SMB - Connection error with RouterOS SMB Server

I host an SMB server on a Mikrotik router that runs RouterOS v7.17. In the most recent update they changed something and now Infuse fails to connect to the SMB share. On the other hand native macOS SMB client can still connect without a problem.

I tried to troubleshoot by sniffing network traffic with Wireshark. Below are the Wireshark dissected excerpts.

When I use Infuse:

--Request by Infuse--> SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        SMB Command: Negotiate Protocol (0x72)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x18, Canonicalized Pathnames, Case Sensitivity
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...1 .... = Canonicalized Pathnames: Pathnames are canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0xc843, Unicode Strings, Error Code Type, Extended Security Negotiation, Long Names Used, Extended Attributes, Long Names Allowed
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
            .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
            .... .... .1.. .... = Long Names Used: Path names in request are long file names
            .... .... ...0 .... = Security Signatures Required: Security signatures are not required
            .... .... .... 0... = Compressed: Compression is not requested
            .... .... .... .0.. = Security Signatures: Security signatures are not supported
            .... .... .... ..1. = Extended Attributes: Extended attributes are supported
            .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 0
        Process ID: 1344
        User ID: 0
        Multiplex ID: 0
    Negotiate Protocol Request (0x72)
        Word Count (WCT): 0
        Byte Count (BCC): 34
        Requested Dialects
            Dialect: NT LM 0.12
                Buffer Format: Dialect (2)
                Name: NT LM 0.12
            Dialect: SMB 2.002
                Buffer Format: Dialect (2)
                Name: SMB 2.002
            Dialect: SMB 2.???
                Buffer Format: Dialect (2)
                Name: SMB 2.???

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 0
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
    Negotiate Protocol Response (0x00)
        StructureSize: 0x0041
            0000 0000 0100 000. = Fixed Part Length: 32
            .... .... .... ...1 = Dynamic Part: True
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Dialect: SMB2 wildcard (0x02ff)
        Reserved: 0
        Server Guid: 00000000-0000-0000-0000-000000000000
        Capabilities: 0x0000000c, LARGE MTU, MULTI CHANNEL
            .... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Max Transaction Size: 1048576
        Max Read Size: 4194304
        Max Write Size: 4194304
        Current Time: Jan 19, 2025 19:31:13.155350300 PST
        Boot Time: No time specified (0)
        Blob Offset: 0x00000080
        Blob Length: 74
        Security Blob: 604806062b0601050502a03e303ca00e300c060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c656173655f69676e6f7265
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 1 item
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                        negHints
                            hintName: not_defined_in_RFC4178@please_ignore
        Reserved2: 0x00000000

--Request by Infuse--> SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        Channel Sequence: 0
        Reserved: 0000
        Command: Negotiate Protocol (0)
        Credits requested: 99
        Flags: 0x00000000
            .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response in: 28]
    Negotiate Protocol Request (0x00)
        [Preauth Hash: d5a10eba0dae463de64e00a9d6f28d86caf27f31cbee57633eee39494cbf27b6c601bf7ee95418c314a20508a331866661c4abd3b99240566b0f96e46bb3f036]
        StructureSize: 0x0024
            0000 0000 0010 010. = Fixed Part Length: 18
            .... .... .... ...0 = Dynamic Part: False
        Dialect count: 4
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Reserved: 0000
        Capabilities: 0x00000045, DFS, LARGE MTU, ENCRYPTION
            .... .... .... .... .... .... .... ...1 = DFS: This host supports DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 0... = MULTI CHANNEL: This host does NOT support MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .1.. .... = ENCRYPTION: This host supports ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Client Guid: 51497ea5-5cef-b244-b964-6e8ce408a16f
        NegotiateContextOffset: 0x00000000
        NegotiateContextCount: 0
        Reserved: 0000
        Dialect: SMB 2.0.2 (0x0202)
        Dialect: SMB 2.1 (0x0210)
        Dialect: SMB 3.0 (0x0300)
        Dialect: SMB 3.0.2 (0x0302)

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_INSUFFICIENT_RESOURCES (0xc000009a)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response to: 24]
        [Time from request: 0.000004000 seconds]
    Negotiate Protocol Response (0x00)
        [Preauth Hash: f4c7dbdcf3ecb837e5cb129c6cc7c78a3a6f3b2b56109787fd24bcdf2ce7ac44650bd5b25beafbb863ca3411f0f53ebfc1a15743abe42cd58eb4777cdc21ddc2]
        StructureSize: 0x0009
            0000 0000 0000 100. = Fixed Part Length: 4
            .... .... .... ...1 = Dynamic Part: True
        Error Context Count: 0
        Reserved: 0x00
        Byte Count: 0
        Error Data: 00

When I use macOS’s Finder:

--Request by macOS--> SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        SMB Command: Negotiate Protocol (0x72)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x08, Case Sensitivity
            0... .... = Request/Response: Message is a request to the server
            .0.. .... = Notify: Notify client only on open
            ..0. .... = Oplocks: OpLock not requested/granted
            ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
            .... 1... = Case Sensitivity: Path names are caseless
            .... ..0. = Receive Buffer Posted: Receive buffer has not been posted
            .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
        Flags2: 0xc801, Unicode Strings, Error Code Type, Extended Security Negotiation, Long Names Allowed
            1... .... .... .... = Unicode Strings: Strings are Unicode
            .1.. .... .... .... = Error Code Type: Error codes are NT error codes
            ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
            ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
            .... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
            .... .0.. .... .... = Reparse Path: The request does not use a @GMT reparse path
            .... .... .0.. .... = Long Names Used: Path names in request are not long file names
            .... .... ...0 .... = Security Signatures Required: Security signatures are not required
            .... .... .... 0... = Compressed: Compression is not requested
            .... .... .... .0.. = Security Signatures: Security signatures are not supported
            .... .... .... ..0. = Extended Attributes: Extended attributes are not supported
            .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 65535
        Process ID: 1
        User ID: 65535
        Multiplex ID: 0
    Negotiate Protocol Request (0x72)
        Word Count (WCT): 0
        Byte Count (BCC): 34
        Requested Dialects
            Dialect: NT LM 0.12
                Buffer Format: Dialect (2)
                Name: NT LM 0.12
            Dialect: SMB 2.002
                Buffer Format: Dialect (2)
                Name: SMB 2.002
            Dialect: SMB 2.???
                Buffer Format: Dialect (2)
                Name: SMB 2.???

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 0
        Reserved: 0x00000000
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
    Negotiate Protocol Response (0x00)
        StructureSize: 0x0041
            0000 0000 0100 000. = Fixed Part Length: 32
            .... .... .... ...1 = Dynamic Part: True
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Dialect: SMB2 wildcard (0x02ff)
        Reserved: 0
        Server Guid: 00000000-0000-0000-0000-000000000000
        Capabilities: 0x0000000c, LARGE MTU, MULTI CHANNEL
            .... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Max Transaction Size: 1048576
        Max Read Size: 4194304
        Max Write Size: 4194304
        Current Time: Jan 19, 2025 19:12:36.815501500 PST
        Boot Time: No time specified (0)
        Blob Offset: 0x00000080
        Blob Length: 74
        Security Blob: 604806062b0601050502a03e303ca00e300c060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c656173655f69676e6f7265
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 1 item
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                        negHints
                            hintName: not_defined_in_RFC4178@please_ignore
        Reserved2: 0x00000000

