Client connections return a "STATUS_INVALID_PARAM" error code when you use a "Send NTLMv2 response only" authentication level in Windows Server 2008 or in Windows Vista
You set the LAN Manager authentication level to Send NTLMv2
response only on a Windows Server 2008-based or Windows Vista-based computer. When a
client connects to this computer without extended security support, the connection may fail and return a
"STATUS_INVALID_PARAM" error code.
In this scenario, the SmbSessionSetup() function fails. This article helps you fix this problem.
Note This problem does not occur on a Windows Server 2003-based or Windows
XP-based computer if you configure the same LAN Manager authentication level.
This problem occurs because of an additional security check
in Windows Server 2008 and in Windows Vista. This problem is
limited to clients that use NTLMv2 authentication without extended
security.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.
Prerequisites
No prerequisites are required to install this hotfix.
Restart requirement
You must restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
Registry information
You have to make the following registry change. To have us make this registry change for you, go to the "Fix it for me" section. If you would rather do this yourself, go to the "Let me fix it myself" section.
Fix it for me
To make this registry change automatically, click the Fix this problem link. Then click Run in the File Download dialog box, and follow the steps in this wizard.
Note This wizard may be in English only; however, the automatic fix also works for other language versions of Windows.
Note If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
Important This section, method, or task contains steps that tell you how to
modify the registry. However, serious problems might occur if you modify the
registry incorrectly. Therefore, make sure that you follow these steps
carefully. For added protection, back up the registry before you modify it.
Then, you can restore the registry if a problem occurs. For more information
about how to back up and restore the registry, click the following article
number to view the article in the Microsoft Knowledge Base:
On the Edit menu, point to
New, and then click DWORD (32-bit)
Value.
Type AllowLegacySrvCall, and then
press ENTER.
Right-click AllowLegacySrvCall, and
then click Modify.
Type 1 in the Value
data box, and then click OK.
Exit Registry Editor.
Did this fix the problem?
Check whether the problem is fixed. If it is fixed, you are finished with this article. If it is not fixed, you can contact support.
File information
The English version of this hotfix has the file
attributes (or later file attributes) that are listed in the following table.
The dates and times for these files are listed in Coordinated Universal Time
(UTC). When you view the file information, it is converted to local time. To
find the difference between UTC and local time, use the Time
Zone tab in the Date and Time item in Control
Panel.
Windows Vista and Windows Server 2008 file information notes
The files that apply to a specific product, milestone (RTM,
SPn) can be identified by examining the file version numbers in the
following table.
Collapse this tableExpand this table
Version
Product
Milestone
Service branch
6.0.600 0.20xxx
Windows
RTM
LDR
6.0.600 1.22xxx
Windows Vista SP1 and Windows Server 2008 SP1
SP1
LDR
Service Pack 1 (SP1) is integrated into Windows Server 2008.
Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files
have a 6.0.0000.xxxxxx version number.
The .manifest files and the .mum files that are installed in each environment are listed separately in the "Additional file information for Windows Server 2008 and for Windows Vista" section. These files and their associated .cat (security catalog) files are critical to maintaining the state of the updated component. The .cat files are signed with a Microsoft digital signature. The attributes of these security files are not listed.
For all supported x86-based versions of Windows Server 2008 and Windows Vista
Collapse this tableExpand this table
File name
File version
File
size
Date
Time
Platform
Msv1_0.dll
6.0.6000.20939
213,504
18-Oct-2008
03:21
x86
Msv1_0.dll
6.0.6001.22290
210,432
18-Oct-2008
03:32
x86
For all supported x64-based versions of Windows Server 2008 and Windows Vista
Collapse this tableExpand this table
File name
File version
File
size
Date
Time
Platform
Msv1_0.dll
6.0.6000.20939
266,752
18-Oct-2008
03:36
x64
Msv1_0.dll
6.0.6001.22290
265,728
20-Oct-2008
12:47
x64
Msv1_0.dll
6.0.6000.20939
213,504
18-Oct-2008
03:21
x86
Msv1_0.dll
6.0.6001.22290
210,432
18-Oct-2008
03:32
x86
For all supported Itanium-based versions of Windows Server 2008
Important This section, method, or task contains steps that tell you how to
modify the registry. However, serious problems might occur if you modify the
registry incorrectly. Therefore, make sure that you follow these steps
carefully. For added protection, back up the registry before you modify it.
Then, you can restore the registry if a problem occurs. For more information
about how to back up and restore the registry, click the following article
number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
To set the LAN Manager authentication level to Send
NTLMv2 response only on a Windows Server 2008-based or Windows Vista-based computer,
follow these steps:
Open Registry Editor. To do this, click
Start, type regedit in the
Start Search box, and then press ENTER.
Locate and then right-click the following registry subkey:
In the details pane, double-click
LMCompatibilityLevel.
In the Value
data box, type 3, and then click OK.
Exit Registry Editor.
The following is a sample network package that uses NTLMv2 authentication without extended security support. The "ExtenedSecurity" value under "Capabilities" indicates whether the extended security
support is enabled or not.
Frame:
+ Ethernet: Etype = Internet IP (IPv4)
+ Ipv4: Next Protocol = TCP, Packet ID = 30978, Total IP Length = 293
+ Tcp: Flags=...PA..., SrcPort=63869, DstPort=Microsoft-DS(445), Len=253, Seq=153239946 - 153240199, Ack=1782260649, Win=49640 (scale factor not found)
+ Nbtss: SESSION MESSAGE, Length = 249
- Smb: C; Session Setup Andx, Account = ADMINISTRATOR
Protocol: SMB
Command: Session Setup Andx 115(0x73)
+ DOSError: No Error
+ SMBHeader: Command, TID: 0x0000, PID: 0x8875, UID: 0x0000, MID: 0x0000
- CSessionSetupAndXNTLMNoESS:
WordCount: 13 (0xD)
ANDXCommand: No Secondary Command 255(0xFF)
AndXReserved: 0 (0x0)
ANDXOffset: 247 (0xF7)
MaxBufferSize: 4096 (0x1000)
MaxMpxCount: 1 (0x1)
VcNumber: 0 (0x0)
SessionKey: 0 (0x0)
CaseInsensitivePwdLen: 24 (0x18)
CaseSensitivePwdLen: 70 (0x46)
Reserved: 0 (0x0)
- Capabilities: 0x00000054
RawMode: (...............................0) No Support for SMB_COM_READ_RAW and SMB_COM_WRITE_RAW (CAP_RAW_MODE)
MpxMode: (..............................0.) No Support for SMB_COM_READ_MPX or SMB_COM_WRITE_MPX (CAP_MPX_MODE)
Unicode: (.............................1..) Supports Unicode Strings (CAP_UNICODE)
LargeFiles: (............................0...) No Support for large files with 64-bit offsets (CAP_LARGE_FILES)
NTSMBs: (...........................1....) Supports SMB NTLM 0.12 dialect commands (implies CAP_NT_FIND) (CAP_NT_SMBS)
RPCRemoteAPIs: (..........................0.....) No Support for remote API requests using RPC over named pipe connections (CAP_RPC_REMOTE_APIS)
NTStatus: (.........................1......) Can respond with 32-bit NT status codes in Status (CAP_NT_STATUS)
LevelIIOplocks: (........................0.......) No Support for Level II oplocks ( CAP_LEVEL_II_OPLOCKS)
LockAndRead: (.......................0........) No Support for SMB_COM_LOCK_AND_READ and SMB_COM_WRITE_AND_UNLOCK (CAP_LOCK_AND_READ)
Reserved_bits9_11: (....................000.........) Reserved
Dfs: (...................0............) This server is NOT Distributed File System (Dfs) aware (CAP_DFS)
InfolevelPassthru: (..................0.............) No Support for Windows NT information level pass-through requests [SMB_INFO_PASSTHROUGH] (CAP_INFOLEVEL_PASSTHRU)
LargeReadx: (.................0..............) No Support for large read operations (CAP_LARGE_READX)
LargeWritex: (................0...............) No Support for large write operations (CAP_LARGE_WRITEX)
Reserved_bits16_22: (.........0000000................) Reserved
Unix: (........0.......................) No Support for UNIX CIFS Extensions (CAP_UNIX)
Reserved_bits24_28: (...00000........................) Reserved
BulkTransfer: (..0.............................) No Support SMB_BULK_READ or SMB_BULK_WRITE (CAP_BULK_TRANSFER)
CompressedData: (.0..............................) No Support compressed data transfer (CAP_COMPRESSED_DATA)
ExtenedSecurity: (0...............................) No Support for extended security exchange (CAP_EXTENDED_SECURITY)
ByteCount: 186 (0xBA)
CaseInsensitivePwd: Binary Large Object (24 Bytes)
CaseSensitivePwd: Binary Large Object (70 Bytes)
+ UnicodeParameters:
ANDXPadding: Binary Large Object (1 Bytes)
Additional file information for Windows Server 2008 and for Windows Vista
Additional files for all supported x86-based versions of Windows Server 2008 and Windows Vista
Back to the top
