0xC0000022

NTSTATUS: 0xC0000022

This appears to be due to the encryption settings on the DC. The DC is set to require SMB encryption and reject un-encrypted SMB sessions. If it only supports up to SMB2 on our SMB client (server supports SMB3 and encryption), which means we can't use SMB encryption as it's only available in SMB3. This results in the DC rejecting our session creation attempt with STATUS_ACCESS_DENIED.

https://learn.microsoft.com/en-us/archive/blogs/openspecification/encryption-in-smb3

Example

PS C:\Users\> Get-SmbServerConfiguration

AnnounceComment :

AnnounceServer : False

AsynchronousCredits : 64

AuditClientCertificateAccess : False

AuditSmb1Access : False

AutoDisconnectTimeout : 15

AutoShareServer : True

AutoShareWorkstation : True

CachedOpenLimit : 10

DisableCompression : False

DisableSmbEncryptionOnSecureConnection : True

DurableHandleV2TimeoutInSeconds : 180

EnableAuthenticateUserSharing : False

EnableDownlevelTimewarp : False

EnableForcedLogoff : True

EnableLeasing : True

EnableMultiChannel : True

EnableOplocks : True

EnableSecuritySignature : False

EnableSMB1Protocol : False

EnableSMB2Protocol : True

EnableSMBQUIC : True

EnableStrictNameChecking : True

EncryptData : True <--- EncryptData set to False

EncryptionCiphers : AES_128_GCM, AES_128_CCM, AES_256_GCM, AES_256_CCM

IrpStackSize : 15

KeepAliveTime : 2

MaxChannelPerSession : 32

MaxMpxCount : 50

MaxSessionPerConnection : 16384

MaxThreadsPerQueue : 20

MaxWorkItems : 1

NullSessionPipes :

NullSessionShares :

OplockBreakWait : 35

PendingClientTimeoutInSeconds : 120

RejectUnencryptedAccess : True <----RejectUnencryptedAccess set to True