Skip to main content
NetApp Knowledge Base

SVM has lost connectivity to domain controller

Views:
589
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • CIFS/SMB
  • Active Directory (AD)
  • Domain Controller (DC)

Issue

  • Loss of access for new CIFS sessions to shares on the cluster after changes/updates were made to the Domain Controllers
  • EMS Logs show repeated secd.cifsAuth.problem:error

[node-01: secd: secd.cifsAuth.problem:error]: vserver (svm1) General CIFS authentication problem.
 Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 172.1.1.1   ...   
 [     9] Successfully connected to ip 172.1.1.253, port 445 using TCP   
 [    12] Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup   
 [    13] Unable to connect to NetLogon service on dc.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)    [    14] Successfully connected to ip 172.1.1.253, port 445 using TCP   
 [    17] Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup   
 [    18] Unable to connect to NetLogon service on dc.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)    [    21] Successfully connected to ip 172.1.1.253, port 445 using TCP   
 [    29] Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup   
 [    29] Unable to connect to NetLogon service on dc.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)     [    33] Successfully connected to ip 172.1.1.253, port 445 using TCP   
 [    41] Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup   
 [    41] Unable to connect to NetLogon service on dc.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)    [    45] Successfully connected to ip 172.1.1.253, port 445 using TCP   
 [    52] Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup   
 [    52] Unable to connect to NetLogon service on dc.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)    [    55] Successfully connected to ip 172.1.1.253, port 445 using TCP   
 [    62] Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup   
 [    63] Unable to connect to NetLogon service on dc.domain.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)    [    63] No servers available for MS_NETLOGON, vserver: 4, domain: ...
 [Please refer to secd log for more detail!]

  • SECD Logs detail similar errors:

[kern_secd:info:14213] Failure Summary:
[kern_secd:info:14213] Error: User authentication procedure failed
[kern_secd:info:14213] CIFS SMB2 Share mapping - Client Ip = 172.1.1.1
[kern_secd:info:14213]   ...
[kern_secd:info:14213]   [     9] Successfully connected to ip 172.1.1.253, port 445 using TCP
[kern_secd:info:14213]   [    12] Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup
[kern_secd:info:14213]   [    13] Unable to connect to NetLogon service on dc.domain.com (Error:

...
info :  Successfully connected to ip 172.1.1.253, port 445 using TCP { in _connect() at src/connection_manager/secd_connection_shim.cpp:553 }
debug:  NEGOTIATE RESPONSE: DC selected SMB2/3 dialect 0x210  { in Smb2ParseNegotiateResponse() at src/Smb2/Smb2Negotiate.cpp:234 }
debug:  SIGNING: DC REQUIRES signing  { in Smb2ParseNegotiateResponse() at src/Smb2/Smb2Negotiate.cpp:239 }
debug:  Found matching cache 'cc:C:4:0'  { in secd_ccache_resolve() at src/utils/secd_krb_ccache.cpp:1052 }
info :  [krb5 context 09C55000] Getting credentials svm1$@dc.domain.com -> cifs/svm1.dc.domain.com@ using ccache NETAPPCC:cc:C:4:0
debug:  Found matching cache 'cc:C:4:0'  { in secd_ccache_resolve() at src/utils/secd_krb_ccache.cpp:1052 }
info :  [krb5 context 09C55000] Retrieving svm1$@dc.domain.com -> cifs/svm1.dc.domain.com@ from NETAPPCC:cc:C:4:0 with result: 0/Success
info :  [krb5 context 09C55000] Creating authenticator for svm1$@dc.domain.com -> cifs/svm1.dc.domain.com@, seqnum 242533150, subkey aes256-cts/B57F, session key aes256-cts/BEF6
ERR  :  Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup  { in LogNtStatusCode() at src/Commands/Commands.cpp:444 }
ERR  :  SMB2 response has NT error 0xc0000022  { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:497 }
ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in Smb2ParseSessionSetupResponse() at src/Smb2/Smb2SessionSetup.cpp:185
ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in Smb2SessionSetup() at src/Smb2/Smb2SessionSetup.cpp:276
ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in LogOnUserExtBody() at src/Actions/ActionsONTAP.cpp:2490
ERR  :  RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE:6942 in connectToDomainController() at src/connection_manager/secd_connection.cpp:221

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.