secd.ldap.noServers due to obsolete preferred-dc
Applies to
- ONTAP 9
- CIFS/SMB
Issue
Errors from
EMS log:Sun Feb 29 00:39:15 +0200 [node-01: secd: secd.ldap.noServers:debug]: None of the LDAP servers configured for Vserver (vserver_name) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).Sun Feb 29 00:44:25 +0200 [node-01: secd: secd.conn.auth.failure:debug]: Vserver (vserver_name) could not make a connection over the network to server (ip XX.XX.10.10, port 389). Error: Connection refused (Service: LDAP (Active Directory), Operation: SiteDiscovery).Sun Feb 29 00:44:25 +0200 [node-01: secd: secd.conn.auth.failure:debug]: Vserver (vserver_name) could not authenticate over the network to server (DC071). Error: Can't contact LDAP server (Service: LDAP (Active Directory), Operation: SiteDiscovery).To display all DCs:
::> cifs domain discovered-servers show -vserver vserver_nameNode: node-01Vserver: vserver_nameDomain Name Type Preference DC-Name DC-Address Status--------------- -------- ---------- --------------- --------------- ---------OLD.DOMAIN.COM MS-LDAP adequate DC071 XX.XX.10.10 unavailabletrusted.local MS-LDAP preferred CIFS1.DOMAIN.COM 10.11.1.10 undeterminedtrusted.local MS-LDAP preferred CIFS2.DOMAIN.COM 10.11.1.11 OKtrusted.local MS-DC preferred CIFS1.DOMAIN.COM 10.11.1.10 undeterminedtrusted.local MS-DC preferred CIFS2.DOMAIN.COM 10.11.1.11 undeterminedTo identify trusted Domains:
::> vserver cifs domain trusts show -node node-01 -vserver vserver_nameNode: node-01Vserver: vserver_nameHome Domain Trusted Domain--------------------- -----------------------------------DOMAIN.COM CIFS1.DOMAIN.COM, CIFS2.DOMAIN.COM, OLD.DOMAIN.COM