TS-231P and Windows Domain Auth - Warning in LSA service

Windows Access Rights Management
Locked
mx5gr
First post
Posts: 1
Joined: Wed Jun 07, 2017 10:16 pm

TS-231P and Windows Domain Auth - Warning in LSA service

Post by mx5gr » Wed Jun 07, 2017 10:24 pm

We own two QNAP TS-231P NAS devices, which we use for a couple of months now within our Windows 2012 Server network with Domain Authentication enabled. The firmware used is 4.3.3.0188 which was recently patched with the CVE-2017-7494 fix.

After the fix was applied, we get repeated errors within the Domain Controller's event log similar to the following:

An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of XXXXXXXX.
Source: LSA (LsaSrv)
EventID: 6040

(XXXXXX = NAS hostname and Windows Network name).

We also tried to remove the NAS from the Domain and re-join it, to no effect (error kept appearing). We searched the internet and we only found a Microsoft document indicating that there is an issue with the SMB implementation on the NAS side and it should be fixed.

Any ideas/suggestions?

User avatar
storageman
Ask me anything
Posts: 5511
Joined: Thu Sep 22, 2011 10:57 pm

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by storageman » Wed Jun 07, 2017 11:47 pm


loekie88
First post
Posts: 1
Joined: Fri Aug 17, 2018 7:49 pm

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by loekie88 » Fri Aug 17, 2018 8:00 pm

Was this issue resolved? We have the same issue on a TS-870U-RP with firmware 4.3.4.0593 Build 20180524.

update: I did some troubleshooting and turned NTLM auditing on. No errors in the NTLM logs but I found out that when the LSA event occurs at exact the same time a specific computer / account has a NTLM authentication. Turning that specific computer of results in stopping the specific LSA event. Not sure what is causing this but will try to reset the user profile on that computer on a later moment, hope that resolves the issue.

So in my case is was able to found the specific computer what is causing this event by turning on NTLM auditing, without it wasn't possible because the LSA event doesn't this kind of information.

ruilopes
First post
Posts: 1
Joined: Sat Apr 10, 2021 1:21 am

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by ruilopes » Thu Apr 15, 2021 12:10 am

I have the same issue on QNAP NAS TS-219P II...
Firmware version: 4.3.3.1432

Don't those SMB have options!

What can I do?

Thanks,

User avatar
dolbyman
Guru
Posts: 22700
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: TS-231P and Windows Domain Auth - Warning in LSA service

Post by dolbyman » Thu Apr 15, 2021 12:14 am

Please do not necropost, thread marked for closure

As this NAS is EOL, even QNAP will not help, so you are SOL

Locked

Return to “Windows”