SSH or HTTP connection to ONTAP fails for AD users
Applies to
- ONTAP 9
- Active Directory
Issue
- Authentication times out for AD users or groups
- All UDP traffic to port 88 on DCs times out while TCP traffic to port 88 works
- secd logs indicated failures as
RPC TOOK TOO LONGand all logged requestssat in the queuefor several seconds
[kern_secd:info:92928] .------------------------------------------------------------------------------.
[kern_secd:info:92928] | RPC TOOK TOO LONG: |
[kern_secd:info:92928] | RPC used 28 seconds (max is 23) |
[kern_secd:info:92928] | and likely caused the client to timeout |
[kern_secd:info:92928] .------------------------------------------------------------------------------.
[kern_secd:info:92928] | RPC SUCCESS: |
[kern_secd:info:92928] | secd_rpc_ontap_admin_cifs_auth_basic has succeeded |
[kern_secd:info:92928] | Result = 0, RPC Result = 0 |
[kern_secd:info:92928] | RPC received at Thu Dec 8 00:25:48 2022 |
[kern_secd:info:92928] |------------------------------------------------------------------------------'
[kern_secd:info:92928] | [000.000.005] debug: Worker Thread 34509862656 processing RPC 155:secd_rpc_ontap_admin_cifs_auth_basic(caller: MGMT_PAM) with request ID:62477 which sat in the queue for 20 seconds. { in run() at src/server/secd_rpc_server.cpp:2343 }