and Windows Domain Auth - Warning in LSA service

Post by mx5gr »

We own two QNAP TS-231P NAS devices, which we use for a couple of months now within our Windows 2012 Server network with Domain Authentication enabled. The firmware used is 4.3.3.0188 which was recently patched with the CVE-2017-7494 fix.

After the fix was applied, we get repeated errors within the Domain Controller's event log similar to the following:

An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of XXXXXXXX.
Source: LSA (LsaSrv)
EventID: 6040

(XXXXXX = NAS hostname and Windows Network name).

We also tried to remove the NAS from the Domain and re-join it, to no effect (error kept appearing). We searched the internet and we only found a Microsoft document indicating that there is an issue with the SMB implementation on the NAS side and it should be fixed.

Any ideas/suggestions?
User avatar
storageman
Ask me anything
Posts: 5507
Joined: Thu Sep 22, 2011 10:57 pm

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by storageman »

loekie88
First post
Posts: 1
Joined: Fri Aug 17, 2018 7:49 pm

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by loekie88 »

Was this issue resolved? We have the same issue on a TS-870U-RP with firmware 4.3.4.0593 Build 20180524.

update: I did some troubleshooting and turned NTLM auditing on. No errors in the NTLM logs but I found out that when the LSA event occurs at exact the same time a specific computer / account has a NTLM authentication. Turning that specific computer of results in stopping the specific LSA event. Not sure what is causing this but will try to reset the user profile on that computer on a later moment, hope that resolves the issue.

So in my case is was able to found the specific computer what is causing this event by turning on NTLM auditing, without it wasn't possible because the LSA event doesn't this kind of information.
ruilopes
First post
Posts: 1
Joined: Sat Apr 10, 2021 1:21 am

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by ruilopes »

I have the same issue on QNAP NAS TS-219P II...
Firmware version: 4.3.3.1432

Don't those SMB have options!

What can I do?

Thanks,
User avatar
dolbyman
Guru
Posts: 34903
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by dolbyman »

Please do not necropost, thread marked for closure

As this NAS is EOL, even QNAP will not help, so you are SOL
Locked

Return to “Windows”