Skip to main content

NetApp wins prestigious Coveo Relevance Pinnacle Award. Learn more!

INSIGHT Japan :2023年 1月25日(水)ANAインターコンチネンタルホテル開催 へ参加・申込を行う

NetApp Knowledge Base

SVM fails to connect to DC when SMB3 Encryption is enabled on DC

Last Updated:

Applies to



  • SVM fails to connect to DC when SMB3 encryption is enabled on DC. 
  • Status of the DC shows "unavailable"  
::*> vserver cifs domain discovered-servers show
Node: CDOT-01
Vserver: test
Domain Name     Type     Preference DC-Name         DC-Address      Status
--------------- -------- ---------- --------------- --------------- ---------
naslab.local    KERBEROS favored    rodc     undetermined
naslab.local    KERBEROS preferred  win-aesid9bf636   undetermined
naslab.local    KERBEROS preferred  win-m2fcklun4l2   undetermined
naslab.local    MS-LDAP  favored    RODC     undetermined
naslab.local    MS-LDAP  preferred  win-aesid9bf636   undetermined
naslab.local    MS-LDAP  preferred  win-m2fcklun4l2   undetermined
naslab.local    MS-DC    favored    rodc     undetermined
naslab.local    MS-DC    preferred  win-aesid9bf636   OK
naslab.local    MS-DC    preferred  win-m2fcklun4l2   unavailable   <<<<<<<<<< SVM fails to connect.
  • With SECD tracing enabled SECD logs shows that DC failed the session setup request from SVM with "Access denied"( NT error 0xc0000022)
[kern_secd:info:8039] | [001.556.907]  info :  Successfully connected to ip, port 445 using TCP { in _connect() at src/connection_manager/secd_connection_shim.cpp:317 }
[kern_secd:info:8039] | [001.558.049]  debug:  NEGOTIATE RESPONSE: DC selected SMB2/3 dialect 0x210  { in Smb2ParseNegotiateResponse() at src/Smb2/Smb2Negotiate.cpp:211 }
[kern_secd:info:8039] | [001.558.055]  debug:  SIGNING: DC REQUIRES signing  { in Smb2ParseNegotiateResponse() at src/Smb2/Smb2Negotiate.cpp:216 }
[kern_secd:info:8039] | [001.560.847]  info :  [krb5 context 10EEC600] Creating authenticator for TEST123$@NASLAB.LOCAL -> cifs/win-m2fcklun4l2.naslab.local@, seqnum 62567361, subkey aes256-cts/3FC8, session key aes256-cts/32F1
[kern_secd:info:8039] | [001.565.821]  ERR  :  Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup  { in LogNtStatusCode() at src/Commands/Commands.cpp:448 }
[kern_secd:info:8039] | [001.565.834]  ERR  :  SMB2 response has NT error 0xc0000022  { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:313 }
[kern_secd:info:8039] | [001.565.847]  ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in Smb2ParseSessionSetupResponse() at src/Smb2/Smb2SessionSetup.cpp:184
[kern_secd:info:8039] | [001.565.854]  ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in Smb2SessionSetup() at src/Smb2/Smb2SessionSetup.cpp:275
[kern_secd:info:8039] | [001.565.861]  ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in LogOnUserExtBody() at src/Actions/ActionsONTAP.cpp:2468
[kern_secd:info:8039] | [001.567.323]  ERR  :  RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE:6942 in connectToDomainController() at src/connection_manager/secd_connection.cpp:246
[kern_secd:info:8039] | [001.567.333]  debug:  Connected but failed to authenticate with DC win-m2fcklun4l2.naslab.local  { in connectToDomainController() at src/connection_manager/secd_connection.cpp:262 }
  • DC has SMB3 encryption enabled
PS C:\Users\Administrator.NASLAB> Get-SmbServerConfiguration |findstr "EncryptData"
EncryptData                     : True


Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device