APAR status
Closed as program error.
Error description
Flash Link that got submitted. https://www.ibm.com/support/pages/node/7239096 Microsoft Windows update released July 8,2025 applied on Domain Controllers will cause accessloss issue with Storage Scale CES SMB/NFS protocol file access. Refer https://msrc.microsoft.com/update-guide/en-US/vulnerabili ty/CVE-2025-49716 Microsoft Windows Server update disables an API that is used by Storage Scale Cluster Export Services (CES) SMB (Samba Winbind). Without the API, users can no longer connect to SMB shares served from Storage Scale CES SMB, specifically when idmap-information is stored in Active Directory. Users Affected 1) All users running with mmuserauth set to "type AD" and unixmap-domains set 2) NFS users are impacted if mmuserauth is configured for AD 3) All versions of Storage Scale 4) in combination with Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016 and other servers Not affected 1) LDAP, NIS and automatic ID-map
Local fix
Till updated to 5.1.9.11 or 5.2.3.2, avoid or uninstall the specific CVE Windows updates.Or apply efix available for your Scale version.
Problem summary
Flash Link that got submitted. https://www.ibm.com/support/pages/node/7239096 Microsoft Windows update released July 8,2025 applied on Domain Controllers will cause accessloss issue with Storage Scale CES SMB/NFS protocol file access. Refer https://msrc.microsoft.com/update-guide/en-US/vulnerabili ty/CVE-2025-49716 Microsoft Windows Server update disables an API that is used by Storage Scale Cluster Export Services (CES) SMB (Samba Winbind). Without the API, users can no longer connect to SMB shares served from Storage Scale CES SMB, specifically when idmap-information is stored in Active Directory. Users Affected 1) All users running with mmuserauth set to "type AD" and unixmap-domains set 2) NFS users are impacted if mmuserauth is configured for AD 3) All versions of Storage Scale 4) in combination with Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016 and other servers Not affected 1) LDAP, NIS and automatic ID-map
Problem conclusion
This problem is fixed in 5.1.9.11 and 5.2.3.2 To see all Spectrum Scale APARs and their respective Fix solutions refer to page: https://public.dhe.ibm.com/storage/spectrumscale/spectrum_scale _apars.html Benefits of the solution: Fixed the code to avoid usage of the netlogon API mentioned in CVE.This helps normal functioning of CES SMB/NFS with Windows Servers updated with security updates. Work Around: Till updated to 5.1.9.11 or 5.2.3.2, avoid or uninstall the specific CVE Windows updates.Or apply efix available for your Scale version. Problem trigger: Microsoft Windows update on Domain Controllers (Windows Servers) utilizingCES with Scale versions below 5.1.9.11, below 5.2.3.2. Symptom: ID Resolution would fail. Platforms affected: All Functional Area affected: SMB/NFS Customer Impact: High Importance
Temporary fix
Comments
APAR Information
APAR number
IJ55289
Reported component name
SPEC SCALE STD
Reported component ID
5737F33AP
Reported release
519
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2025-07-16
Closed date
2025-07-16
Last modified date
2025-07-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SPEC SCALE STD
Fixed component ID
5737F33AP
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"STXKQY"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"519","Line of Business":{"code":"LOB69","label":"Storage TPS"}}]
Document Information
Modified date:
16 July 2025