Skip to main content
NetApp Knowledge Base

CIFS password change fails silently leading to secd: secd.kerberos.preauth:error after Microsoft April 2022 Hotfixes

Views:
8,332
Visibility:
Public
Votes:
6
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • Active Directory
  • CVE-2021-42287

Issue

  • When the vserver cifs domain password schedule is enabled, it silently fails.
  • Event logs indicates below error

Sat Apr 16 03:00:00 +0800 [cluster1-01: secd: secd.kerberos.preauth:error]: Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm1).

  • CIFS client access fails with secd.log error KRB5KDC_ERR_PREAUTH_FAILED
  • The following commands fail as well:
    • vserver cifs domain password change
    • vserver cifs domain password schedule
    • vserver cifs security modify -is-aes-encryption-enabled

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.