Failed to create the Active Directory machine account Reason: Socket receive error when SMB1 is disabled in AD on ONTAP 9

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 8,105

Visibility:: Public

Votes:: 5

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
cifs create

Issue

When attempting to create a CIFS vserver within ONTAP, the following error is observed:
- Cluster output

Cluster1::> vserver cifs create -vserver SMV1 -cifs-server SVM1 -domain company.com In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the "company.net" domain. Enter the user name: win_user Enter the password:***

Three Errors have been noted for this issue:

Machine account creation procedure failed [ 153] Loaded the preliminary configuration. [ 185] Created a machine account in the domain [ 188] Successfully connected to 10.0.0.1:445 using TCP [ 189] to connect to LSA service on SVM1.company.com (: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR) [ 191] Successfully connected to 10.0.0.1:445 using TCP [ 193] to connect to LSA service on SVM1.company.com (: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR) [ 193] No servers available for MS_LSA, vserver: 5, domain: company.com.** [ 193] : to make a connection** (LSA:COMPANY.COM), result: 6940 [ 193] Could not find Windows SID 'S-1-5-21-2755096389-2719828064-xxxxxxx-512' [ 197] Deleted existing account 'CN=svm1,CN=Computers,DC=company,DC=com': command failed: Failed to create the Active Directory machine account "SVM1". Reason: SecD : no server available.

Error: Machine account creation procedure failed [ 85] Loaded the preliminary configuration. [ 130] Created a machine account in the domain [ 131] SID to name translations of Domain Users and Admins completed successfully [ 134] Successfully connected to ip 10.0.0.1, port 88 using TCP [ 137] Successfully connected to ip 10.0.0.1, port 464 using TCP [ 163] Kerberos password set for 'SVM1.company.LOCAL' succeeded [ 163] Set initial account password [ 171] Successfully connected to ip 10.0.0.1, port 445 using TCP [ 172] Unable to connect to NetLogon service on SVM1.company.local (Error: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR) **[ 172] FAILURE: Unable to make a connection ** (NetLogon:COMPANY.LOCAL), result: 6754 [ 172] Unable to make a NetLogon connection to SMV1.company.local using the new machine account [ 202] Deleted existing account 'CN=SVM1,CN=Computers,DC=company,DC=local' Error: command failed: Failed to create the Active Directory machine account "SVM1". Reason: Socket receive error. Cause.

secd.conn.auth.failure: Vserver (na06) could not make a connection over the network to server (10.2.251.198) via interface 10.1.251.77. Error: Connection reset by peer. Failure Summary: Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 10.1.191.54 [ 0 ms] Login attempt by domain user 'OFFICE01\Administrator' using NTLMv1 style security [ 1] Successfully connected to ip 10.2.251.198, port 445 using TCP [ 2] Unable to connect to NetLogon service on server.com. (Error: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR) [ 5] Successfully connected to ip 10.1.251.195, port 445 using TCP [ 15] Successfully authenticated with DC server.com [ 18] Authentication failed with DC VISAD5. Not retriable. (Status: 0xc0000064) [ 18] Login attempt by local user 'OFFICE01\Administrator' using NTLMv1 style security **[ 18] FAILURE: CIFS authentication failed