This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Kerberos - NT Status: Unkown error code?

0

I'm trying to diagnose a potential Active Directory authentication issue and, in the AS reply packet there seems to be a possible issue in the pre-authentication part. If I expand padata and expand PA-PW-SALT, I see a value string. If I expand that, I see NT Status: Unknown (0x41495341), Unknown: 0x2e434150 and Unknown: 0x4a2e4441. Interestingly, a similar AS-REP packet can be seen in the Wireshark example Kerberos trace.

Is this a benign 'error'? What does it mean?

Thanks.

asked 12 Aug '11, 01:55

ian_uk1975's gravatar image

ian_uk1975
1111
accept rate: 0%

One Answer:

0

As a comparison I loaded the example capture in Network Monitor 3.4, and that shows the padata item is of type PA_PW_SALT with an octect string value as shown by the wireshark Value field. There is no other interpretation of this field in NM so the subsequent fields shown by Wireshark are probably in error and can be ignored.

It would be nice if you could raise a bug report for this on the Wireshark Bugzilla

answered 12 Aug '11, 02:33

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks for confirmation.

Bug raised #6234.

(12 Aug '11, 03:04) ian_uk1975

Can you make your "answer" into a further comment and mark the original answer as an answer.

Link to the bug item.

(12 Aug '11, 04:53) grahamb ♦

(converted your "answer" to a "comment" please see the FAQ for details. Could you also "accept" Graham's answer if it indeed answered your question?)

(12 Aug '11, 08:12) SYN-bit ♦♦