--Request by macOS--> SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        Channel Sequence: 0
        Reserved: 0000
        Command: Negotiate Protocol (0)
        Credits requested: 0
        Flags: 0x00000000
            .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x0000feff
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response in: 58]
    Negotiate Protocol Request (0x00)
        [Preauth Hash: d31c2830b42fa5c6603ae5e67d9fbbd519687ecc35f3a604d91d0b2cf677831d9ee858e922cf7f1e2fbd9e18b9c1fef59ddb991a3fe69433da1d3eac9afa60c8]
        StructureSize: 0x0024
            0000 0000 0010 010. = Fixed Part Length: 18
            .... .... .... ...0 = Dynamic Part: False
        Dialect count: 5
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Reserved: 0000
        Capabilities: 0x0000007f, DFS, LEASING, LARGE MTU, MULTI CHANNEL, PERSISTENT HANDLES, DIRECTORY LEASING, ENCRYPTION
            .... .... .... .... .... .... .... ...1 = DFS: This host supports DFS
            .... .... .... .... .... .... .... ..1. = LEASING: This host supports LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...1 .... = PERSISTENT HANDLES: This host supports PERSISTENT HANDLES
            .... .... .... .... .... .... ..1. .... = DIRECTORY LEASING: This host supports DIRECTORY LEASING
            .... .... .... .... .... .... .1.. .... = ENCRYPTION: This host supports ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Client Guid: 5918f3a6-8558-bf44-bce9-89cb9c46119a
        NegotiateContextOffset: 0x00000070
        NegotiateContextCount: 5
        Reserved: 0000
        Dialect: SMB 2.0.2 (0x0202)
        Dialect: SMB 2.1 (0x0210)
        Dialect: SMB 3.0 (0x0300)
        Dialect: SMB 3.0.2 (0x0302)
        Dialect: SMB 3.1.1 (0x0311)
        Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES 
            Type: SMB2_PREAUTH_INTEGRITY_CAPABILITIES (0x0001)
            DataLength: 38
            Reserved: 00000000
            HashAlgorithmCount: 1
            SaltLength: 32
            HashAlgorithm: SHA-512 (0x0001)
            Salt: b2967270afec39d772b756b248b7e7f8c6868f28a5bd3dae84be2c94061cdd38
        Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES 
            Type: SMB2_ENCRYPTION_CAPABILITIES (0x0002)
            DataLength: 10
            Reserved: 00000000
            CipherCount: 4
            CipherId: AES-256-GCM (0x0004)
            CipherId: AES-256-CCM (0x0003)
            CipherId: AES-128-GCM (0x0002)
            CipherId: AES-128-CCM (0x0001)
        Negotiate Context: SMB2_COMPRESSION_CAPABILITIES 
            Type: SMB2_COMPRESSION_CAPABILITIES (0x0003)
            DataLength: 10
            Reserved: 00000000
            CompressionAlgorithmCount: 1
            Flags: 0x00000000
                .... .... .... .... .... .... .... ...0 = Chained: False
                0000 0000 0000 0000 0000 0000 0000 000. = Reserved: 0x00000000
            CompressionAlgorithmId: None (0x0000)
        Negotiate Context: SMB2_SIGNING_CAPABILITIES 
            Type: SMB2_SIGNING_CAPABILITIES (0x0008)
            DataLength: 6
            Reserved: 00000000
            SigningAlgorithmCount: 2
            SigningAlgorithmId: AES-GMAC (0x0002)
            SigningAlgorithmId: AES-CMAC (0x0001)
        Negotiate Context: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID 
            Type: SMB2_NETNAME_NEGOTIATE_CONTEXT_ID (0x0005)
            DataLength: 58
            Reserved: 00000000
            Netname: Shared Movies._smb._tcp.local

<--Reply by RouterOS-- SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 0
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Negotiate Protocol (0)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 1
        Reserved: 0x0000feff
        Tree Id: 0x00000000
        Session Id: 0x0000000000000000
        Signature: 00000000000000000000000000000000
        [Response to: 54]
        [Time from request: 0.000007000 seconds]
    Negotiate Protocol Response (0x00)
        [Preauth Hash: 5c8cf3670d9ca5d3b91e2199ac05900e9dc87288dfab3e1ebf702d0fba52eaeafe46ae3070c36de4b1460af9540cd3ceeb601c97b62ba1d73ab22a9a011d192f]
        StructureSize: 0x0041
            0000 0000 0100 000. = Fixed Part Length: 32
            .... .... .... ...1 = Dynamic Part: True
        Security mode: 0x01, Signing enabled
            .... ...1 = Signing enabled: True
            .... ..0. = Signing required: False
        Dialect: SMB 3.1.1 (0x0311)
        NegotiateContextCount: 3
        Server Guid: 00000000-0000-0000-0000-000000000000
        Capabilities: 0x0000000c, LARGE MTU, MULTI CHANNEL
            .... .... .... .... .... .... .... ...0 = DFS: This host does NOT support DFS
            .... .... .... .... .... .... .... ..0. = LEASING: This host does NOT support LEASING
            .... .... .... .... .... .... .... .1.. = LARGE MTU: This host supports LARGE_MTU
            .... .... .... .... .... .... .... 1... = MULTI CHANNEL: This host supports MULTI CHANNEL
            .... .... .... .... .... .... ...0 .... = PERSISTENT HANDLES: This host does NOT support PERSISTENT HANDLES
            .... .... .... .... .... .... ..0. .... = DIRECTORY LEASING: This host does NOT support DIRECTORY LEASING
            .... .... .... .... .... .... .0.. .... = ENCRYPTION: This host does NOT support ENCRYPTION
            .... .... .... .... .... .... 0... .... = NOTIFICATIONS: This host does NOT support receiving NOTIFICATIONS
        Max Transaction Size: 1048576
        Max Read Size: 4194304
        Max Write Size: 4194304
        Current Time: Jan 19, 2025 19:12:36.820239300 PST
        Boot Time: No time specified (0)
        Blob Offset: 0x00000080
        Blob Length: 74
        Security Blob: 604806062b0601050502a03e303ca00e300c060a2b06010401823702020aa32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c656173655f69676e6f7265
            GSS-API Generic Security Service Application Program Interface
                OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
                Simple Protected Negotiation
                    negTokenInit
                        mechTypes: 1 item
                            MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                        negHints
                            hintName: not_defined_in_RFC4178@please_ignore
        NegotiateContextOffset: 0x000000d0
        Negotiate Context: SMB2_PREAUTH_INTEGRITY_CAPABILITIES 
            Type: SMB2_PREAUTH_INTEGRITY_CAPABILITIES (0x0001)
            DataLength: 38
            Reserved: 00000000
            HashAlgorithmCount: 1
            SaltLength: 32
            HashAlgorithm: SHA-512 (0x0001)
            Salt: edb44f22adfc8867776d42525d298d1ee4b228e0690e951e33ad271ab36e6f6a
        Negotiate Context: SMB2_ENCRYPTION_CAPABILITIES 
            Type: SMB2_ENCRYPTION_CAPABILITIES (0x0002)
            DataLength: 4
            Reserved: 00000000
            CipherCount: 1
            CipherId: AES-128-GCM (0x0002)
        Negotiate Context: SMB2_SIGNING_CAPABILITIES 
            Type: SMB2_SIGNING_CAPABILITIES (0x0008)
            DataLength: 4
            Reserved: 00000000
            SigningAlgorithmCount: 1
            SigningAlgorithmId: AES-CMAC (0x0001)

While I’m sure my router vendor can do better and will eventually address the problem, perhaps my case may shed some light onto similar problems I saw on this forum.

I’d try changing the SMB to Legacy or one of the other options.

I see you changed your post of the Infuse log to show SMB instead of SMB2 but I’d still try the other options.

Currently (and the updated capture above reflects that) it’s set to Auto. Although I did try all available SMB versions in Infuse prior to posting, none worked.

RouterOS documents that they only support 2.1, 3.0 and 3.1.1 SMB dialects.

Thanks for the report and providing the Wireshark traces.

TL;DR - It seems this 7.17 update from Microtik is quite broken, and downgrading to 7.16.2 would be the recommended path forward for now.

