KB2536276 kills SMB access to old Linux Samba
Windows Update on my Windows Server 2008 R2 x64 installed KB2536276 last night, and today I could not access my Linux Samba file share. I uninstalled this update and now can access my shared files again. I got "The specified server cannot perform the requested operation" when I tried to access the share, with nothing recorded in the event log. What is in this update that kills access to the Samba shares? I'm using SMB1. Thanks.
June 16th, 2011 11:33pm

We are getting a similar problem. With the update we cannot access SAMBA shares on our RISC. This only occurs with Win XP clients, not Windows 7 clients. The problem goes away when we uninstall. This is huge for us right now since we need to roll out the critical security fix. Has anyone found a workaround? I will be using an MSDN incident for this after we do more testing.
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2011 1:07pm

Windows XP Home SP3 + all updates = have problem with KB2536276 (roll back) Windows Vista 64-bit Home Basic SP2 + all updates is about = no problem with KB2536276 Windows 7 32-bit Home Basic SP1 + all updates is about = no problem with KB2536276
June 17th, 2011 5:29pm

In our shop, Windows Server 2008 R2+ all updates = problem with KB2536276 - roll back Windows 7 Professional (64-bit I think) + all updates = problem with KB2536276 - roll back Windows XP Professional SP3 x86 = no problem yet, but need to verify whether the update has been applied on these machines. Most of our machines don't have updates automatically applied. If you can, let us know of the results of your MSDN incident report.
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2011 11:23am

We've seen this too. It breaks access to Server Elements' NASLite: http://www.serverelements.com/ which uses non-authenticated access. Also access to shared printers in workgroup environments seems to be influenced. Removing KB2536276 is a workaround only. An updated KB2536276 is urgently needed. Gustav Brock
June 18th, 2011 11:54am

There seem to be issues if using unencrypted passwords, but I am using encrypted passwords =yes. I have a Windows XP Pro SP3 box that has no problem accessing the shares with the patch in place.
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2011 5:46pm

Thanks June K123! Setting "encrypt passwords = yes" in the smb.conf file fixed the problem for me :)
June 18th, 2011 10:23pm

We've seen this too. It breaks access to Server Elements' NASLite: http://www.serverelements.com/ which uses non-authenticated access. Also access to shared printers in workgroup environments seems to be influenced. Removing KB2536276 is a workaround only. An updated KB2536276 is urgently needed. Gustav Brock Yes! An updated KB2536276 is urgently needed! I have seen the same situation when I connect to NetApp NAS server. For certain reason, our organization cannot configure the authenticated access. Windows 7, for now, have no troubles with KB2536276 update. I seems that MS could not verify this patch enough for Win XP environment.
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2011 9:54pm

I have seen the same situation when I connect to NetApp NAS server. We too have identical problem with NetApp filer. We are connecting shares via net use login script and after patch was applied to Win 2003 R2 SP2 Ent it stopped working. Rollback patch and it works fine again. Call was logged with Microsoft Australia last week but they suggested to log a call with NetApp... We need to get MS representative to have a look at this thread.
June 20th, 2011 6:54pm

Change the domain name on SMB config file to greater than 7 characters. Doesn't even need to be a legitimate domain name just anything then restart the SMB share, doesn't tappear to be anything to do with encryption for us
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 5:58am

We are getting a similar problem. With the update we cannot access SAMBA shares on our RISC. This only occurs with Win XP clients, not Windows 7 clients. The problem goes away when we uninstall. This is huge for us right now since we need to roll out the critical security fix. Has anyone found a workaround? I will be using an MSDN incident for this after we do more testing. I can't believe that Microsoft has not weighed in on such a specific problem. (Do they care?) I have not had problems with my XP machines, But the patch completely locks out my SMB shares on Win 7. I only have a few running Win 7 so until they fix this I turned of the automatic install on Windows Update went to add/remove windows updates and removed to patch (KB2536276) Rebooted, then when it reboots and you go to Windows Update and install all updates except the mentioned patch, then tell it to ignore it next time. Unfortunately when you turn the Auto Updates back on I believe it installs all security patches. This will work in the short term but, if I had 25, 50 or even a 100 machines to look after it would be a HUGE PIA. I dont think my boss is ready to plunk down $$$$$ to get a new server, even an inexpensive one. Hope this helps...I think this would work for XP if it had this problem as well.
June 22nd, 2011 7:30am

Hi, I found this page which mentioned the issue on Windows XP SP3. Please have a look: http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2536276-windows-xp-pc-get-system-error-58-when/d9dbdde5-2666-4423-b47c-fbdb80b995d9Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 10:10pm

Hi, I found this page which mentioned the issue on Windows XP SP3. Please have a look: http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/kb2536276-windows-xp-pc-get-system-error-58-when/d9dbdde5-2666-4423-b47c-fbdb80b995d9 Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tngfb@microsoft.com That's more detail on the "use encrypted passwords" answer above.
June 22nd, 2011 11:00pm

Change the domain name on SMB config file to greater than 7 characters. Doesn't even need to be a legitimate domain name just anything then restart the SMB share, doesn't tappear to be anything to do with encryption for us I am using a work group that is 3 characters (it is the Windows work group) - we aren't using a domain, so I have no domain name in my smb.config. It's busy season for us, so I'm reluctant to mess with anything until we're back in quiet time, but I'll give it a shot then.
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 11:04pm

Known issues with this security update • After you install this security update on a computer that is running Windows XP or Windows Server 2003, you may be unable to access Samba shares. This problem occurs only if you use plain text passwords. Note The use of plain text passwords is no longer supported in Samba. This problem occurs if the following condition is true: "bytecount <8" & & encryptkeylength=0 "Bytecount" is the length of the computer's workgroup or domain name. This problem occurs if the workgroup or domain name is less than 8 bytes, including the null terminator. Therefore, the problem occurs if the workgroup or domain name uses fewer than 3 Unicode characters. All Samba versions that support plain text passwords are affected by this problem. Workaround Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in Windows To work around this problem, follow these steps: 1. Disable plain text configuration on both client and server computers. • To do this on the server computer, add the following line to the configuration file on the affected server: Encrypt passwords=Yes Note By default, the server configuration file is named "smb.conf." • To do this on the client computer, set the EnablePlainTextPassword registry entry to a value of 0 (zero) and then restart the computer. To configure the EnablePlainTextPassword registry entry, follow these steps: 1. Click Start , click Run , type regedit in the Open box, and then click OK . 2. Locate and then click the following subkey in the registry: <samp>HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LanmanWorkstation\Parameters </samp> 3. Right-click EnablePlainTextPassword , and then click Modify . 4. In the Value data box, type 0 , and then click OK . 5. Exit Registry Editor, and then restart the computer. 2. Verify that the domain or workgroup name is at least 3 Unicode characters long. After you follow these steps, users can install the security update and also access the Samba shares. If the problem still occurs after you follow these steps, you may have a problem with your version of Samba. Contact the manufacturer to obtain the latest updates for your product. For more information about this issue, and for more information about an update for Samba that may resolve the issue, visit the following third-party webpage: https://bugzilla.samba.org/show_bug.cgi?id=8238 The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
June 27th, 2011 4:19am

That references the Windows XP & Unencrypted passwords problem, but that wasn't my problem which was Windows 7 & 2008 R2 (both are 64-bit versions) & encrypted passwords not being able to access Samba 2.2.3a. The answer is probably to upgrade to the latest Samba, but that won't happen until the fall. In the meantime, the patch is off of those machines.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 2:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics