Intermittent access to CIFS share issue due to secd.conn.auth.failure event reported during SiteDiscovery

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 5,978

Visibility:: Public

Votes:: 3

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
CIFS
Active Directory Domain
AutoSupport

Issue

During the periodic SiteDiscovery process on the ONTAP vserver the LDAP server cannot be reached within the timeout period which causes the following event to be logged frequently:

secd: secd.conn.auth.failure:notice]: Vserver (svm1) could not make a connection over the network to server (ip 192.168.1.2, port 389) via interface 192.168.2.3. Error: Operation timed out (Service: LDAP (Active Directory), Operation: SiteDiscovery).

secd: secd.conn.auth.failure:notice]: Vserver (svm1) could not make a connection over the network to server (ip 10.x.x.x, port 445). Error: Operation timed out ().

CIFS shares not accessible when above errors seen in ems logs.
Netlogon time out errors also seen in ems:

Wed Sep 27 15:37:15 +0800 [cluster: secd: secd.cifsAuth.problem:error]: vserver (vserver1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 10..2.2.2 [ 0 ms] Login attempt by domain user 'domain\user1' using NTLMv2 style security **[ 20000] FAILURE: Timed out waiting for a NetLogon connection after 20 seconds [ 20000] Unable to make a connection (NetLogon:DOMAIN.COM), result: 7015 [ 20000] CIFS authentication failed [ 20000] Retry requested, but the retry window (7000 ms) has expired; giving up.

"Operation timed out" errors are reported in ems when responses from DCs is not received on time, which can lead to CIFS access issues .
- NOTE: Packet traces can be collected to confirm the behaviour.