Skip to main content
NetApp Knowledge Base

CIFS/SMB is not accessible because authentication fails when secd.kerberos.clockskew is seen in EMS

Views:
428
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

ONTAP 9

Issue

  • CIFS/SMB is not accessible because authentication fails when secd.kerberos.clockskew is seen in EMS
  • SECD.log

 ERR  :  RESULT_ERROR_SECD_NO_SERVER_AVAILABLE:6940 in secd_rpc_auth_extended_1_svc() at authentication/secd_rpc_auth.cpp:749
 debug:  SecD RPC Server sending reply to RPC 151: secd_rpc_auth_extended  { in secdSendRpcResponse() at server/secd_rpc_server.cpp:1405 }
 ERR  :  Error: User authentication procedure failed
 ERR  :    [  0 ms] Login attempt by domain user 'CIFSLABAdministrator' using NTLMv1 style security
 ERR  :    [     0] No servers available for MS_NETLOGON, vserver: 3, domain: cifs.lab.netapp.com.
 ERR  :    [    22] Unable to connect to any of the provided DNS servers
 ERR  :    [    22] Connecting to NetLogon server a7-6.cifs.lab.netapp.com (172.17.192.24)
 ERR  :  **[    22] FAILURE: Unexpected state: Error 6810 at file:Common/ProtocolClientLibrary/Dns/DnsOps.cpp func:DnsNameLookup line:715
''' ERR  :  **[    33] FAILURE: Cluster and Domain Controller times differ by more than the configured clock skew'''
 ERR  :    [   104] Unable to connect to a7-6.cifs.lab.netapp.com through the 10.53.21.46 interface
 ERR  :    [   104] No servers available for MS_NETLOGON, vserver: 3, domain: cifs.lab.netapp.com.
|------------------------------------------------------------------------------.
|                  RPC completed at Fri Oct 19 08:34:13 2012                   |
|               End of log for failed RPC secd_rpc_auth_extended               |
'------------------------------------------------------------------------------'

  • EMS messages

10/18/2012 13:34:59 krbClus-01       ERROR         secd.kerberos.clockskew: Kerberos client or node clock skew error (-1765328351).

  • Packet trace

A packet trace is only needed from the client to confirm this - we'd see a KRB5 packet:
1778    41.215954       172.17.193.122  10.53.21.46     SMB     Session Setup AndX Request
1779    41.227968       10.53.21.46     172.17.193.122  SMB     KRB Error: KRB5KRB_AP_ERR_TKT_NYV, Error: STATUS_MORE_PROCESSING_REQUIRED

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.