EMS secd.conn.auth.failure from specific HA Pair or node
Applies to
- ONTAP 9
- Domain Tunnel Authentication
Issue
- EMS messages noticed for specific ONTAP nodes in the cluster:
[node-04: secd:secd.conn.auth.failure:notice]: Vserver (vserver1) could not make a connection over the network to server (ip 10.0.0.1, port 88). Error: No route to host ().
[node-04: secd: secd.conn.auth.failure:notice]: Vserver (vserver1) could not make a connection over the network to server (ip 10.0.0.1, port 88). Error: Can't assign requested address ().
[node-04: secd:secd.conn.auth.failure:notice]: Vserver (vserver1) could not make a connection over the network to server (ip 10.0.0.1, port 88). Error: Operation timed out().
[node-04: secd: secd.kerberos.preauth:error]: A Kerberos pre-authentication failure occurred for SVM (vserver1) due to invalid credentials for users@Domain.LOCAL.
[node-04: secd: secd.cifsAuth.problem:error]: vserver (vserver1) General CIFS authentication problem. Error: Ontap admin cifs authentication basic procedure failed
[ 16 ms] Successfully connected to ip 10.0.0.1, port 88 using TCP
[ 63] Successfully connected to ip 10.0.0.1, port 88 using TCP
**[ 106] FAILURE: Could not authenticate as 'users@Domain.LOCAL': Invalid Credentials (KRB5KDC_ERR_PREAUTH_FAILED).
[ 143] Kerberos authentication failed. Skipping NTLM
[ 143] Ontap-admin-login-cifs failed"
- Network configuration:
::> network interface show
Logical Status Network Current Current Is
Vserver Interface Admin/Oper Address/Mask Node Port Home
----------- ---------- ---------- ------------------ ------------- ------- ----
vserver1
vserver1a_client up/up 10.0.0.1/24 node-05 a0b true
vserver1b_client up/up 10.4.1.2/24 node-06 a0b true
vserver1c_client up/up 10.4.1.6/24 node-05 a0b true
vserver1d_client up/up 10.4.1.7/24 node-06 a0b true
Note: node-04 is reporting the EMS alerts and does not have configured LIFs
