SMB - Connection error with RouterOS SMB Server

I host an SMB server on a Mikrotik router that runs RouterOS v7.17. In the most recent update they changed something and now Infuse fails to connect to the SMB share. On the other hand native macOS SMB client can still connect without a problem.

I tried to troubleshoot by sniffing network traffic with Wireshark. Below are the Wireshark dissected excerpts.

When I use Infuse:

--Request by Infuse--> SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        SMB Command: Negotiate Protocol (0x72)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x18, Canonicalized Pathnames, Case Sensitivity
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0xc843, Unicode Strings, Error Code Type, Extended Security Negotiation, Long Names Used, Extended Attributes, Long Names Allowed
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
            .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
            .... .... .1.. .... = Long Names Used: Path names in request are long file names
            .... .... ...0 .... = Security Signatures Required: Security signatures are not required
            .... .... .... 0... = Compressed: Compression is not requested
            .... .... .... .0.. = Security Signatures: Security signatures are not supported
            .... .... .... ..1. = Extended Attributes: Extended attributes are supported
            .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 0
        Process ID: 1344
        User ID: 0
        Multiplex ID: 0
    Negotiate Protocol Request (0x72)
        Word Count (WCT): 0
        Byte Count (BCC): 34
        Requested Dialects
            Dialect: NT LM 0.12
                Buffer Format: Dialect (2)
                Name: NT LM 0.12
            Dialect: SMB 2.002
                Buffer Format: Dialect (2)
                Name: SMB 2.002
            Dialect: SMB 2.???
                Buffer Format: Dialect (2)
                Name: SMB 2.???

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 0
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
    Negotiate Protocol Response (0x00)
        StructureSize: 0x0041
            0000 0000 0100 000. = Fixed Part Length: 32
            .... .... .... ...1 = Dynamic Part: True
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Dialect: SMB2 wildcard (0x02ff)
        Reserved: 0
        Server Guid: 00000000-0000-0000-0000-000000000000
        Capabilities: 0x0000000c, LARGE MTU, MULTI CHANNEL
            .... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Max Transaction Size: 1048576
        Max Read Size: 4194304
        Max Write Size: 4194304
        Current Time: Jan 19, 2025 19:31:13.155350300 PST
        Boot Time: No time specified (0)
        Blob Offset: 0x00000080
        Blob Length: 74
        Security Blob: 604806062b0601050502a03e303ca00e300c060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c656173655f69676e6f7265
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 1 item
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                        negHints
                            hintName: not_defined_in_RFC4178@please_ignore
        Reserved2: 0x00000000

--Request by Infuse--> SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        Channel Sequence: 0
        Reserved: 0000
        Command: Negotiate Protocol (0)
        Credits requested: 99
        Flags: 0x00000000
            .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response in: 28]
    Negotiate Protocol Request (0x00)
        [Preauth Hash: d5a10eba0dae463de64e00a9d6f28d86caf27f31cbee57633eee39494cbf27b6c601bf7ee95418c314a20508a331866661c4abd3b99240566b0f96e46bb3f036]
        StructureSize: 0x0024
            0000 0000 0010 010. = Fixed Part Length: 18
            .... .... .... ...0 = Dynamic Part: False
        Dialect count: 4
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Reserved: 0000
        Capabilities: 0x00000045, DFS, LARGE MTU, ENCRYPTION
            .... .... .... .... .... .... .... ...1 = DFS: This host supports DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 0... = MULTI CHANNEL: This host does NOT support MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .1.. .... = ENCRYPTION: This host supports ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Client Guid: 51497ea5-5cef-b244-b964-6e8ce408a16f
        NegotiateContextOffset: 0x00000000
        NegotiateContextCount: 0
        Reserved: 0000
        Dialect: SMB 2.0.2 (0x0202)
        Dialect: SMB 2.1 (0x0210)
        Dialect: SMB 3.0 (0x0300)
        Dialect: SMB 3.0.2 (0x0302)

