Cannot Browse SMB Shares

I am having an issue connecting to a specific SMB server from OSX El Capitan (10.11.6). I am able to connect to and browse shares on other servers. So, I am trying to figure out what is wrong with the problem SMB server.


I have traced the session traffic between OSX and both these servers and the traffic looks good, and mostly similar, yet OSX will not issue the DCE bind request to srvsvc in the bad case. Rather it will negotiate the session, connect to the IPC share, open the srvsvc pipe, but then promptly disconnects from the share.


I am trying to connect using the Finder and "Connect to Server...". In the failure case, I will receive the following popup:


"there was a problem connecting to the server "badserver".


"There are no shares available or you are not allowed to access them on the server. Please contact your system administrator to resolve the problem"


If I look at the console log messages, there is one clue:


8/29/16 9:50:36.072 AM NetAuthSysAgent[74269]: RPC to srvsrvc gave error 0x16c9a034


Some research points to the error 0x16c9034 being a rpc_s_cannot_connect. Unfortunately, not very helpful.


The perplexing part is that the OSX stack has found the server, successfully authenticated, mounted the IPC share, AND opened the srvsvc file. But fails to issue the Bind request and netshareenum. I am not sure why it cannot connect although I have a suspicion. I am hoping somone has some experience with the SMB stack in OSX. I'm assuming it's the LikeWise stack (PBIS) from powerbroker and I've browsed through that code looking for clues but I end up lost in the weeds.


I can't upload the wireshark pcap files but I can email them if someone wants to take a look. I'll discuss them here instead.


In the Good scenario, I see:


1. Negotiate Request

2. Negotiate Response (success)

3. Setup Request

4. Setup Response (more processing required)

5. Setup Request

6. Setup Response (success)

7. Tree Connect (IPC)

8. Tree Connect Response (success)

9. Create Request (srvsvc)

10. Create Response (success)

11. DCE Bind Request

12. DCE Bind Response

13. NetShareEnum Request

14. NetShareEnum Response


In the Bad scenario, I see the following:


1. Negotiate Request (same as good scenario)

2. Negotiate Response (similar, but not returning a security blob. Not negotiating GSSAPI/SPNEGO)

3. Setup Request (same as good scenario)

4. Setup Response (more processing required, and with NTLMv2 security blob. Not wrapped in GSSAPI/SPNEGO)

5. Setup Request (valid NTLMv2 Security Response)

6. Setup Response (success)

7. Tree Connect Request (IPC) (same as good scenario)

8. Tree Connect Response (success)

9. Create Request (srvsvc) (same as good scenario)

10. Create Response (success)

11. Tree Disconnect Request (IPC) (here is the question. WHY??? Why won't it go forward with the bind request)

12. Tree Disconnect Response (success)


The hypothesis I have is that the OSX SMB stack will not send a bind request on a session that has not negotiated GSSAPI/SPNEGO. Is that true? Does anyone have any visibility into this? Is there any way to enable more verbose logging of the stack? Is there source code for the OSX stack that perhaps I could instrument to see what is going on. I have downloaded the latest pbis stack. I needed to update it a bit for building under the latest XCode/El Capitan but unfortunately the current pbis stack is missing the srvsvc support so OSX must be using some other variant or integration.


Any help is greatly appreciated.

Replies

I am having an issue connecting to a specific SMB server from OSX El Capitan (10.11.6).

DevForums is focused on API level questions. While this question is complex, it doesn’t involve any APIs and, as such, you may have more luck asking it over in the Apple Support Communities, run by AppleCare.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Have you been able to work it out?

We have 3 SMB servers and only on one of them we cannot get the shares listing.


I tested on macOS 10.12.5 (16F73) using the command:

smbutil view //DNS_name_of_SMB_server


Output is:

Share                                           Type    Comments
-------------------------------
0 shares listed


Obviously there are many shares on that SMB server (1000+) and it's configured like the others.

Could it be related to the number of shares? That SMB server has way more shares than the others two.


I read we shouldn't discuss this issue here but I haven't found any relevant thread on Apple Support Communities, maybe we could continue there if this issue still matters to you, just post a link to the thread.