Witness protocol connection fails if the client does not use NTLMv2

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 78

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: cifs

Last Updated:

Applies to

Clustered Data ONTAP 8
ONTAP 9

Issue

When configuring a Continuously Available (CA) share to be used in Hyper-V deployment, the witness protocol fails and Windows generates the following event log entry:
Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds". While connecting to a CA share from a Windows Server 2012 R2 client, the user can map the share successfully and create / view files; however, the SMB 3.0 Witness Protocol fails.

In the Windows 'SMBWitnessClient' Event Log, the following errors are displayed:
Log Name: WitnessClientAdmin

Source: Microsoft-Windows-SMBWitnessClient

Date: 12/25/2016 8:18:41 PM

Event ID: 6

Task Category: None

Level: Critical

Keywords:

User: NETWORK SERVICE

Computer:

c1slic01.ccp1.gene.com

Description:

Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds.

The following is displayed in the secd log:
0000000d.000f55bf 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] .------------------------------------------------------------------------------. 0000000d.000f55c0 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | RPC FAILURE: | 0000000d.000f55c1 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | secd_rpc_auth_msrpc has failed | 0000000d.000f55c2 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | Result = 0, RPC Result = 2147483651 | 0000000d.000f55c3 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] | RPC received at Sat Jan 7 17:12:51 2017 | 0000000d.000f55c4 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |------------------------------------------------------------------------------' 0000000d.000f55c5 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Failure Summary: 0000000d.000f55c6 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Error: MsRPC authentication procedure failed 0000000d.000f55c7 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 0 ms] Login attempt by domain user 'CCP1\C1SLIC01$' using NTLMv1 style security 0000000d.000f55c8 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 0] Successfully connected to 10.34.62.1:445 using TCP 0000000d.000f55c9 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 10] Successfully authenticated with DC ccp1sdc01.ccp1.gene.com 0000000d.000f55ca 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] [ 12] User authenticated as a domain user 0000000d.000f55cb 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] **[ 12] FAILURE: Error case not correctly journaled

In the packet trace capturing the Witness Protocol handshake, the absence of NTLMv2 is noted during client NTLMSSP_AUTH:

The following screenshot displays the response from SVM:

By comparison taken from a sample trace of a successful Witness Protocol handshake, NTLMv2 is clearly presented as follows: