NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

steveoelliott's avatar
steveoelliott
Luminary
May 23, 2019

Strange Samba Logs

Hi,

 

I've recently noticed these repeated in logs over and over again, sometimes for hours on end:

 

May 22 10:09:00 DESPAIR smbd[31430]: [2019/05/22 10:09:00.923582, 0] ../source3/rpc_server/svcctl/srv_svcctl_nt.c:326(_svcctl_OpenServiceW)
May 22 10:09:01 DESPAIR smbd[31430]: _svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_
svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid secur
ity descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to ge
t a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenService
W: Failed to get a valid security descriptor_svcctl_OpenServiceW: Failed to get a valid security descriptor_svcctl_OpenS
May 22 10:09:01 DESPAIR smbd[31430]: +>

 

I have not noticed anything untoward but the logs indicate something awry allbeit with no real detail.

2 Replies

  • kohdee's avatar
    kohdee
    NETGEAR Expert
    May 23, 2019

    Are you joined to a domain? svcctl seems to be related to rpc_server in samba, which is domain related. Perhaps something in your network is constantly nagging samba with invalid security settings? You can try manually debugging it using `smbcontrol smbd debug 10` and tracking it more closely when it happens.  Return to 0 to disable debug logging.

    • steveoelliott's avatar
      steveoelliott
      Luminary
      May 24, 2019

      Interestingly I could find very little when searching those logs on Google... As far as I know there is no domain configured on any PC's. I checked the smb process number against smbstatus and there have been two machines generating these errors. I'm remote from the site so will need to verify this.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More