1

I am trying to find information specifying the protocol negotiation process for newer HP printers that can perform direct scans to Windows-style shared folders - in particular, the HP 8600-series is of interest.

Do they support client encryption/SMB signing? NTLM v2? LM??? (gasp)

I am diagnosing a problem with a new HP 8620 that scans to different SAMBA-hosted network folders; one target folder works, one does not, and I believe the difference may be in an unintentional difference in authentication protocols defined on the two servers. Finding out what the printer is trying to negotiate would probably help me identify the problem.

Thanks.

EDIT 1: Per suggestion below, I have performed Wireshark traces from the printer to the two machines below. I'm not an expert in interpreting these traces, but what I can tell suggests the authentication "dance" on the failed machine just never finishes, with the last sequence coming at lines 14 and 15. The printer is 10.10.10.19; the .103 and .221 boxes are the SAMBA servers (.103 SAMBA 4, .221 SAMBA 3.6). What I notice is that no FID is returned, no error message indicating failure, nothing. THe traces seem entirely consistent through Line 14/15, so I'm comparing that to the successful log that follows:

FAILED MACHINE:

  1   0.000000  10.10.10.19 -> 10.10.10.103 TCP 78 55828â445 [SYN] Seq=0 Win=8688 Len=0 MSS=1460 WS=1 SACK_PERM=1 TSval=187791417 TSecr=0
  2   0.000041 10.10.10.103 -> 10.10.10.19  TCP 74 445â55828 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=3741580874 TSecr=187791417 WS=128
  3   0.001924  10.10.10.19 -> 10.10.10.103 TCP 66 55828â445 [ACK] Seq=1 Ack=1 Win=8688 Len=0 TSval=187791417 TSecr=3741580874
  4   0.002367  10.10.10.19 -> 10.10.10.103 SMB 117 Negotiate Protocol Request
  5   0.002386 10.10.10.103 -> 10.10.10.19  TCP 66 445â55828 [ACK] Seq=1 Ack=52 Win=14592 Len=0 TSval=3741580877 TSecr=187791417
  6   0.014887 10.10.10.103 -> 10.10.10.19  SMB 229 Negotiate Protocol Response
  7   0.016745  10.10.10.19 -> 10.10.10.103 TCP 66 55828â445 [ACK] Seq=52 Ack=164 Win=8525 Len=0 TSval=187791434 TSecr=3741580887
  8   0.017679  10.10.10.19 -> 10.10.10.103 SMB 262 Session Setup AndX Request, NTLMSSP_NEGOTIATE
  9   0.018642 10.10.10.103 -> 10.10.10.19  SMB 388 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
 10   0.020685  10.10.10.19 -> 10.10.10.103 TCP 66 55828â445 [ACK] Seq=248 Ack=486 Win=8203 Len=0 TSval=187791434 TSecr=3741580892
 11   0.022331  10.10.10.19 -> 10.10.10.103 SMB 372 Session Setup AndX Request, NTLMSSP_AUTH, User: DOMAIN\username
 12   0.029536 10.10.10.103 -> 10.10.10.19  SMB 176 Session Setup AndX Response
 13   0.031310  10.10.10.19 -> 10.10.10.103 TCP 66 55828â445 [ACK] Seq=554 Ack=596 Win=8093 Len=0 TSval=187791434 TSecr=3741580902
 14   0.032957  10.10.10.19 -> 10.10.10.103 SMB 158 Tree Connect AndX Request, Path: \\BADSERVER\share
 15   0.039874 10.10.10.103 -> 10.10.10.19  SMB 124 Tree Connect AndX Response
 16   0.041636  10.10.10.19 -> 10.10.10.103 TCP 66 55828â445 [ACK] Seq=646 Ack=654 Win=8035 Len=0 TSval=187791450 TSecr=3741580914

 17   0.042079  10.10.10.19 -> 10.10.10.103 TCP 66 55828â445 [FIN, PSH, ACK] Seq=646 Ack=654 Win=8035 Len=0 TSval=187791450 TSecr=3741580914
 18   0.043937 10.10.10.103 -> 10.10.10.19  TCP 66 445â55828 [FIN, ACK] Seq=654 Ack=647 Win=16640 Len=0 TSval=3741580918 TSecr=187791450
 19   0.045975  10.10.10.19 -> 10.10.10.103 TCP 66 55828â445 [ACK] Seq=647 Ack=655 Win=8688 Len=0 TSval=187791450 TSecr=3741580918

SUCCESSFUL MACHINE:

