Skip to main content
NetApp Knowledge Base

secd.ldap.noServers caused by multiple PTR records for the DC

  1. Last updated
  2. Save as PDF
Views:
1,128
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • MS-LDAP/AD-LDAP
  • Kerberos

Issue

  • EMS:
::> event log show -event *secd.ldap.noServers* -severity *
Time                Node             Severity      Event
------------------- ---------------- ------------- ---------------------------
3/20/2023 13:47:47  cluster-n02    EMERGENCY     secd.ldap.noServers: None of the LDAP servers configured for Vserver (svm1) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
3/20/2023 13:47:35  cluster-n01    EMERGENCY     secd.ldap.noServers: None of the LDAP servers configured for Vserver (svm1) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
  • OR get-dc-info fails intermittently:
::> set adv
Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.
Do you want to continue? {y|n}: y
 
::*> vserver services access-check authentication get-dc-info -node cluster-n01 -vserver svm1
Error: command failed: RPC call to SecD failed. RPC: "SecD Error: no server
available".  Reason: "".
  • SECD logs show SASL bind to LDAP server failing:
[kern_secd:info:9440] | [000.039.193]  debug:  ldap_sasl_interactive_bind_s returned -2  { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:666 }
[kern_secd:info:9440] | [000.039.200]  ERR  :  Unable to SASL bind to LDAP server using GSSAPI: Local error { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:670 }
[kern_secd:info:9440] | [000.039.210]  info :    Additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database) { in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:673 }
[kern_secd:info:9440] | [000.039.216]  ERR  :  RESULT_ERROR_LDAPSERVER_LOCAL_ERROR:7643 in ldapSaslBindGssapi() at src/connection_manager/secd_connection.cpp:677
[kern_secd:info:9440] | [000.039.221]  ERR  :  ldapSaslBindGssapi: LDAP Error: (-2): 'Local error':
  • getxxbyyy gethostbyaddr returns different hostname for the DC IP when run multiple times:
::*> vserver services name-service getxxbyyy gethostbyaddr -node cluster-n01 -vserver svm1 -ipaddress 10.xx.xx.245
(vserver services name-service getxxbyyy gethostbyaddr)
IP address: 10.xx.xx.245
Host name: india10.naslab.local
Alias: NASLAB.naslab.local
Alias: gc._msdcs.naslab.local
 
::*> vserver services name-service getxxbyyy gethostbyaddr -node cluster-n01 -vserver svm1 -ipaddress 10.xx.xx.245
IP address: 10.xx.xx.245
Host name: NASLAB.naslab.local
Alias: india10.naslab.local
Alias: gc._msdcs.naslab.local
 
::*> vserver services name-service getxxbyyy gethostbyaddr -node cluster-n01 -vserver svm1 -ipaddress 10.xx.xx.245
IP address: 10.xx.xx.245
Host name: gc._msdcs.naslab.local
Alias: india10.naslab.local
Alias: NASLAB.naslab.local

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.