After migrating LIF, CIFS fails because firewall is blocking DNS
Applies to
- ONTAP 9
- CIFS/SMB
- DNS
- Firewall
Issue
- When
LIF1is onNode1, CIFS clients can access files through\\LIF1 - After migrating
LIF1toNode2- CIFS clients cannot access files through
\\LIF1 cifs checkfails due to lack of domain controller connectivity
- CIFS clients cannot access files through
- EMS logs that secd cannot connect to domain controllers
[?] Tue Dec 10 22:48:16 -0600 [Node2: secd: secd.conn.auth.failure:notice]: Vserver (SVM1) could not make a connection over the network to server (ip 10.222.44.22, port 389) via interface 10.222.11.111. Error: Operation timed out (Service: LDAP (Active Directory), Operation: SiteDiscovery).[?] Wed Dec 11 00:02:21 -0600 [Node2: secd: secd.conn.auth.failure:notice]: Vserver (SVM1) could not make a connection over the network to server (ip 10.222.44.22, port 445) via interface 10.222.11.111. Error: Operation timed out ().
- EMS logs that on cannot connect to DNS
[?] Tue Dec 10 19:02:05 -0600 [Node2: secd: secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.dc._msdcs.cii_encrypt/JBUoMK2QNFgN2xPC7pUcyTx0UhbekfSoyenbCQb5y3om4BnlETKxslSls82+DxFs/cii_encrypt) for vserver (SVM1) with error (Operation timed out).
- Packet trace shows that when
LIF1sends a DNS query, no response is received