CONTAP-155703: SecD becoming unresponsive due to socket leak on port 389
Issue
- In certain rare conditions, Security Daemon (SecD) might become unresponsive due to shortage of file descriptors in the system for LDAP startTLS port 389 connections.
- This issue will be seen only if multiple CIFS trusted domains are being discovered.
- Cannot access all CIFS shares in a Trusted Domain environment
::> cifs domain trusts show -vserver SVM
- EMS logs:
[node-01: secd: secd.cifsAuth.problem:error]: vserver (<vserver_name>) General CIFS authentication problem.
Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 1.22.333.444
[ 0 ms] Login attempt by domain user 'domain\user' using NTLMv2 style security
[ 0] Unable to connect to NetLogon service on domain.com (Error: RESULT_ERROR_SPINCLIENT_SOCKET_CONNECT_ERROR)
[ 0] No servers available for MS_NETLOGON, vserver: 8, domain: dom.com **
[ 0] FAILURE: Unable to make a connection (NetLogon:DOMAIN.COM),
Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE [ 0] CIFS authentication failed
- SECD logs:
Failed to open file: /mroot/etc/cluster_config/vserver/.vserver_<number>/config/name_services//etc/resolv.conf. Error: Too many open files
ERR : Error!!! Socket Error: Too many open files { in DisplayPerror() at src/Support/CustomErrors.cpp:56 }
ERR : ldapSaslBindGssapi: Kerberos Error: 'Too many open files'
- Other symptoms are in EMS:
secd.dns.srv.lookup.failed: DNS server failed to look up service (_ldap._tcp.dc._msdcs.ds.domain.com) for vserver (<SVM>) with error (No such process)
secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.domain._sites.corp.domain.com) for vserver (SVM_ontap) with error (Too many open files).
Failed to create RPC client handle to MGWD: 127.0.0.1: RPC: Remote address unknown
Unable to connect to NetLogon service on <domain controller> (Error: RESULT_ERROR_SECD_COULD_NOT_CREATE_RPC_HANDLE_TO_MGWD)
