Skip to main content
NetApp Knowledge Base

CIFS is inaccessible with KRB5KRB_AP_ERR_SKEW due to NTP rejected

Views:
1,197
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • CIFS
  • Kerberos

Issue

  • All Windows clients lost access to CIFS shares. 
  • Error seen in SECD:
Sun Jul 19 2020 16:49:44 [kern_secd:info:8268] | info : Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_SKEW)
 
  • The NTP status show both configured NTP servers are being rejected due to excessive time skew:

NODE01::> set -privilege advanced

NODE01*::> cluster time-service ntp status show -node * -instance
                                      Node: NODE01
NTP Server Host Name, IPv4 or IPv6 Address: 10.1.2.2
                         Server IP Address: 10.1.2.2
Is Peer Reachable and Responding to Polls?: true
         Is Peer Selected as Clock Source?: true
                 State of Server Selection: sys_peer
     Description of Server Selection State: Server Rejected for Excessive Skew
                Time from Last Poll (secs): 422
              Offset from Server Time (ms): 13.77
                 Delay Time to Server (ms): 0.363
                 Maximum Offset Error (ms): 9.495
                    Reachability of Server: ff
                   Stratum of Server Clock: 2
           Reference Clock at Server: 10.1.10.10
           Reported Packet and Peer Errors: -
                                      Node: NODE01
NTP Server Host Name, IPv4 or IPv6 Address: 10.1.1.3
                         Server IP Address: 10.1.1.3
Is Peer Reachable and Responding to Polls?: true
         Is Peer Selected as Clock Source?: false
                 State of Server Selection: outlyer
     Description of Server Selection State: Server Rejected for Excessive Skew
                      Poll Interval (secs): 524
                Time from Last Poll (secs): 345
              Offset from Server Time (ms): 15.796
                 Delay Time to Server (ms): 0.426
                 Maximum Offset Error (ms): 8.861
                    Reachability of Server: ff
                   Stratum of Server Clock: 3
                 Reference Clock at Server: 10.1.10.10
           Reported Packet and Peer Errors: -

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.