mount error(5): Input/output error

mfoley · 07-15-2023, 02:03 PM

I have a Slackware 14.2 system configured as a Windows Active Directory / Domain Controller. For many years I've had a script on this server that mounts the domain's various Windows 10 workstation's C: drives to scan for bogus downloads, etc. This script runs daily after business hours. The C: drives are marked as shared, accessible by the domain administrator.

Starting 4 days ago, this script started failing:

Code:

> mount //dbserver/C /mnt/tmp -o vers=2.1,username=adminuser,rw,password=adminpw
mount error(5): Input/output error
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

I've rebooted the computer. I've tried several things I've found on the web including chaning vers to 2.0 and 3.0, adding sec=ntlm, verifying the admin account is not locked out. Nothing has helped.

Nothing has changed on the Linux server prior to this -- no upgrades, etc. I am suspecting something changed on the Windows workstations. Suspiciously, the very day this script stopped working (7/12/2023) there were two Windows updates, "2023-07 Cumulative Update for Windows 10 Version 22H2 for x64-bases Systems (KB5028166)" and "Cumulative Update for .NET Framework 3.4, 4.8 and 4.81 for Windows 10 Version 22H2 for x64 (KB5028937).

Any idea what could be causing the problem?

smallpond · 07-16-2023, 07:37 AM

Have you checked the logs to see if there is additional info on the error?

mfoley · 07-16-2023, 11:03 AM

/var/log/messages has:

Code:

Jul 16 11:50:57 mail kernel: [121742.086514] Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE

The Security event log on the Windows box has:

Code:

Log Name: Security
Source: Microsoft Windows security  Logged: 7/16/2023 11:50:57 AM
Event ID: 4265                      Task Category: Logon
Level: Information                  Keywords: Audit Failure
User: N/A                           Computer: commonW10.hprs.local
OpCode: Info

Details:

+ System 
  - Provider 
   [ Name]  Microsoft-Windows-Security-Auditing 
   [ Guid]  {54849625-5478-4994-a5ba-3e3b0328c30d} 
   EventID 4625 
    Version 0 
    Level 0 
    Task 12544 
    Opcode 0 
    Keywords 0x8010000000000000 
   - TimeCreated 
   [ SystemTime]  2023-07-16T15:50:57.5167835Z 
   EventRecordID 1825129 
  - Correlation 
   [ ActivityID]  {a6182928-b52b-0001-162a-18a62bb5d901} 
  - Execution 
   [ ProcessID]  848 
   [ ThreadID]  3472 
   Channel Security 
   Computer commonW10.hprs.local 
   Security 
- EventData 
  SubjectUserSid S-1-0-0 
  SubjectUserName - 
  SubjectDomainName - 
  SubjectLogonId 0x0 
  TargetUserSid S-1-0-0 
  TargetUserName Administrator 
  TargetDomainName HPRS 
  Status 0xc000018d 
  FailureReason %%2304 
  SubStatus 0x0 
  LogonType 3 
  LogonProcessName NtLmSsp  
  AuthenticationPackageName NTLM 
  WorkstationName - 
  TransmittedServices - 
  LmPackageName - 
  KeyLength 0 
  ProcessId 0x0 
  ProcessName - 
  IpAddress 192.168.0.2 
  IpPort 43032

Is this meaningful to someone? I'm thinking of backing out the update on one of the workstations and seeing if that makes a difference.

mfoley · 07-16-2023, 12:59 PM

OK, I've verified that removing the 7/12/2023 Windows update, "2023-07 Cumulative Update for Windows 10 Version 22H2 for x64-bases Systems (KB5028166)" does allow me to mount the Windows drive on Linux.

I can't be the only Linux user mounting Windows folders/drives affected by this, but I see nothing on the net about this problem.

pan64 · 07-17-2023, 05:19 AM

from windows side probably something similar like this: https://support.microsoft.com/en-gb/...c-e45f8d568d0b
from samba side: https://learn.microsoft.com/en-us/an...ionship-broken

MadeInGermany · 07-17-2023, 06:12 AM

Run

Code:

man mount.cfs

and see the options. Play with different sec= options.
For ex it might need sec=ntlmv2 or sec=ntlmssp

mfoley · 08-01-2023, 04:59 PM

I had removed update KB5028166 and stopped updates for 7 day. Now that the 7 days is expiring, I'm back to having the mount problem.

Quote:

Originally Posted by MadeInGermany

Run

Code:

man mount.cfs

and see the options. Play with different sec= options.
For ex it might need sec=ntlmv2 or sec=ntlmssp

I tried pretty much all the sec options with no joy. I also tried vers=3.0. I think this problem is more related to the Microsoft link below.

