Skip to main content
NetApp Knowledge Base

CIFS inaccessible by some clients using DNS name after AD object password reset

Views:
99
Visibility:
Public
Votes:
0
Category:
data-ontap-7
Specialty:
cifs
Last Updated:

Applies to

  • Data ONTAP 7-Mode
  • Microsoft Windows
  • CIFS

Issue

  • The 7-Mode Active Directory (AD) computer object password is reset and users are unable to connect to CIFS shares with generic network error "windows Cannot Access the specified device path, path, or file"
  • "CIFS setup" is ran in Data ONTAP -Mode  to re-synchronize the AD object password and this restores access, however some clients are still unable to connect using the DNS name
  • All clients are able to access using the IP address
  • All clients are able to ping the DNS name, which resolves to the correct IP address
  • The Service Principle Names (SPN) and DNS configuration is validated
  • No errors are seen in Windows Event Viewer or EMS in ONTAP
  • Preferred Domain Controllers (DCs)  are set in Data ONTAP 7-Mode and some DCs are rebooted
  • Time is within 5 minutes on AD servers, clients, and the storage system (no time skew)
  • A packet trace is collected to reveal clients receive "KRB5KRB_AP_ERR_MODIFIED" error on SMB session setup
  • This may be accompanied by the following errors in EMS:
    • cifs.server.errorMsg:error]: CIFS: Error for server \<VSERVER>: CIFS Session Setup Error STATUS_MORE_PROCESSING_REQUIRED.
    • cifs.server.errorMsg:error]: CIFS: Error for server \<DC>: Response is incorrectly signed.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support