Skip to main content
NetApp Knowledge Base

CONTAP-80033: NTLM authentication fails due to enforcement of Netlogon RPC sealing

  1. Last updated
  2. Save as PDF
Views:
482
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Issue

  • CIFS shares not accessible using CIFS server IP address
  • CIFS Domain authentication using NTLM fails
Example:

  • secd.cifsAuth.problem
    • FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))


  • Windows Domain Controller (DC) logs


    Log Name:      System
    Source:        NETLOGON
    Date:          2/22/2023 3:17:28 PM
    Event ID:      5838
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      dc1.demo.netapp.local
    Description:
    The Netlogon service encountered a client using RPC signing instead of RPC sealing.  
    
    Machine SamAccountName: CIFSSERVERNAME 


  • Kerberos authentication is working
  • ONTAP features configured for domain authentication using NTLMv1 or NTLMv2 are affected (e.g. CIFS, Vscan, RBAC, domain tunnel, etc.):
    ::> set advanced
    ::*> vserver cifs session show -vserver <vserver> -fields auth-mechanism,address,windows-user
    node         vserver   session-id           connection-id address      auth-mechanism windows-user
    ------------ --------- -------------------- ------------- ------------ -------------- ------------
    netapp-01a   <vserver> 17134789207261194186 2550496605    10.62.125.88 NTLMv2        DEMO\user6
    netapp-01b   <vserver> 17134789207261194188 2550496606    10.216.29.42 Kerberos       DEMO\Administrator
    2 entries were displayed.


Note: If Kerberos authentication attempt fails, NTLM (NTLMv1 or NTLMv2) is default fallback.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.