Unable to access CIFS shares due to Microsoft Active Directory computer account disabled

Applies to

• ONTAP 9
• CIFS
• Microsoft Active Directory (AD)

Issue

• Users are unable to access CIFS shares, SSH to ONTAP CLI, or access System Manager using Windows username

• Errors are logged in EMS stating authentication fails

Example:

nas-cm913  ERROR         Nblade.CifsOperationTimedOut: Detected a timed out CIFS operation. SMB command for this operation: SMB2_COM_SESSION_SETUP, Number of times this command was suspended: ###, Number of times this command was restarted: #, Last CSM error during this operation: CSM_OK, Remote blade UUID: 00000000-0000-0000-0000-000000000000, Is QoS enabled: QoS_disabled, Last nBlade error during this operation: SPINNP_NO_FO_ERROR, Client IP address: 10.10.10.???, Local IP address: 10.10.10.???, Target Vserver ID: #

secd.cifsAuth.problem: vserver (vserver) General CIFS authentication problem. Error: Ontap admin cifs authentication basic procedure failed

• Running commands to authenticate users fails to connect to domain controllers because the account is disabled.

::> vserver security file-directory show-effective-permissions -vserver svm1 -win-user-name user1 -path /vol/shared
 
Vserver: svm1 (internal ID: 5)
 
Error: Lookup of CIFS account name procedure failed
  ...
           using TCP
  [  6570] Clients credentials have been revoked
           (KRB5KDC_ERR_CLIENT_REVOKED)
  [  6570] Failed to initiate Kerberos authentication. Trying NTLM.
  [  6657] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
           for SMB command SessionSetup
  [  6744] Encountered NT error (NT_STATUS_AUTH_ACCOUNT_DISABLED)
           for SMB command SessionSetup
  [  6744] Unable to connect to LSA service on
           xxxxxxxx.xxxx.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)
  [  6830] Successfully connected to ip 10.237.200.24, port 445
           using TCP
 [  6922] Clients credentials have been revoked
           (KRB5KDC_ERR_CLIENT_REVOKED)
  [  6923] Failed to initiate Kerberos authentication. Trying NTLM.
  [  7007] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
           for SMB command SessionSetup
  [  7094] Encountered NT error (NT_STATUS_AUTH_ACCOUNT_DISABLED)
           for SMB command SessionSetup
  [  7094] Unable to connect to LSA service on
           xxxxxxxx.xxxx.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)
  [  7181] Successfully connected to ip 10.238.113.44, port 445
           using TCP
 [  7272] Clients credentials have been revoked
           (KRB5KDC_ERR_CLIENT_REVOKED)
  [  7273] Failed to initiate Kerberos authentication. Trying NTLM.
  [  7358] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
           for SMB command SessionSetup
  [  7445] Encountered NT error (NT_STATUS_AUTH_ACCOUNT_DISABLED)
           for SMB command SessionSetup
  [  7445] Unable to connect to LSA service on
           xxxxxxxx.xxxx.com (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)
**[  7445] FAILURE: Unable to make a connection
**         (xxxxxxxx.xxxx.com), Result:
**         RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE
  [  7446] Could not find Windows name 'user1'
  [  7446] CIFS name lookup failed
 
Error: show failed: Failed to convert Windows name to SID. Reason: "SecD Error: no connections available".