Alert EMS Message - secd.dc.out.of.pipe.instances
Applies to
- ONTAP 9 and later
- Microsoft Active Directory
- Microsoft Active Directory Domain Controller (DC)
- NTLM Authentication
Issue
- CIFS access is failing due to NTLM authentication failure.
- EMS log messages might be displayed:
Event Name: secd.dc.out.of.pipe.instances Event Description: This message occurs when the Windows Domain Controller (DC), while responding to an MSRPC request from ONTAP, returns an error indicating that it ran out of pipe instances in the listening state. This can occur when the requests from ONTAP are received by the DC during a timing window, when the limited number of listening pipe instance are already allocated to other requests. Such errors received by ONTAP might result in longer CIFS/NFS authentication and/or access times, potentially resulting in client timeouts.
- PCAP shows that the Domain Controller is sending
Error: STATUS_PIPES_NOT_AVAILABLE
- SECD log around time of
secd.dc.out.of.pipe.instances
in EMS
[kern_secd:info:11767] | [001.524.340] debug: Retrying Smb2NtCreateAndXFile to account for PIPE NOT AVAILABLE error { in Smb2NtCreateAndXFile() at src/Actions/ActionsONTAP.cpp:3094 } [kern_secd:info:11767] | [001.524.484] ERR : Encountered NT error (NT_STATUS_PIPE_NOT_AVAILABLE) for SMB command Create { in LogNtStatusCode() at src/Commands/Commands.cpp:609 } [kern_secd:info:11767] | [001.524.488] ERR : SMB2 response has NT error 0xc00000ac { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:497 } [kern_secd:info:11767] | [001.524.492] ERR : Encountered NT error (NT_STATUS_PIPE_NOT_AVAILABLE) for SMB command Create { in LogNtStatusCode() at src/Commands/Commands.cpp:609 } [kern_secd:info:11767] | [001.524.495] ERR : RESULT_ERROR_SPINCLIENT_CMD_FAILED:6763 in CheckSmbStatusWrapper() at src/Commands/Commands.cpp:1129
Additional Information
-
The following workarounds are advised as a temporary fix until the underlying problem is resolved:
-
Avoid using NTLM authentication due to have a dependence on the netlogon pipe
-
If no preferred DC's are configured, configure multiple preferred DC's to bypass the affected domain controller(s)
-
If all preferred DC's are affected, disable preferred DC(s)
-
-
NetNamedPipeBinding.MaxConnections Property (System.ServiceModel)