CIFS server account password does not match password stored in Active Directory

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 11,755

Visibility:: Public

Votes:: 7

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
CIFS/SMB

Issue

Client cannot access SMB/CIFS share via \\svm_ip, \\svm_ip\share_name or \\fqdn
Note: screenshot displays error: Windows cannot access \\hostname\sharename
EMS contains:
Wed Sep 27 02:50:49 +0000 [node-01: secd: secd.cifsAuth.problem:error]: vserver (svm_name) General CIFS authentication problem.
[ 3398] CIFS server account password does not match password stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)
Wed Sep 27 02:50:40 +0000 [node-01: secd: secd.kerberos.preauth:error]: Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm_name).
secd.conn.auth.failure:error: Vserver (SVM01) could not authenticate over the network to server (Server01)
Wed Mar 11 05:10:48 +0000 [Cluster1-01: secd: secd.lsa.noServers:EMERGENCY]: None of the LSA servers configured for Vserver (svm1) are currently accessible via the network.
Security Daemon secd logs:
00000008.005bdd68 0493a463 Wed Sep 27 2023 02:50:49 +00:00 [kern_secd:info:88xx] | [002.382.xxx] info : [krb5 context 087D0xxx] Received error from KDC: -17653xxxxx/Additional pre-authentication required
cifs check fails
Attempts to change password fail (vserver cifs domain password change):
- CLI response
- Error: Password update failed. Reason: Kerberos Error: Invalid credentials were given.
- EMS
- mgwd: cifs.domainpwd.not.updated:error]: An attempt to update the domain account password for Vserver X failed during password change with the following error: Password update failed. Reason: Kerberos Error: Invalid credentials were given