Unable to access map points with NTLM auth after installing MS15-027 on domain controller

Version 1

    Verified Product Versions

    AppSense DataNow 3.6AppSense DataNow 3.5AppSense DataNow 3.0AppSense DataNow 2.0AppSense DataNow 4.0

    Introduction

    Map point shows as offline, although can be added via the admin console.

    Appliance diagnostic logs (orca_out*.log) show invalid credential messages similar to the following:

    jcifs.smb.SmbAuthException: Logon failure: unknown user name or bad password.

    at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:567)

    at jcifs.smb.SmbTransport.send(SmbTransport.java:691)

    at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:395)

    at jcifs.smb.SmbSession.send(SmbSession.java:224)

    at jcifs.smb.SmbTree.treeConnect(SmbTree.java:199)

    at jcifs.smb.SmbFile.doConnect(SmbFile.java:955)

    at jcifs.smb.SmbFile.connect(SmbFile.java:998)

    at jcifs.smb.SmbFile.connect0(SmbFile.java:924)

    at jcifs.smb.SmbFile.open0(SmbFile.java:1014)

    at jcifs.smb.SmbFile.createNewFile(SmbFile.java:2610)

     

    at jcifs.JCIFS.main(JCIFS.java:29)

    A TCP Dump / Network trace show messages similar to the following:

     

    2833216.432939132.229.26.17132.229.18.56SMB206Session Setup AndX Request, NTLMSSP_NEGOTIATE

     

    2833916.433992132.229.18.56132.229.26.17SMB294Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED

     

    2834116.434302132.229.26.17132.229.18.56SMB422Session Setup AndX Request, NTLMSSP_AUTH, User: Domain\User

     

    2835616.437742132.229.18.56132.229.26.17SMB109Session Setup AndX Response, Error: STATUS_LOGON_FAILURE

    Detail

    This can be caused by the following update MS15-027 where the back end resides on certain SAN types. For more details see https://support.microsoft.com/en-us/kb/3002657

    This prevents NTLM authentication (as used by DataNow) from working correctly

    If the storage is configured for Kerberos authentication, DataNow 4 can be configured to use this via the admin console.