Skip to main content
NetApp Knowledge Base

Witness protocol connection fails if the client does not use NTLMv2

Views:
139
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • Clustered Data ONTAP 8 
  • ONTAP 9 

Issue

When configuring a Continuously Available (CA) share to be used in Hyper-V deployment, the witness protocol fails and Windows generates the following event log entry:
Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds".  While connecting to a CA share from a Windows Server 2012 R2 client, the user can map the share successfully and create / view files; however, the SMB 3.0 Witness Protocol fails.

In the Windows 'SMBWitnessClient' Event Log, the following errors are displayed:
Log Name:      WitnessClientAdmin

Source:        Microsoft-Windows-SMBWitnessClient

Date:          12/25/2016 8:18:41 PM

Event ID:      6

Task Category: None

Level: Critical

Keywords:     

User:          NETWORK SERVICE

Computer:

   c1slic01.ccp1.gene.com

Description:

Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds.

The following is displayed in the secd log:
0000000d.000f55bf 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] .------------------------------------------------------------------------------.
0000000d.000f55c0 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                                 RPC FAILURE:                                 |
0000000d.000f55c1 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                        secd_rpc_auth_msrpc has failed                        |
0000000d.000f55c2 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                     Result = 0, RPC Result = 2147483651                      |
0000000d.000f55c3 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                   RPC received at Sat Jan  7 17:12:51 2017                   |
0000000d.000f55c4 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |------------------------------------------------------------------------------'
0000000d.000f55c5 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Failure Summary:
0000000d.000f55c6 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Error: MsRPC authentication procedure failed
0000000d.000f55c7 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [  0 ms] Login attempt by domain user 'CCP1\C1SLIC01$' using NTLMv1 style security
0000000d.000f55c8 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [     0] Successfully connected to 10.34.62.1:445 using TCP
0000000d.000f55c9 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [    10] Successfully authenticated with DC ccp1sdc01.ccp1.gene.com
0000000d.000f55ca 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [    12] User authenticated as a domain user
0000000d.000f55cb 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] **[    12] FAILURE: Error case not correctly journaled

In the packet trace capturing the Witness Protocol handshake, the absence of NTLMv2 is noted during client NTLMSSP_AUTH:


1071123-1.png

The following screenshot displays the response from SVM:

1071123-2.png

By comparison taken from a sample trace of a successful Witness Protocol handshake, NTLMv2 is clearly presented as follows:


1071123-3.png
 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device