SMB2 Tree Connect Error

The purpose of SMB2 Tree Connect is to let a client attach to a specific share (resource) on the server after it has already authenticated the user session.

Where Tree Connect Fits in the SMB2 Workflow

NEGOTIATE → client and server agree on SMB version/features.

SESSION_SETUP → client authenticates (user login).

TREE_CONNECT → client connects to a share (like \\server\share).

CREATE / READ / WRITE → client performs file operations inside that share.

So, Tree Connect is the step between login and file access.

What Tree Connect Does

Maps a UNC path (\\Server\Share) into a Tree ID (TID).

Every successful Tree Connect response returns a smb2.tree (Tree ID).

This Tree ID is used in all subsequent operations (CREATE, READ, WRITE) so the server knows which share the client is talking about.

Checks access rights to the share.

Example: user might be authenticated but still blocked from a specific share.

Verifies the share exists and is accessible (disk, printer, named pipe, etc.).

� Common Outcomes (smb2.nt_status)

STATUS_SUCCESS → Successfully connected to the share.

STATUS_ACCESS_DENIED → User is logged in but not allowed to access that share.

STATUS_BAD_NETWORK_NAME → The share name does not exist.

STATUS_NETWORK_ACCESS_DENIED → Network-level restriction.

� Example

User logs in with valid credentials.

Client sends TREE_CONNECT request for \\fileserver\HRDocs.

Server checks permissions and responds:

If OK → gives Tree ID 0x05.

If not → returns ACCESS_DENIED.

Later, when client sends a CREATE (open file) request, it includes Tree ID = 0x05 so the server knows it applies to the HRDocs share.

SMB2 Session Workflow (Packet Flow)

Client -------------------- Server

| |

| 1. NEGOTIATE | (choose SMB dialect/version, capabilities)

|------------------------->|

|<-------------------------|

| NEGOTIATE Response |

| |

| 2. SESSION_SETUP | (authenticate user: NTLM, Kerberos, etc.)

|------------------------->|

|<-------------------------|

| SESSION_SETUP Resp |

| (user authenticated) |

| |

| 3. TREE_CONNECT | (connect to \\Server\Share)

|------------------------->|

|<-------------------------|

| TREE_CONNECT Resp |

| (Tree ID assigned) |

| |

| 4. CREATE | (open file/directory inside share)

|------------------------->|

|<-------------------------|

| CREATE Response |

| (File Handle given) |

| |

| 5. READ / WRITE / etc. | (normal file I/O using Tree ID + File Handle)

|<------------------------>|

| |

� Key Points

NEGOTIATE: Client and server agree on SMB dialect (e.g., SMB2.1, SMB3.0).

SESSION_SETUP: User logs in, session is created.

TREE_CONNECT: Client maps a UNC path (\\server\share) to a Tree ID.

CREATE: Client opens a file within that share, server returns a File ID.

READ/WRITE: File operations reference both Tree ID (share) and File ID (file handle).