Skip to main content
NetApp Knowledge Base

Vserver fails to join domain controller due to machine account creation procedure failed

Views:
316
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • CIFS/SMB
  • Windows Domain Controllers

Issue

  1. Vserver fails to join domain controller.
  2. Controller disappears "Machine account creation procedure failed" in EMS log:
[?] Tue Mar 08 10:25:36 +0800 [Node_A: secd: secd.unexpectedFailure:debug]: vserver (SVM01) Unexpected failure. Error: Machine account creation procedure failed
[ 2217] Loaded the preliminary configuration.
[ 7367] Created a machine account in the domain
[ 7470] SID to name translations of Domain Users and Admins completed successfully
[ 7471] Successfully connected to ip 10.10.xx.xx, port 88 using TCP
[ 7475] Successfully connected to ip 10.10.xx.xx, port 464 using TCP
[ 9478] Successfully connected to ip 10.10.xx.xx, port 464 using TCP
[ 10482] Successfully connected to ip 10.21.xx.xx, port 464 using TCP
[ 10501] Kerberos password set for 'SVM01$@domain.COM' succeeded
[ 10501] Set initial account password
[ 10514] Successfully connected to ip 10.10.xx.xx, port 445 using TCP
[ 14525] Successfully connected to ip 10.10.xx.xx, port 88 using TCP
[ 15535] CIFS server account password does not match password stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)
[ 15536] Failed to initiate Kerberos authentication. Trying NTLM.
[ 15538] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup
[ 15543] Encountered NT error (NT_STATUS_AUTH_LOGON_FAILURE) for SMB command SessionSetup
[ 19553] Successfully connected to ip 10.10.xx.xx, port 88 using TCP
[ 20561] CIFS server account password does not match password stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)
[ 20561] Failed to initiate Kerberos authentication. Trying NTLM.
[ 20561] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup
[ 20565] Encountered NT error (NT_STATUS_AUTH_LOGON_FAILURE) for SMB command SessionSetup
[ 20566] Unable to connect to NetLogon service on tpdc1.domain.com (Error: RESULT_ERROR_GENERAL_FAILURE) **
[ 20566] FAILURE: Unable to make a connection (NetLogon:domain.COM), result: 3
[ 20566] Unable to make a NetLogon connection to tpdc1.domain.com using the new mach...[Please refer to secd log for more detail!]
 
Notes: Even if the EMS log shows that port: 464 is reachable, still check the Firewall configuration again.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device

 

  • Was this article helpful?