We own two QNAP TS-231P NAS devices, which we use for a couple of months now within our Windows 2012 Server network with Domain Authentication enabled. The firmware used is 4.3.3.0188 which was recently patched with the CVE-2017-7494 fix.
After the fix was applied, we get repeated errors within the Domain Controller's event log similar to the following:
An authentication request for package NTLM was rejected because the target information was invalid. The authentication request did not match the target name of XXXXXXXX.
Source: LSA (LsaSrv)
EventID: 6040
(XXXXXX = NAS hostname and Windows Network name).
We also tried to remove the NAS from the Domain and re-join it, to no effect (error kept appearing). We searched the internet and we only found a Microsoft document indicating that there is an issue with the SMB implementation on the NAS side and it should be fixed.
Any ideas/suggestions?
TS-231P and Windows Domain Auth - Warning in LSA service
-
- First post
- Posts: 1
- Joined: Wed Jun 07, 2017 10:16 pm
- storageman
- Ask me anything
- Posts: 5506
- Joined: Thu Sep 22, 2011 10:57 pm
-
- First post
- Posts: 1
- Joined: Fri Aug 17, 2018 7:49 pm
Re: TS-231P and Windows Domain Auth - Warning in LSA service
Was this issue resolved? We have the same issue on a TS-870U-RP with firmware 4.3.4.0593 Build 20180524.
update: I did some troubleshooting and turned NTLM auditing on. No errors in the NTLM logs but I found out that when the LSA event occurs at exact the same time a specific computer / account has a NTLM authentication. Turning that specific computer of results in stopping the specific LSA event. Not sure what is causing this but will try to reset the user profile on that computer on a later moment, hope that resolves the issue.
So in my case is was able to found the specific computer what is causing this event by turning on NTLM auditing, without it wasn't possible because the LSA event doesn't this kind of information.
update: I did some troubleshooting and turned NTLM auditing on. No errors in the NTLM logs but I found out that when the LSA event occurs at exact the same time a specific computer / account has a NTLM authentication. Turning that specific computer of results in stopping the specific LSA event. Not sure what is causing this but will try to reset the user profile on that computer on a later moment, hope that resolves the issue.
So in my case is was able to found the specific computer what is causing this event by turning on NTLM auditing, without it wasn't possible because the LSA event doesn't this kind of information.
-
- First post
- Posts: 1
- Joined: Sat Apr 10, 2021 1:21 am
Re: TS-231P and Windows Domain Auth - Warning in LSA service
I have the same issue on QNAP NAS TS-219P II...
Firmware version: 4.3.3.1432
Don't those SMB have options!
What can I do?
Thanks,
Firmware version: 4.3.3.1432
Don't those SMB have options!
What can I do?
Thanks,
- dolbyman
- Guru
- Posts: 35273
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: TS-231P and Windows Domain Auth - Warning in LSA service
Please do not necropost, thread marked for closure
As this NAS is EOL, even QNAP will not help, so you are SOL
As this NAS is EOL, even QNAP will not help, so you are SOL