  1   0.000000  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [SYN] Seq=0 Win=8688 Len=0 MSS=1460 WS=0 TSV=180162767 TSER=0
  2   0.000033 10.10.10.221 -> 10.10.10.19  TCP microsoft-ds > 8250 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=3678666998 TSER=180162767 WS=5
  3   0.001947  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=1 Ack=1 Win=8688 Len=0 TSV=180162767 TSER=3678666998
  4   0.002607  10.10.10.19 -> 10.10.10.221 SMB Negotiate Protocol Request
  5   0.002639 10.10.10.221 -> 10.10.10.19  TCP microsoft-ds > 8250 [ACK] Seq=1 Ack=52 Win=5792 Len=0 TSV=3678667000 TSER=180162767
  6   0.076796 10.10.10.221 -> 10.10.10.19  SMB Negotiate Protocol Response
  7   0.078526  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=52 Ack=132 Win=8557 Len=0 TSV=180162834 TSER=3678667075
  8   0.079324  10.10.10.19 -> 10.10.10.221 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE
  9   0.079332 10.10.10.221 -> 10.10.10.19  TCP microsoft-ds > 8250 [ACK] Seq=132 Ack=248 Win=6880 Len=0 TSV=3678667077 TSER=180162834
 10   0.088372 10.10.10.221 -> 10.10.10.19  SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED
 11   0.090557  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=248 Ack=456 Win=8233 Len=0 TSV=180162850 TSER=3678667086
 12   0.091804  10.10.10.19 -> 10.10.10.221 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: DOMAIN\user
 13   0.120898 10.10.10.221 -> 10.10.10.19  SMB Session Setup AndX Response
 14   0.122607  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=536 Ack=568 Win=8121 Len=0 TSV=180162884 TSER=3678667119
 15   0.123154  10.10.10.19 -> 10.10.10.221 SMB Tree Connect AndX Request, Path: \\GOODSERVER\share
 16   0.135254 10.10.10.221 -> 10.10.10.19  SMB Tree Connect AndX Response
 17   0.138331  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=626 Ack=626 Win=8063 Len=0 TSV=180162900 TSER=3678667133
 18   0.139029  10.10.10.19 -> 10.10.10.221 SMB NT Create AndX Request, Path: \F4B3C982.6340D596
 19   0.153709 10.10.10.221 -> 10.10.10.19  SMB NT Create AndX Response, FID: 0x42b0
 20   0.155404  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=752 Ack=733 Win=7956 Len=0 TSV=180162917 TSER=3678667151
 21   0.155901  10.10.10.19 -> 10.10.10.221 SMB Write AndX Request, FID: 0x42b0, 24 bytes at offset 0
 22   0.159137 10.10.10.221 -> 10.10.10.19  SMB Write AndX Response, FID: 0x42b0, 24 bytes
 23   0.160794  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=844 Ack=784 Win=7905 Len=0 TSV=180162917 TSER=3678667157
 24   0.162241  10.10.10.19 -> 10.10.10.221 SMB Close Request, FID: 0x42b0
 25   0.166263 10.10.10.221 -> 10.10.10.19  SMB Close Response, FID: 0x42b0
 26   0.167933  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=889 Ack=823 Win=7866 Len=0 TSV=180162934 TSER=3678667164
 27   0.168381  10.10.10.19 -> 10.10.10.221 SMB Delete Request, Path: \F4B3C982.6340D596
 28   0.182953 10.10.10.221 -> 10.10.10.19  SMB Delete Response
 29   0.184558  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=969 Ack=862 Win=7827 Len=0 TSV=180162950 TSER=3678667181
 30   0.185005  10.10.10.19 -> 10.10.10.221 SMB Logoff AndX Request
 31   0.208397 10.10.10.221 -> 10.10.10.19  SMB Logoff AndX Response
 32   0.210116  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=1012 Ack=905 Win=7784 Len=0 TSV=180162967 TSER=3678667206
 33   0.210563  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [FIN, PSH, ACK] Seq=1012 Ack=905 Win=7784 Len=0 TSV=180162967 TSER=3678667206
 34   0.247346 10.10.10.221 -> 10.10.10.19  TCP microsoft-ds > 8250 [FIN, ACK] Seq=905 Ack=1013 Win=7936 Len=0 TSV=3678667245 TSER=180162967
 35   0.249357  10.10.10.19 -> 10.10.10.221 TCP 8250 > microsoft-ds [ACK] Seq=1013 Ack=906 Win=8688 Len=0 TSV=180163000 TSER=3678667245
David W
  • 181
  • 8
  • Did you tried to test with another user account ? – yagmoth555 Jun 26 '15 at 03:14
  • Yes. I've tested with two different domain accounts and the results are the same in all cases - the share on "Server 1" works, the share on "Server 2" fails. Hence my thought I've got a difference in auth. protocols on the two boxes. Existing samba setup has been working fine with other shares for some time, so changes are made only hesitantly... – David W Jun 26 '15 at 03:15
  • a quick wireshark could answer some question then. with a filter like ip.src==ip_hp_scanner to prevent the log to be enourmous. I told as some gear got problem with newer OS that block by default some old protocol like you told too. I have in mind lm/ntlmv1. Can you update the gear firmware before making any big move ? – yagmoth555 Jun 26 '15 at 03:30
  • Great idea, @yagmoth555. The printer is literally out-of-the-box new, but I will check for firmware updates and run a wireshark on the auth step and see what I get. – David W Jun 26 '15 at 03:33
  • @yagmoth555 I have done the traces per your suggestion and posted the results. There are clear differences; one seems to just "stop", whiile the other works. – David W Jun 27 '15 at 12:33
  • One other tidbit: I attempted to connect to the same share using the same identity from a non-printer client (which always works), and notice immediately the two negotiate an SMB2 protocol, not SMB1 as noted here. I think we have a situation where the "failing" server wants SMB2, but the printer doesn't support or recognize the negotiation. Surely newer HP printers would support SMB2?? – David W Jun 27 '15 at 13:35

1 Answers1

0

Further review of the packet captures reveals that the issue stems from the fact that the printer in question supports only NTLM 0.12 on SMB1, and nothing more current. I am surprised that any current network device that supports authentication doesn't support a more contemporary and more secure protocol. Very disappointing.

David W
  • 181
  • 8