CIFS password change fails silently leading to secd: secd.kerberos.preauth:error after Microsoft April 2022 Hotfixes
Applies to
- ONTAP 9
- CIFS
- Active Directory
- CVE-2021-42287
Issue
- When the
vserver cifs domain password schedule
is enabled, it silently fails. - Event logs indicates below error
Sat Apr 16 03:00:00 +0800 [cluster1-01: secd: secd.kerberos.preauth:error]: Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm1).
- CIFS client access fails with
secd.log
errorKRB5KDC_ERR_PREAUTH_FAILED
- The following commands fail as well:
vserver cifs domain password change
vserver cifs domain password schedule
vserver cifs security modify -is-aes-encryption-enabled