BlueXP Classification scan and delete policy unable to delete files on ONTAP shares
Applies to
- BlueXP Classification (also known as Data Sense)
- ONTAP 9
- Active Directory (AD)
Issue
- Data Sense is unable to run policy to scan and delete files on mapped ONTAP shares. Error in BlueXP Classification Configuration tab:
"The CIFS credentials that you provided don't have sufficient permissions. Provide different credentials or modify the Active Directory permissions. "
- Error in ONTAP EMS log:
[cluster-01: secd: secd.conn.auth.failure:debug]: Vserver (svm_name) could not make a connection over the network to server (ip 10.x.x.x, port 389). Error: Operation timed out ().
- CLI command to check the effective permissions on the target ONTAP share using the domain user fails with error:
cluster01::> file-directory show-effective-permissions -vserver <svm_name> -win-user-name "<domain\user>" -path <share_name>
(vserver security file-directory show-effective-permissions)
Error: Lookup of CIFS account name procedure failed
[ 0 ms] No servers available for MS_LSA, vserver: 4, domain:
hmt.local.
[ 2017] TCP connection to ip 10.X.X.X, port 389 failed: Operation timed out.
[ 6057] Could not find Windows name 'domain\user'
[ 6057] CIFS name lookup failed
Error: show failed: Failed to convert Windows name to SID. Reason: "SecD Error: no server available".