Quote:

Originally Posted by pan64

from windows side probably something similar like this: https://support.microsoft.com/en-gb/...c-e45f8d568d0b
from samba side: https://learn.microsoft.com/en-us/an...ionship-broken

Your second link seems to the point. There is a suggestion to un-join and rejoin the domain, then reinstall the update. I'll try that, but not for a few days when I go to the physical site.

One poster on that site mentioned "Hiding the specific update". Does anyone know about "hiding" updates? The poster didn't have a lot of detail. Does one remove the update first, then do the hide thing? Does this prevent the update from ever downloading again?

More later ...

us1776 · 08-29-2023, 02:36 PM

While I do not have that particular Windows Update installed, I get basically the same error when trying to mount to Windows share. Any further success on permanent solution? Mounting the windows share previously worked, but now this response:

Code:

mount.cifs kernel mount options: ip=192.168.2.118,unc=\\ab******u\D$,vers=2.0,uid=33,gid=33,user=******,domain=campus,pass=********
mount error(5): Input/output error
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Checking dmesg output, I get this:

Code:

[  679.765049] Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
[  679.765060] CIFS VFS: Send error in SessSetup = -5
[  679.766178] CIFS VFS: cifs_mount failed w/return code = -5
[  701.416858] CIFS VFS: ioctl error in smb2_get_dfs_refer rc=-5
[ 1688.384880] CIFS VFS: Free previous auth_key.response = 00000000772370b6
[ 2623.717312] CIFS VFS: Free previous auth_key.response = 0000000096959543
[ 3559.049942] CIFS VFS: Free previous auth_key.response = 00000000516f1046
[ 4266.897120] Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
[ 4266.897131] CIFS VFS: Send error in SessSetup = -5
[ 4266.898247] CIFS VFS: cifs_mount failed w/return code = -5
[ 4494.388814] CIFS VFS: Free previous auth_key.response = 00000000030d3a83
[ 5459.703600] CIFS VFS: Free previous auth_key.response = 00000000a994dc23
[ 6425.025948] CIFS VFS: Free previous auth_key.response = 000000004e3e29ca
[ 7390.347957] CIFS VFS: Free previous auth_key.response = 000000006ca62c76
[ 8082.817542] Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE
[ 8082.817551] CIFS VFS: Send error in SessSetup = -5
[ 8082.818663] CIFS VFS: cifs_mount failed w/return code = -5

mfoley · 09-14-2023, 12:50 PM

I tried today to follow the "hide" instructions from pam64's post, but I find that KB5028166 has disappeared from my update list, so I can't uninstall it. Yet, I still cannot mount Windows drives from Samaba.

Does anyone know what happened? Has KB5028166 been superseded by something newer?

pan64 · 09-14-2023, 01:26 PM

you need to check MS Support or documentation for this, for example here: https://support.microsoft.com/en-gb/...f-a14a329c6c20

mfoley · 10-16-2023, 02:47 PM

Quote:

Originally Posted by pan64

you need to check MS Support or documentation for this, for example here: https://support.microsoft.com/en-gb/...f-a14a329c6c20

I will post a question to Microsoft support about this, although I think they will be of little help when it comes to mapping drives from non-Windows computers.

I was hoping some Linux user would have some insight. Surely there are plenty of Linux users out the mapping (mounting) Windows drives. What mount syntax are you using? I'm doing:

Code:

> mount //windows10/C /mnt/tmp -o vers=2.1,username=adminuser,rw,password=adminpw
mount error(5): Input/output error
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

I've tried various versions of vers= and all options for sec=. In /var/log/messages I get:

Code:

Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE

Note that if I use sec=none instead of "Input/Output error" I get:

Code:

password specified twice, ignoring second
mount error(13): Permission denied

Is it possibly a problem with my version of mount? I'm using version 2.27.1 (libmount 2.27.0: assert, debug)

If someone is using successful mounts of shared Windows 10 drives, I'd like to know what mount options you're using.

Thanks.

rkelsen · 10-16-2023, 03:24 PM

No such problem here with Slackware64-15.0.

mount version = 2.37.4
samba version = 4.18.8

Not sure if it is anything to do with this, but there were some big changes to security in Samba between the versions included with Slackware 14.2 and 15.0.

Side question, just out of interest: For your DC do you use MIT or Heimdal Kerberos?

rkelsen · 10-16-2023, 05:33 PM

I found an article about the update in question. It seems that this problem also hit (among others) users of Synology NAS hardware:

https://www.neowin.net/news/kb502816...lease-a-patch/

The main file share in my office is running W10 22H2, and it received the KB5028166 patch on 12th July. As I mentioned earlier, our backup machine (which runs Slackware64-15.0) doesn't seem to have been impacted by the update at all.

mfoley · 10-18-2023, 04:03 PM

Well, I guess we'll have to wait until I upgrade the DC which is currently Slackware 14.2 and Samba 4.8.2. I was once told how to determine if I'm using Heimdal or MIT, but I forget how to do that. In any case, I can't switch that w/o upgrading.