secd.ldap.noServers due to obsolete preferred-dc

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 1,123

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas

Last Updated:

Applies to

ONTAP 9
CIFS/SMB

Issue

Errors from EMS log:

Sun Feb 29 00:39:15 +0200 [node-01: secd: secd.ldap.noServers:debug]: None of the LDAP servers configured for Vserver (vserver_name) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).

Sun Feb 29 00:44:25 +0200 [node-01: secd: secd.conn.auth.failure:debug]: Vserver (vserver_name) could not make a connection over the network to server (ip XX.XX.10.10, port 389). Error: Connection refused (Service: LDAP (Active Directory), Operation: SiteDiscovery).

Sun Feb 29 00:44:25 +0200 [node-01: secd: secd.conn.auth.failure:debug]: Vserver (vserver_name) could not authenticate over the network to server (DC071). Error: Can't contact LDAP server (Service: LDAP (Active Directory), Operation: SiteDiscovery).

To display all DCs:

::> cifs domain discovered-servers show -vserver vserver_name

Node: node-01

Vserver: vserver_name

Domain Name Type Preference DC-Name DC-Address Status

--------------- -------- ---------- --------------- --------------- ---------

OLD.DOMAIN.COM MS-LDAP adequate DC071 XX.XX.10.10 unavailable

trusted.local MS-LDAP preferred CIFS1.DOMAIN.COM 10.11.1.10 undetermined

trusted.local MS-LDAP preferred CIFS2.DOMAIN.COM 10.11.1.11 OK

trusted.local MS-DC preferred CIFS1.DOMAIN.COM 10.11.1.10 undetermined

trusted.local MS-DC preferred CIFS2.DOMAIN.COM 10.11.1.11 undetermined

To identify trusted Domains:

::> vserver cifs domain trusts show -node node-01 -vserver vserver_name

Node: node-01

Vserver: vserver_name

Home Domain Trusted Domain

--------------------- -----------------------------------

DOMAIN.COM CIFS1.DOMAIN.COM,

CIFS2.DOMAIN.COM,

OLD.DOMAIN.COM