AIQUM intermittently reports cluster not reachable while using AD user authentication
Applies to
- ActiveIQ Unified Manager (AIQUM) 9.6+
- ONTAP 9
- Kerberos authentication
Issue
- AIQUM triggers alerts as:
The cluster <cluster_name> is not reachable. Username or password has changed. Edit the cluster and enter valid username and password
- The alerts are intermittent in nature
- Upon checking on the cluster, the credentials appears are correct
- Additionally, the same issue is visible for the NFS shares accessed by AD credentials from the same cluster
- ONTAP event logs show:
ERROR secd.cifsAuth.problem: vserver (ant-ntap-clu28-ads) General CIFS authentication problem. Error: Ontap admin cifs authentication basic procedure failed
[ 36 ms] Successfully connected to ip <share_IP>, port 88 using TCP
[ 93] Successfully connected to ip <share_IP>, port 88 using TCP
[ 116] Unknown error: 39756032
[ 117] Kerberos authentication failed. Trying NTLM
[ 117] Login attempt by domain user '<domain\user>' using NTLMv2 style security
[ 134] Successfully connected to ip <share_IP>, port 445 using TCP
[ 170] Successfully connected to ip <share_IP>, port 88 using TCP
[ 209] Unknown error: 39756032
[ 209] Kerberos authentication failed with result: 7556.
[ 209] Unable to connect to NetLogon service on <share_name_with_domain> (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)
[ 209] No servers available for MS_NETLOGON, vserver: 3, domain: <domain_name>.
**[ 209] FAILURE: Unable to make a connection (NetLogon:<domain_name> result: 6940