"SecD Error: no server available" because hostname in files does not match CN in peer certificate
Applies to
- ONTAP 9
- DNS
- Active Directory
- CIFS
- StartTLS
Issue
- Unable to reset CIFS password
-
::>cifs password-reset -vserver svm1
Error: command failed: Password update failed. Reason: SecD Error: no server available
-
- EMS says that cifs password reset failed because hostname does not match CN
-
::> event log show -source secd
12/31/2023 12:00:00 cluster1-01 ERROR secd.unexpectedFailure: Unexpected SecD failure in Vserver "svm1". Details: Error: CIFS server password reset procedure failed
...
[ 1] Successfully connected to ip 10.20.30.40, port 389 using TCP
[ 18] Unable to start TLS: Connect error
[ 18] Additional info: TLS: hostname (server1) does not match CN (server1.domain.com) in peer certificate
[ 18] Unable to connect to LDAP (Active Directory) service on server1
[ 18] No servers available for MS_LDAP_AD, vserver: 5, domain: domain.com
**[ 18] FAILURE: Unable to make a connection (LDAP (Active Directory): domain.com), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE
-
- In the DNS server, the PTR record for IP
10.20.30.40
resolves to hostnameserver1.domain.com
, which matches the CN in the DC's peer certificate-
PS> nslookup 10.20.30.40
Server: server1.domain.com
Address: 10.20.30.40
Name: server1.domain.com
Address: 10.20.30.40
-