Failed to create the machine account with LDAP Error Local error occurred

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 2,654

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
Active Directory Server
CIFS Server
LDAP Signing or Sealing

Issue

Attempting to create an Active Directory or CIFS server for an SVM fails with the following error:

Error: command failed: Failed to create the Active Directory machine account "SVMAD". Reason: LDAP Error: Local error occurred.

EMS events are also observed from the attempt showing the Domain Controller the issue was encountered with, such as "olddc1" in this example:

Tue Jun 15 14:03:17 UTC [cluster-01: secd: secd.conn.auth.failure:notice]: Vserver (svmad) could not authenticate over the network to server (olddc1). Error: Local error ().

Tue Jun 15 14:03:17 UTC [cluster-01: secd: secd.unexpectedFailure:debug]: vserver (svmad) Unexpected failure. Error: Machine account creation procedure failed [ 19269] Loaded the preliminary configuration. [ 19294] Successfully connected to ip 10.100.1.100, port 88 using TCP [ 19974] Successfully connected to ip 10.100.1.100, port 389 using TCP [ 19974] Entry for host-address: 10.100.1.100 not found in the current source: FILES. Ignoring and trying next available source [ 20092] Successfully connected to ip 10.100.1.100, port 88 using TCP **[ 20314] FAILURE: Unable to SASL bind to LDAP server using GSSAPI: Local error [ 20314] Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database) [ 20314] Unable to connect to LDAP (Active Directory) service on olddc1.demo.netapp.com (Error: Local error) [ 20314] Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 7643 [ 20315] Retry requested, but the retry window (7000 ms) has expired; giving up.