Many secd.rpc.authRequest.blocked alerts after upgrading to ONTAP 9.12.1 or later
Applies to
- ONTAP 9.12.1 or later
- CIFS/SMB
Issue
- ONTAP 9.12.1 or later EMS reports
secd.rpc.authRequest.blocked
secd: secd.rpc.authRequest.blocked:alert]: Too many CIFS authentication attempts with wrong password from client "x.x.x.x" on Vserver "svm1"
secd: secd_rpc_authRequest_blocked_1:alert]: params: {'clientIP': '10.201.149.XXX', 'userName': 'i45260XX', 'domain': 'd-Domain', 'vserverName': 'svm_XXX'}
or
secd.rpc.authRequest.blocked:Too many CIFS authentication attempts with an invalid password from a client with IP "x.x.x.x", user name "User name" and domain "domain name" on SVM "SVM name".
- After the above event occurs, a large number of
secd.cifsAuth.problemare logged
secd: secd.cifsAuth.problem:error: vserver (svm1) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = x.x.x.x **[ 0] FAILURE: CIFS authentication failed
- The error "
Client (IP: x.x.x.x) blocked due to continuous attempts with wrong password" is logged insecd.log