Unable to connect to CIFS shares after enabling AES on the DC
Applies to
- ONTAP 9
- CIFS/SMB
- AES encryption
Issue
- Access to shares using the share name no longer works:
- Using the IP address to access the share works
- No visible CIFS errors in
EMS
SECD
trace-all :
info : Error accepting security context for Vserver identifier (4). The ticket isn't for us (KRB5KRB_AP_ERR_NOT_US).
node-01[kern_secd:info:10473] | [000.000.907]info : The ticket isn't for us (KRB5KRB_AP_ERR_NOT_US)
node-01[kern_secd:info:10473] | [000.001.267]debug: acceptContext return state: 2, output blob length: 126, ntstatus: NT_STATUS_UNSUCCESSFUL(0xc0000001)- In packet trace on the node:
14479 10.1.1.11 10.1.1.53 SMB2 0xcebd000000ea6bba KRB Error: KRB5KRB_AP_ERR_MODIFIED