I installed their 7.17 router on a VM and enabled the SMB server. Although the network trace indicates that the server supports SMB 3.1.1, 3.0.2, 3.0.0, 2.1.0, and 2.0.2, this update has a bug where it will return the STATUS_INSUFFICIENT_RESOURCES error (0xC000009A) for the SMB2 Negotiate packet unless the SMB 3.1.1 dialect’s additional structures are present in the packet, regardless of whether the network client supports SMB 3.1.1. When no SMB 3.1.1 dialect is present in the negotiate request, but the 3.1.1 additional data is present, even Wireshark flags the packet as malformed, but this is the only way to avoid the 0xC000009A error.

Trying to connect Windows 8.1 to a Microtik router also fails with the 0xC000009A error. This is because while SMB3 support was added to Windows 8.1 and Server 2012, these only support SMB 3.0.0 and SMB 3.0.2 dialects. This version of Windows therefore doesn’t send the additional SMB 3.1.1 payload. The same thing happens with Windows 7, which only supports SMB1 and SMB2. macOS does seem to support SMB 3.1.1 (as a client) so that is why you see things working there.

There are comments on the forums claiming that reverting Microtik to 7.16.2 resolves these issues.

We were hoping that we would be able tweak the packets that we send to work-around this, as we have done numerous times for NAS drives that don’t adhere to the standard, but we can’t send additional data at the end of a packet hoping that a server that only supports up to SMB 3.0.2 will ignore the extraneous data. It would be too much of a risk. Therefore, the only short-term solution is to report this to Microtik and for them to fix their implementation.

With that said, there is work in progress to add support for SMB 3.1.1 to Infuse and early tests show this will successfully connect to this Microtik version, but other issues occur after connecting (likely due to the current implementation being incomplete) but it is promising.

Hope this helps.

Great troubleshooting! I’ll forward it in my support request with the vendor.

I didn’t want to risk with a downgrade and switched to their DLNA server for Infuse access. It seems to work although the usage experience is inferior compared to the SMB share.

Yes, unfortunately Infuse’s library feature won’t be available when using UPnP/DLNA connections, and some file formats (such as ISO, VIDEO_TS, BDMV) won’t be visible.

FWIW, the VLC app seems to be able to connect to that share. Although the main drawback to this approach is the VLC app player…

The vendor released a new update (v7.17.2) where they supposedly fixed the problem. Infuse still cannot connect but the sniffing reveals different behavior. The protocol negotiation succeeds and it can authenticate. However an attempt to list the share fails:

SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 1
        Channel Sequence: 0
        Reserved: 0000
        Command: Ioctl (11)
        Credits requested: 1
        Flags: 0x00000000
            .... .... .... .... .... .... .... ...0 = Response: This is a REQUEST
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 8
        Reserved: 0x00000000
        Tree Id: 0x00000002  \\gateway\IPC$
            [Tree: \\gateway\IPC$]
            [Share Type: Named pipe (0x02)]
            [Connected in Frame: 26]
        Session Id: 0x0000000000000001 Acct:GUEST Domain: Host:Stratos_E96396
            [Account: GUEST]
            [Domain: ]
            [Host: Stratos_E96396]
            [Authenticated in Frame: 18]
        Signature: 00000000000000000000000000000000
        [Response in: 38]
    Ioctl Request (0x0b)
        StructureSize: 0x0039
            0000 0000 0011 100. = Fixed Part Length: 28
            .... .... .... ...1 = Dynamic Part: True
        Reserved: 0000
        Function: FSCTL_PIPE_TRANSCEIVE (0x0011c017)
            0000 0000 0001 0001 .... .... .... .... = Device: NAMED_PIPE (0x0011)
            .... .... .... .... 11.. .... .... .... = Access: FILE_READ_WRITE_ACCESS (0x3)
            .... .... .... .... ..00 0000 0001 01.. = Function: 0x005
            .... .... .... .... .... .... .... ..11 = Method: METHOD_NEITHER (0x3)
        GUID handle File: srvsvc
            File Id: 00000000-0000-0000-0000-000000000000
        Max Ioctl In Size: 0
        Max Ioctl Out Size: 4280
        Flags: 0x00000001
            .... .... .... .... .... .... .... ...1 = Is FSCTL: True
        Reserved: 00000000
        Blob Offset: 0x00000078
        Blob Length: 88
        In Data
        Blob Offset: 0x00000078
        Blob Length: 0
        Out Data: NO DATA
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 88, Call: 2, Ctx: 0, [Resp: #38]
    Version: 5
    Version (minor): 0
    Packet type: Request (0)
    Packet Flags: 0x03
        0... .... = Object: Not set
        .0.. .... = Maybe: Not set
        ..0. .... = Did Not Execute: Not set
        ...0 .... = Multiplex: Not set
        .... 0... = Reserved: Not set
        .... .0.. = Cancel Pending: Not set
        .... ..1. = Last Frag: Set
        .... ...1 = First Frag: Set
    Data Representation: 10000000 (Order: Little-endian, Char: ASCII, Float: IEEE)
        Byte order: Little-endian (1)
        Character: ASCII (0)
        Floating-point: IEEE (0)
    Frag Length: 88
    Auth Length: 0
    Call ID: 2
    Alloc hint: 0
    Context ID: 0
    Opnum: 15
    [Response in frame: 38]
    Complete stub data (64 bytes)
        Payload stub data (64 bytes)
Server Service, NetShareEnumAll
    Operation: NetShareEnumAll (15)
    [Response in frame: 38]
    Pointer to Server Unc (uint16): \\gateway
        Referent ID: 0x00020000
        Max Count: 10
        Offset: 0
        Actual Count: 10
        Server Unc: \\gateway
    Pointer to Info Ctr (srvsvc_NetShareInfoCtr)
        Info Ctr
            Level: 1
            srvsvc_NetShareCtr
                Ctr
                Pointer to Ctr1 (srvsvc_NetShareCtr1)
                    Referent ID: 0x00020004
                    Ctr1
                        Count: 0
                        NULL Pointer: Pointer to Array (srvsvc_NetShareInfo1)
    Max Buffer: 4294967295
    NULL Pointer: Pointer to Resume Handle (uint32)

