Skip to main content
NetApp Knowledge Base

"SecD Error: no server available" when enabling AES, because root CA certificate is missing

  1. Last updated
  2. Save as PDF
Views:
2,035
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • Advanced Encryption Standard (AES)

Issue

  • When enabling AES encryption on a CIFS SVM:
Cluster::> cifs security modify -vserver vserver_name -is-aes-encryption-enabled true
Info: In order to enable CIFS AES encryption, the password for the CIFS server machine account must be reset. Enter the username and password for the CIFS domain "DC_Name".
Enter your user ID: administrator
Enter your password:
Error: command failed: Password update failed. Reason: SecD Error: no server available.
  • To verify:
Cluster::> event log show -message-name *secd*
Time                Node             Severity      Event
------------------- ---------------- ------------- ---------------------------
12/9/2022 10:43:08  node_01          DEBUG         secd.unexpectedFailure: vserver (vserver_name) Unexpected failure.
Error: CIFS server password reset procedure failed
...
[    59] Successfully connected to ip xx.xx.20.69, port 389 using TCP
[    80] Hostname found in Name Service Cache
[    81] Successfully connected to ip xx.xx.20.71, port 389 using TCP
[    86] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[    86] Unable to start TLS: Connect error
[    86]   Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[    86] Unable to connect to LDAP (Active Directory) service on DC_Name
[    87] Successfully connected to ip xx.xx.20.69, port 389 using TCP
[    92] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[    93] Unable to start TLS: Connect error
[    93]   Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[    93] Unable to connect to LDAP (Active Directory) service on DC_Name
[    93] Successfully connected to ip xx.xx.20.72, port 389 using TCP
[    98] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[    98] Unable to start TLS: Connect error
[    98]   Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[    98] Unable to connect to LDAP (Active Directory) service on DC_Name
[    99] Successfully connected to ip xx.xx.20.67, port 389 using TCP
[   104] Required certificate with CA Entrust Root Certification Authority - G2 is not installed
[   104] Unable to start TLS: Connect error
[   104]   Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
[   105] Unable to connect to LDAP (Active Directory) service on DC_Name
[   105] N...[Please refer to secd log for more detail!]
 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.