Skip to main content
NetApp Knowledgebase

AES Encryption enabled leads to intermitent loss of share access

Applies to

  • Windows 7, Windows 2008 R2,
  • Windows 8, Windows 2012,
  • Windows 8.1, Windows 2012 R2
  • Clustered Data ONTAP 8.3 to 8.3.2P3

Issue

Some client workstations might encounter intermittent CIFS share disruptions(loss of access) that can take up to two minutes. The disruptions (loss of access) will occur on a 4H time interval and might take up to two minutes until access is restored.

This issue will occur on clustered Data ONTAP systems with versions earlier than 8.3.2.P4, and ONTAP 9.0.

Few clients might notice the following Kerberos error: 

KRB5KDC_ERR_PREAUTH_FAILED ( CIFS server account password does not match password stored in Active Directory)

In the EMS messages, the following error message is reported:

Wed Jul 13 03:39:05 CEST [cdot-cls-1-01: secd: secd.kerberos.preauth:error]:
Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm1).
Wed Jul 13 03:39:05 CEST [cdot-cls-1-01: secd: secd.unexpectedFailure:debug]:
vserver (svm1) Unexpected failure. Error: CIFS server password change procedure failed

    [ 2 ms] Successfully connected to 172.30.0.13:88 using TCP
    [ 3] Successfully connected to 172.30.0.13:88 using TCP
    [ 9] FAILURE: CIFS server could not authenticate as 'User_Name$@Domain.NET':
    CIFS server account password does not match password stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support