SMB2 (Server Message Block Protocol version 2)
    SMB2 Header
        ProtocolId: 0xfe534d42
        Header Length: 64
        Credit Charge: 1
        NT Status: STATUS_SUCCESS (0x00000000)
        Command: Ioctl (11)
        Credits granted: 1
        Flags: 0x00000001, Response
            .... .... .... .... .... .... .... ...1 = Response: This is a RESPONSE
            .... .... .... .... .... .... .... ..0. = Async command: This is a SYNC command
            .... .... .... .... .... .... .... .0.. = Chained: This pdu is NOT a chained command
            .... .... .... .... .... .... .... 0... = Signing: This pdu is NOT signed
            .... .... .... .... .... .... .000 .... = Priority: This pdu does NOT contain a PRIORITY
            ...0 .... .... .... .... .... .... .... = DFS operation: This is a normal operation
            ..0. .... .... .... .... .... .... .... = Replay operation: This is NOT a replay operation
        Chain Offset: 0x00000000
        Message ID: 8
        Reserved: 0x00000000
        Tree Id: 0x00000002  \\gateway\IPC$
            [Tree: \\gateway\IPC$]
            [Share Type: Named pipe (0x02)]
            [Connected in Frame: 26]
        Session Id: 0x0000000000000001 Acct:GUEST Domain: Host:Stratos_E96396
            [Account: GUEST]
            [Domain: ]
            [Host: Stratos_E96396]
            [Authenticated in Frame: 18]
        Signature: 00000000000000000000000000000000
        [Response to: 36]
        [Time from request: 0.000931000 seconds]
    Ioctl Response (0x0b)
        StructureSize: 0x0031
            0000 0000 0011 000. = Fixed Part Length: 24
            .... .... .... ...1 = Dynamic Part: True
        Reserved: 0000
        Function: FSCTL_PIPE_TRANSCEIVE (0x0011c017)
            0000 0000 0001 0001 .... .... .... .... = Device: NAMED_PIPE (0x0011)
            .... .... .... .... 11.. .... .... .... = Access: FILE_READ_WRITE_ACCESS (0x3)
            .... .... .... .... ..00 0000 0001 01.. = Function: 0x005
            .... .... .... .... .... .... .... ..11 = Method: METHOD_NEITHER (0x3)
        GUID handle File: srvsvc
            File Id: 00000000-0000-0000-0000-000000000000
        Flags: 0x00000000
        Reserved: 00000000
        Blob Offset: 0x00000070
        Blob Length: 0
        In Data: NO DATA
        Blob Offset: 0x00000070
        Blob Length: 116
        Out Data
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 116, Call: 2, Ctx: 0, [Req: #36]
    Version: 5
    Version (minor): 0
    Packet type: Response (2)
    Packet Flags: 0x03
        0... .... = Object: Not set
        .0.. .... = Maybe: Not set
        ..0. .... = Did Not Execute: Not set
        ...0 .... = Multiplex: Not set
        .... 0... = Reserved: Not set
        .... .0.. = Cancel Pending: Not set
        .... ..1. = Last Frag: Set
        .... ...1 = First Frag: Set
    Data Representation: 10000000 (Order: Little-endian, Char: ASCII, Float: IEEE)
        Byte order: Little-endian (1)
        Character: ASCII (0)
        Floating-point: IEEE (0)
    Frag Length: 116
    Auth Length: 0
    Call ID: 2
    Alloc hint: 116
    Context ID: 0
    Cancel count: 0
    [Opnum: 15]
    [Request in frame: 36]
    [Time from request: 0.000931000 seconds]
    Complete stub data (92 bytes)
        Payload stub data (92 bytes)
Server Service, NetShareEnumAll
    Operation: NetShareEnumAll (15)
    [Request in frame: 36]
    Pointer to Info Ctr (srvsvc_NetShareInfoCtr)
        Info Ctr
            Level: 1
            srvsvc_NetShareCtr
                Ctr
                Pointer to Ctr1 (srvsvc_NetShareCtr1)
                    Referent ID: 0x00000001
                    Ctr1
                        Count: 1
                        Pointer to Array (srvsvc_NetShareInfo1)
                            Referent ID: 0x00000001
                            Max Count: 1
                            Array
                                Pointer to Name (uint16): media
                                    Referent ID: 0x00000001
                                    Max Count: 6
                                    Offset: 0
                                    Actual Count: 6
                                    Name: media
                                Type: STYPE_DISKTREE (0x00000000)
                                Pointer to Comment (uint16): 
                                    Referent ID: 0x00000002
                                    Max Count: 1
                                    Offset: 0
                                    Actual Count: 1
                                    Comment: 
    Pointer to Totalentries (uint32)
        Totalentries: 1
    Pointer to Resume Handle (uint32)
        Referent ID: 0x00000003
        Resume Handle: 0
    Windows Error: WERR_OK (0x00000000)

Apparently the way the vendor fixed it (in v7.17.2) now requires to specify both the address of the share as well as its name in Infuse.

Specifying just the address does not work with Infuse: you get the connection error. But it does work with macOS’s Finder: you get a list of shares. I was told that this is how their SMB server is going behave from now on.

Is there a reason why Infuse’s SMB client fails to get the list of shares from RouterOS’s SMB server?

The SMB implementation in their new update still includes a number of bugs, but the changes available in today’s 8.1.2 update should allow Infuse to successfully connect to this device using SMB.

Thank you!

Hope you sent your findings to their support at https://help.mikrotik.com

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.