Witness protocol connection fails if the client does not use NTLMv2
Applies to
- Clustered Data ONTAP 8
- ONTAP 9
Issue
When configuring a Continuously Available (CA) share to be used in Hyper-V deployment, the witness protocol fails and Windows generates the following event log entry:
Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds
".
While connecting to a CA share from a Windows Server 2012 R2 client, the user can map the share successfully and create / view files; however, the SMB 3.0 Witness Protocol fails.
In the Windows 'SMBWitnessClient' Event Log, the following errors are displayed:
Log Name: WitnessClientAdmin
Source: Microsoft-Windows-SMBWitnessClient
Date: 12/25/2016 8:18:41 PM
Event ID: 6
Task Category: None
Level: Critical
Keywords:
User: NETWORK SERVICE
Computer:
c1slic01.ccp1.gene.com
Description:
Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds.
The following is displayed in the secd log:
0000000d.000f55bf 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] .------------------------------------------------------------------------------.
0000000d.000f55c0 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | RPC FAILURE: |
0000000d.000f55c1 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | secd_rpc_auth_msrpc has failed |
0000000d.000f55c2 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | Result = 0, RPC Result = 2147483651 |
0000000d.000f55c3 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | RPC received at Sat Jan 7 17:12:51 2017 |
0000000d.000f55c4 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |------------------------------------------------------------------------------'
0000000d.000f55c5 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Failure Summary:
0000000d.000f55c6 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Error: MsRPC authentication procedure failed
0000000d.000f55c7 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 0 ms] Login attempt by domain user 'CCP1\C1SLIC01$' using NTLMv1 style security
0000000d.000f55c8 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 0] Successfully connected to 10.34.62.1:445 using TCP
0000000d.000f55c9 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 10] Successfully authenticated with DC ccp1sdc01.ccp1.gene.com
0000000d.000f55ca 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 12] User authenticated as a domain user
0000000d.000f55cb 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] **[ 12] FAILURE: Error case not correctly journaled
In the packet trace capturing the Witness Protocol handshake, the absence of NTLMv2 is noted during client NTLMSSP_AUTH:
The following screenshot displays the response from SVM:
By comparison taken from a sample trace of a successful Witness Protocol handshake, NTLMv2 is clearly presented as follows: