CIFS inaccessible by some clients using DNS name after AD object password reset
Applies to
- Data ONTAP 7-Mode
- Microsoft Windows
- CIFS
Issue
- The 7-Mode Active Directory (AD) computer object password is reset and users are unable to connect to CIFS shares with generic network error "windows Cannot Access the specified device path, path, or file"
- "CIFS setup" is ran in Data ONTAP -Mode to re-synchronize the AD object password and this restores access, however some clients are still unable to connect using the DNS name
- All clients are able to access using the IP address
- All clients are able to ping the DNS name, which resolves to the correct IP address
- The Service Principle Names (SPN) and DNS configuration is validated
- No errors are seen in Windows Event Viewer or EMS in ONTAP
- Preferred Domain Controllers (DCs) are set in Data ONTAP 7-Mode and some DCs are rebooted
- Time is within 5 minutes on AD servers, clients, and the storage system (no time skew)
- A packet trace is collected to reveal clients receive "KRB5KRB_AP_ERR_MODIFIED" error on SMB session setup
- This may be accompanied by the following errors in EMS:
cifs.server.errorMsg:error]: CIFS: Error for server \<VSERVER>: CIFS Session Setup Error STATUS_MORE_PROCESSING_REQUIRED.
cifs.server.errorMsg:error]: CIFS: Error for server \<DC>: Response is incorrectly signed.