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_INSUFFICIENT_RESOURCES (0xc000009a)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response to: 24]
        [Time from request: 0.000004000 seconds]
    Negotiate Protocol Response (0x00)
        [Preauth Hash: f4c7dbdcf3ecb837e5cb129c6cc7c78a3a6f3b2b56109787fd24bcdf2ce7ac44650bd5b25beafbb863ca3411f0f53ebfc1a15743abe42cd58eb4777cdc21ddc2]
        StructureSize: 0x0009
            0000 0000 0000 100. = Fixed Part Length: 4
            .... .... .... ...1 = Dynamic Part: True
        Error Context Count: 0
        Reserved: 0x00
        Byte Count: 0
        Error Data: 00

When I use macOS’s Finder:

--Request by macOS--> SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        SMB Command: Negotiate Protocol (0x72)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x08, Case Sensitivity
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0xc801, Unicode Strings, Error Code Type, Extended Security Negotiation, Long Names Allowed
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
            .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
            .... .... .0.. .... = Long Names Used: Path names in request are not long file names
            .... .... ...0 .... = Security Signatures Required: Security signatures are not required
            .... .... .... 0... = Compressed: Compression is not requested
            .... .... .... .0.. = Security Signatures: Security signatures are not supported
            .... .... .... ..0. = Extended Attributes: Extended attributes are not supported
            .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 65535
        Process ID: 1
        User ID: 65535
        Multiplex ID: 0
    Negotiate Protocol Request (0x72)
        Word Count (WCT): 0
        Byte Count (BCC): 34
        Requested Dialects
            Dialect: NT LM 0.12
                Buffer Format: Dialect (2)
                Name: NT LM 0.12
            Dialect: SMB 2.002
                Buffer Format: Dialect (2)
                Name: SMB 2.002
            Dialect: SMB 2.???
                Buffer Format: Dialect (2)
                Name: SMB 2.???

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 0
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
    Negotiate Protocol Response (0x00)
        StructureSize: 0x0041
            0000 0000 0100 000. = Fixed Part Length: 32
            .... .... .... ...1 = Dynamic Part: True
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Dialect: SMB2 wildcard (0x02ff)
        Reserved: 0
        Server Guid: 00000000-0000-0000-0000-000000000000
        Capabilities: 0x0000000c, LARGE MTU, MULTI CHANNEL
            .... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Max Transaction Size: 1048576
        Max Read Size: 4194304
        Max Write Size: 4194304
        Current Time: Jan 19, 2025 19:12:36.815501500 PST
        Boot Time: No time specified (0)
        Blob Offset: 0x00000080
        Blob Length: 74
        Security Blob: 604806062b0601050502a03e303ca00e300c060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c656173655f69676e6f7265
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 1 item
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                        negHints
                            hintName: not_defined_in_RFC4178@please_ignore
        Reserved2: 0x00000000

--Request by macOS--> SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        Channel Sequence: 0
        Reserved: 0000
        Command: Negotiate Protocol (0)
        Credits requested: 0
        Flags: 0x00000000
            .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x0000feff
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response in: 58]
    Negotiate Protocol Request (0x00)
        [Preauth Hash: d31c2830b42fa5c6603ae5e67d9fbbd519687ecc35f3a604d91d0b2cf677831d9ee858e922cf7f1e2fbd9e18b9c1fef59ddb991a3fe69433da1d3eac9afa60c8]
        StructureSize: 0x0024
            0000 0000 0010 010. = Fixed Part Length: 18
            .... .... .... ...0 = Dynamic Part: False
        Dialect count: 5
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Reserved: 0000
        Capabilities: 0x0000007f, DFS, LEASING, LARGE MTU, MULTI CHANNEL, PERSISTENT HANDLES, DIRECTORY LEASING, ENCRYPTION
            .... .... .... .... .... .... .... ...1 = DFS: This host supports DFS
            .... .... .... .... .... .... .... ..1. = LEASING: This host supports LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...1 .... = PERSISTENT HANDLES: This host supports PERSISTENT HANDLES
            .... .... .... .... .... .... ..1. .... = DIRECTORY LEASING: This host supports DIRECTORY LEASING
            .... .... .... .... .... .... .1.. .... = ENCRYPTION: This host supports ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Client Guid: 5918f3a6-8558-bf44-bce9-89cb9c46119a
        NegotiateContextOffset: 0x00000070
        NegotiateContextCount: 5
        Reserved: 0000
        Dialect: SMB 2.0.2 (0x0202)
        Dialect: SMB 2.1 (0x0210)
        Dialect: SMB 3.0 (0x0300)
        Dialect: SMB 3.0.2 (0x0302)
        Dialect: SMB 3.1.1 (0x0311)
        Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES 
            Type: SMB2_PREAUTH_INTEGRITY_CAPABILITIES (0x0001)
            DataLength: 38
            Reserved: 00000000
            HashAlgorithmCount: 1
            SaltLength: 32
            HashAlgorithm: SHA-512 (0x0001)
            Salt: b2967270afec39d772b756b248b7e7f8c6868f28a5bd3dae84be2c94061cdd38
        Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES 
            Type: SMB2_ENCRYPTION_CAPABILITIES (0x0002)
            DataLength: 10
            Reserved: 00000000
            CipherCount: 4
            CipherId: AES-256-GCM (0x0004)
            CipherId: AES-256-CCM (0x0003)
            CipherId: AES-128-GCM (0x0002)
            CipherId: AES-128-CCM (0x0001)
        Negotiate Context: SMB2_COMPRESSION_CAPABILITIES 
            Type: SMB2_COMPRESSION_CAPABILITIES (0x0003)
            DataLength: 10
            Reserved: 00000000
            CompressionAlgorithmCount: 1
            Flags: 0x00000000
                .... .... .... .... .... .... .... ...0 = Chained: False
                0000 0000 0000 0000 0000 0000 0000 000. = Reserved: 0x00000000
            CompressionAlgorithmId: None (0x0000)
        Negotiate Context: SMB2_SIGNING_CAPABILITIES 
            Type: SMB2_SIGNING_CAPABILITIES (0x0008)
            DataLength: 6
            Reserved: 00000000
            SigningAlgorithmCount: 2
            SigningAlgorithmId: AES-GMAC (0x0002)
            SigningAlgorithmId: AES-CMAC (0x0001)
        Negotiate Context: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID 
            Type: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID (0x0005)
            DataLength: 58
            Reserved: 00000000
            Netname: Shared Movies._smb._tcp.local

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x0000feff
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response to: 54]
        [Time from request: 0.000007000 seconds]
    Negotiate Protocol Response (0x00)
        [Preauth Hash: 5c8cf3670d9ca5d3b91e2199ac05900e9dc87288dfab3e1ebf702d0fba52eaeafe46ae3070c36de4b1460af9540cd3ceeb601c97b62ba1d73ab22a9a011d192f]
        StructureSize: 0x0041
            0000 0000 0100 000. = Fixed Part Length: 32
            .... .... .... ...1 = Dynamic Part: True
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Dialect: SMB 3.1.1 (0x0311)
        NegotiateContextCount: 3
        Server Guid: 00000000-0000-0000-0000-000000000000
        Capabilities: 0x0000000c, LARGE MTU, MULTI CHANNEL
            .... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Max Transaction Size: 1048576
        Max Read Size: 4194304
        Max Write Size: 4194304
        Current Time: Jan 19, 2025 19:12:36.820239300 PST
        Boot Time: No time specified (0)
        Blob Offset: 0x00000080
        Blob Length: 74
        Security Blob: 604806062b0601050502a03e303ca00e300c060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c656173655f69676e6f7265
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 1 item
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                        negHints
                            hintName: not_defined_in_RFC4178@please_ignore
        NegotiateContextOffset: 0x000000d0
        Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES 
            Type: SMB2_PREAUTH_INTEGRITY_CAPABILITIES (0x0001)
            DataLength: 38
            Reserved: 00000000
            HashAlgorithmCount: 1
            SaltLength: 32
            HashAlgorithm: SHA-512 (0x0001)
            Salt: edb44f22adfc8867776d42525d298d1ee4b228e0690e951e33ad271ab36e6f6a
        Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES 
            Type: SMB2_ENCRYPTION_CAPABILITIES (0x0002)
            DataLength: 4
            Reserved: 00000000
            CipherCount: 1
            CipherId: AES-128-GCM (0x0002)
        Negotiate Context: SMB2_SIGNING_CAPABILITIES 
            Type: SMB2_SIGNING_CAPABILITIES (0x0008)
            DataLength: 4
            Reserved: 00000000
            SigningAlgorithmCount: 1
            SigningAlgorithmId: AES-CMAC (0x0001)

