Skip to main content
NetApp Knowledge Base

Search

  • Filter results by:
    • View attachments
    Searching in
    About 12 results
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/High_CPU_utilization_due_SecD_memory_issue
      High hostOS CPU is coming from SecD load Thu Nov 19 20:37:06 CET [Node-01: secd: secd.rpc.server.request.dropped:debug]: The RPC secd_rpc_auth_user_id_to_unix_ext_creds sent from NBLADE_NFS was droppe...High hostOS CPU is coming from SecD load Thu Nov 19 20:37:06 CET [Node-01: secd: secd.rpc.server.request.dropped:debug]: The RPC secd_rpc_auth_user_id_to_unix_ext_creds sent from NBLADE_NFS was dropped by SecD due to memory pressure. 00000023.3d2753ed 03357f70 Mon Nov 23 2020 00:17:48 +01:00 [kern_secd:info:14174] [SECD MASTER THREAD] SecD RPC Server:Too many outstanding Generic RPC requests: sending System Error to RPC 217:secd_rpc_auth_user_id_to_unix_ext_creds Request ID:16082.
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Show-creds_does_not_reflect_adding_Windows_user_to_BUILTIN_Administrators_group
      Applies to ONTAP 9 CIFS Issue After adding a user or group to BUILTIN\Administrators (or another local Windows group), subsequent show-creds commands run against the same user do not reflect the chang...Applies to ONTAP 9 CIFS Issue After adding a user or group to BUILTIN\Administrators (or another local Windows group), subsequent show-creds commands run against the same user do not reflect the change. Running show-creds against the same user on another node shows the correct group membership.
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Vserver_could_not_make_a_connection_to_an_outside_server_with_error__Connection_refused
      Vserver could not make a connection to an outside server with the error Connection refused in the EMS log. Wed Jun 09 15:00:07 CST [node2: secd: secd.conn.auth.failure:error]: Vserver (SVM2) could not...Vserver could not make a connection to an outside server with the error Connection refused in the EMS log. Wed Jun 09 15:00:07 CST [node2: secd: secd.conn.auth.failure:error]: Vserver (SVM2) could not make a connection over the network to server (ip xx.xx.xx.xx, port 389) via interface xx.xx.xx.xx. Error: Connection refused. Wed Jun 09 15:00:09 CST [node2: secd: secd.ldap.query.timed.out:error]: Vserver 'SVM2': LDAP server xx.xx.xx.xx did not respond to query within timeout (2 seconds) interval.
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/How_to_use_file-directory_show_and_show-creds_to_check_for_permissions
      Applies to ONTAP 9 CIFS Description Use the ONTAP CLI commands to review file level permissions for permissions troubleshooting
    • https://kb.netapp.com/on-prem/ontap/Perf/Perf-KBs/High_HostOS_CPU_utilization_due_to_problems_with_secd
      Applies to Clustered Data ONTAP 8.3 ONTAP 9 Issue Sudden or gradual increase in CPU utilization Unexplained and prolonged spikes in CPU utilization Running sysstat -M shows utilization in HostOS domai...Applies to Clustered Data ONTAP 8.3 ONTAP 9 Issue Sudden or gradual increase in CPU utilization Unexplained and prolonged spikes in CPU utilization Running sysstat -M shows utilization in HostOS domain compared to other domains On each of the affected nodes, running set diag -c off; systemshell -node nodename ps aux, confirms secd is the top consumer of HostOS resources. Higher than expected NAS Protocol latency Authentication request timeouts may be present
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Unable_to_map_Unix_to_Windows_user__secd_nfsAuth_noNameMap
      ONTAP is unable to map a Unix user (via NFS) to a Windows user for NTFS permission authorization Error: Get user credentials procedure failed [     7] Mapping an unknown UID to default windows user\n ...ONTAP is unable to map a Unix user (via NFS) to a Windows user for NTFS permission authorization Error: Get user credentials procedure failed [     7] Mapping an unknown UID to default windows user\n [     7] Unable to map '<uid>'. No default Windows user defined.\n**[     7] FAILURE: Name mapping for UNIX user '<uid>' failed. ERR : Name mapping for UNIX user 'UID' failed. ERR : User ID '<uid>' not found in UNIX authorization source LDAP.
