PTR with invalid IP causes secd.conn.auth.failure:notice or secd.ldap.noServers:EMERGENCY errors in ONTAP 9
Applies to
ONTAP 9
Issue
- LDAP servers secured with LDAP Signing and/or Sealing
- Errors in the EMS logs:
secd.conn.auth.failure:notice
orsecd.ldap.noServers:EMERGENCY
- Site Discovery:
- EMS:
secd: secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver <VServer Name> are currently accessible via the network
- SECD:
[auth_secd:notice] GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
- GPO Processing:
SECD
.------------------------------------------------------------------------------.
RPC FAILURE:
secd_rpc_gpo_get_list has failed
Result = 0, RPC Result = 6940
RPC received at Thu Feb 13 09:51:42 2020
------------------------------------------------------------------------------'
FAILURE: Unable to SASL bind to LDAP server using GSSAPI: Local error
Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)
Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com (Error: Local error)
No servers available for MS_LDAP_AD, vserver: 3, domain: demo.netapp.com.
Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 6940
- Details for this error state SPN (ldap/gc.demo.netapp.com) is incorrect (dc1.demo.netapp.com:
info : [krb5 context 0991DC00] ccselect can't find appropriate cache for server principal ldap/gc.demo.netapp.com@
Note: In packet traces TGS-REQ returns error KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN