After LIF failover, CIFS outage with EMS logging secd.cifsAuth.problem because LIF cannot reach name services

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 82

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
routing
LIF failover group/policy
broadcast domain
CIFS/SMB

Issue

After LIF failover (e.g. ONTAP upgrade) CIFS clients cannot access data via either \\hostname or \\ip
ActiveIQ detects Risk Signature: 2226
- Risk: All ports in a broadcast domain should be on the same layer 2 network.
- Details: Broadcast domains(s) "<name>" contains port from multiple vlans.
LIF is in broadcast domain that contains multiple VLANs
- ::> network port broadcast-domain show -broadcast-domain Storage IPspace Broadcast Update Name Domain Name MTU Port List Status Details ------- ----------- ------ ----------------------------- -------------- Default Storage 1500 cm8080-rtp-04:a0d complete cm8080-rtp-02:a0d complete cm8080-rtp-02:e0i-40 complete cm8080-rtp-03:a0d complete cm8080-rtp-01:a0d complete cm8080-rtp-01:e0i-40 complete
LIF is in failover group that contains failover targets that are from multiple VLANs
- ::> net int show -failover -vserver svm1 (network interface show) Logical Home Failover Failover Vserver Interface Node:Port Policy Group -------- --------------- --------------------- --------------- --------------- svm1 LIF_A node-02:a0a Default Default Failover Targets: node-02:a0a, node-02:a0a-453, node-02:a0a-700, node-02:e0M, node-01:a0a, node-01:a0a-453, node-01:a0a-700, node-01:e0M
EMS contains
- [?] Tue Jul 01 11:40:15 +0530 [node-01: secd: secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.dc._msdcs.apac.contoso.com) for vserver (svm1) with error (Connection refused).
- [?] Tue Jul 01 11:40:15 +0530 [node-01: secd: secd.cifsAuth.problem:error]: vserver (svm1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = x.x.x.x [ 0 ms] Login attempt by domain user 'domain\user' using NTLMv2 style security [ 2] TCP connection to ip x.x.x.x, port 389 failed: No route to host. [ 2] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server [ 2] TCP connection to ip x.x.x.x, port 389 failed: No route to host. [ 2] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server [ 2] TCP connection to ipx.x.x.x, port 389 failed: No route to host. [ 3] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server [ 3] TCP connection to ip x.x.x.x, port 389 failed: No route to host. [ 3] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server [ 3] TCP connection to ip x.x.x.x, port 389 failed: No route to host. [ 3] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Can't contact LDAP server [ 5] Failed to connect to x.x.x.x for DNS via Source Address y.y.y.y: No route to host [ 6] Failed to connect to x.x.x.x for DNS via Source Address y.y.y.y: No route to host **[ 7] FAILURE: Unable to contact DNS to discover domain controllers. [ 8] Unable to make a connection (NetLogon:domain.contoso.COM), Result: RESULT_ERROR_DNS_CANT_REACH_SERVER [ 8] CIFS authentication failed