Skip to main content
NetApp Knowledge Base

CIFS password change fails silently leading to secd: secd.kerberos.preauth:error after Microsoft April 2022 Hotfixes

Last Updated:

Applies to

  • ONTAP 9
    • ONTAP 9.10.1P2 and earlier
    • ONTAP 9.9.1P8 and earlier
    • ONTAP 9.8P11 and earlier
    • ONTAP 9.7P18 and earlier
    • ONTAP 9.6P17 and earlier
  • cifs domain password schedule enabled
  • CIFS
  • Kerberos
  • Active Directory
  • CVE-2021-42287


  • When the vserver cifs domain password schedule is enabled, it silently fails
    • event log show indicates the following
    • Sat Apr 16 03:00:00 +0800 [cluster1-01: secd: secd.kerberos.preauth:error]: Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm1).
    • CIFS client access fails with secd.log error KRB5KDC_ERR_PREAUTH_FAILED

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
Scan to view the article on your device