✅ Validations
-
Check the BSR SMB logs for events ACCESS_DENIED
-
Check the Domain Controller for events 5838 & 5839
-
BSR Appliance is running older than 23.4.6
-
Confirm log events on both; the BSR and the customer’s Active Directory Domain Controller
-
If “NTLM/CVE” is applicable to scenario upgrade to BSR to 23.4.6+ (negate the need to modify the customer’s environment respective Active Directory Domain Controller(s))
Work-around if prevented by Security Team or CTO
⚠️ Management has advised Racktop Support to not make modifications to respective customer’s environment, instead advise to Update to 23.4.6+ or provide the Work-Around below for the customer to execute. ⚠️
-
Have the Customer obtain approval and apply the RequireSeal Registry Key to the respective Active Directory Domain Controllers (you can resolve manually or using cli option below):
-
run script from cmd.exe as Administrator
reg add HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v RequireSeal /t REG_DWORD /d 1
-
validate the Registry Key addition
reg query HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters /v RequireSeal
-
Validation should return 0x1
-
Restart SMB services: svcadm restart smb
-
Validate SMB Share connectivity
-
Schedule BSR Upgrade to 23.4.6+