Intermittently User cannot access CIFS shares on ONTAP via NTLM due to Security Software on DCs

Applies to

• ONTAP 9
• NT LAN Manager (NTLM)
• Trend Micro Deep Security

Issue

• NTLM authentication may fail if domain controllers (DC's) has Trend Micro Deep Security installed

• SECD logs at the time of the failure:

ERR : HandleBytesReturnedFromRecv: Failed to receive data on socket: Connection reset by peer { in DisplayPerror() at src/Support/CustomErrors.cpp:56 }

• Packet trace: both the DC and Storage controller get a TCP Reset:
  • Storage side trace:
    • 581 213.112912 10.10.10.6 10.10.10.25 TCP 6 445 → 59092 [RST] Seq=943361775 Win=0 Len=0
  • DC side trace:
    • 389 113.513129 10.10.10.25 10.10.10.6 TCP 6 59092 → 445 [RST] Seq=1322711260 Win=0 Len=0
• The DC may respond to a NetrServerAuthenticate2 request the first time with STATUS_ACCESS_DENIED 
• The second time the DC may respond to the NetrServerAuthenticate2 request with Unknown error 0xc0000388