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/PTR_with_invalid_IP_causes_secd_conn_auth_failure_notice_or_secd_ldap_noServers_EMERGENCY_errors_in_ONTAP_9
      Errors in the EMS logs: secd.conn.auth.failure:notice or secd.ldap.noServers:EMERGENCY secd: secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver <VServer Name> are currentl...Errors in the EMS logs: secd.conn.auth.failure:notice or secd.ldap.noServers:EMERGENCY secd: secd.ldap.noServers:EMERGENCY]: None of the LDAP servers configured for Vserver <VServer Name> are currently accessible via the network FAILURE: Unable to SASL bind to LDAP server using GSSAPI: Local error Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com (Error: Local error)
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/StorageX_migration_floods_secd
      For example: 8 cpu core server, which equates to 128 threads, migrating very small files, and if each file owner is unique, this can result in ONTAP doing a lot of credential lookup work in a short am...For example: 8 cpu core server, which equates to 128 threads, migrating very small files, and if each file owner is unique, this can result in ONTAP doing a lot of credential lookup work in a short amount of time. MaxDirectoryEnumerationThreads (REG_DWORD): default is 0 (or not defined) which means calculate the max number of threads based on the count of CPUs in the current system.
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/SECD_encounters_a_panic_when_using_Secure_LDAP_(LDAPS)
      Applies to ONTAP 9.5+ Issue SECD encounters a panic when using LDAPS with the following error in EMS: Fri Aug 21 05:09:16 PDT [nodename: secd: ucore.panicString:error]: 'secd: Received SIGSEGV (Signal...Applies to ONTAP 9.5+ Issue SECD encounters a panic when using LDAPS with the following error in EMS: Fri Aug 21 05:09:16 PDT [nodename: secd: ucore.panicString:error]: 'secd: Received SIGSEGV (Signal 11) at RIP 0x806d86ec4 accessing address 0x10 (pid 67823, uid 0, timestamp 1566367572)' Fri Aug 21 05:09:16 PDT [nodename: spmd: spm.secd.process.exit:EMERGENCY]: Security daemon with ID 67823 exited as a result of signal signal 11. The service will attempt to restart.
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/What_can_cause_the_secd_failure__Error__Lookup_of_CIFS_account_name_procedure_failed
      [kern_secd:info:9738] Error: Lookup of CIFS account name procedure failed The same messages are reported, when a reference is made to a non-existing AD Domain account. Error: command failed: Failed to...[kern_secd:info:9738] Error: Lookup of CIFS account name procedure failed The same messages are reported, when a reference is made to a non-existing AD Domain account. Error: command failed: Failed to resolve name "PIM-ROOT-DOMAIN\domain-user8". [kern_secd:info:9817] Error: Lookup of CIFS account name procedure failed [kern_secd:info:9817] **[    18] FAILURE: Unexpected state: Error 6909 at file:src/utils/secd_cifs_utils.cpp func:lookupName line:422
    • https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/Error_found_in_SecD_logs_every_four_hours_DNS_server_failed_to_look_up_service_ldap._tcp.domain
      [Node-01: secd: secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.domain) for vserver (SVM1) with error (No server(s) found). [Node-01: secd: secd.dns.srv.lookup.fail...[Node-01: secd: secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.domain) for vserver (SVM1) with error (No server(s) found). [Node-01: secd: secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.dc._msdcs.domain) for vserver (SVM1) with error (No server(s) found). This may also occur when initially creating a CIFS server (either via the System Manager GUI or with the cifs create command in the CLI)