While I’m sure my router vendor can do better and will eventually address the problem, perhaps my case may shed some light onto similar problems I saw on this forum.

I’d try changing the SMB to Legacy or one of the other options.

I see you changed your post of the Infuse log to show SMB instead of SMB2 but I’d still try the other options.

Currently (and the updated capture above reflects that) it’s set to Auto. Although I did try all available SMB versions in Infuse prior to posting, none worked.

RouterOS documents that they only support 2.1, 3.0 and 3.1.1 SMB dialects.

Thanks for the report and providing the Wireshark traces.

TL;DR - It seems this 7.17 update from Microtik is quite broken, and downgrading to 7.16.2 would be the recommended path forward for now.

I installed their 7.17 router on a VM and enabled the SMB server. Although the network trace indicates that the server supports SMB 3.1.1, 3.0.2, 3.0.0, 2.1.0, and 2.0.2, this update has a bug where it will return the STATUS_INSUFFICIENT_RESOURCES error (0xC000009A) for the SMB2 Negotiate packet unless the SMB 3.1.1 dialect’s additional structures are present in the packet, regardless of whether the network client supports SMB 3.1.1. When no SMB 3.1.1 dialect is present in the negotiate request, but the 3.1.1 additional data is present, even Wireshark flags the packet as malformed, but this is the only way to avoid the 0xC000009A error.

Trying to connect Windows 8.1 to a Microtik router also fails with the 0xC000009A error. This is because while SMB3 support was added to Windows 8.1 and Server 2012, these only support SMB 3.0.0 and SMB 3.0.2 dialects. This version of Windows therefore doesn’t send the additional SMB 3.1.1 payload. The same thing happens with Windows 7, which only supports SMB1 and SMB2. macOS does seem to support SMB 3.1.1 (as a client) so that is why you see things working there.

There are comments on the forums claiming that reverting Microtik to 7.16.2 resolves these issues.

We were hoping that we would be able tweak the packets that we send to work-around this, as we have done numerous times for NAS drives that don’t adhere to the standard, but we can’t send additional data at the end of a packet hoping that a server that only supports up to SMB 3.0.2 will ignore the extraneous data. It would be too much of a risk. Therefore, the only short-term solution is to report this to Microtik and for them to fix their implementation.

With that said, there is work in progress to add support for SMB 3.1.1 to Infuse and early tests show this will successfully connect to this Microtik version, but other issues occur after connecting (likely due to the current implementation being incomplete) but it is promising.

Hope this helps. :slight_smile:

1 Like

Great troubleshooting! I’ll forward it in my support request with the vendor.

I didn’t want to risk with a downgrade and switched to their DLNA server for Infuse access. It seems to work although the usage experience is inferior compared to the SMB share.

1 Like

Yes, unfortunately Infuse’s library feature won’t be available when using UPnP/DLNA connections, and some file formats (such as ISO, VIDEO_TS, BDMV) won’t be visible. :frowning:

FWIW, the VLC app seems to be able to connect to that share. Although the main drawback to this approach is the VLC app player…