Skip to main content
NetApp Knowledge Base

Intermittent SECD login error when users access to monitoring application

  1. Last updated
    Aug 12, 2024
  2. Save as PDF
Views:
301
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:
8/12/2024, 9:00:42 AM

Applies to

  • Ontap 9.x
  • Monitoring applications (e.g. AIQUM, Tiebreaker)
  • Domain-Tunnel Vserver

Issue

  • Ontap upgrade is performed in the environment.
  • When domain account accesses to monitoring application, it fails with generic authentication failure error:

Mon Jul 08 14:37:39 +1200 [N01: secd: secd.cifsAuth.problem:error]: vserver (vs1) General CIFS authentication problem. Error: Ontap admin cifs authentication basic procedure failed
[4039 ms] TCP connection to ip 1xx.1x.1x.x, port 88 failed: Operation timed out.
[  6050] TCP connection to ip 1xx.1x.1x.x, port 88 failed: Operation timed out.
**[  8081] FAILURE: Could not authenticate as 'sxx@abc.xy': Cannot contact any KDC for requested realm (KRB5_KDC_UNREACH)
[  8084] Kerberos authentication failed. Trying NTLM
[  8084] Login attempt by domain user 'sxx@abc.xy' using NTLMv2 style security
[ 10085] TCP connection to ip 1xx.1x.1x.x, port 445 failed: Operation timed out.
[ 10094] Unable to connect to NetLogon service on abc.cdz.xy (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
[ 12118] TCP connection to ip 1xx.1x.1x.x, port 445 failed: Operation timed out.
[ 12120] Unable to connect to NetLogon service on abc.cdz.xy (Error: RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
[ 12120] No servers available for MS_NETLOGON, vserver: 36, domain: vdcsan.nz.
[ 12120] Unable to make a connection (NetLogon:abc.xy), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE
[ 12128] Ontap-admin-login-cifs failed
[ 12128] Retry requested, but the retry window (7000 ms) has expired; giving up.

  • Below errors seen in ems logs:

Vserver5 ALERT security.invalid.login: Failed to authenticate login attempt to Vserver: Vserver1, username: domain\technician, application: ontapi.
Vserver5 EMERGENCY secd.netlogon.noServers: None of the Netlogon servers configured for Vserver (Vserver1) are currently accessible via the network.
Vserver5 ERROR secd.dns.server.timed.out: DNS server 10.0.0.1 did not respond to vserver = Vserver1 within timeout interval.
 [?]  Mon Jul 22 11:25:47 +1200 [N01: secd: secd.conn.auth.failure:notice]: Vserver (vs1) could not make a connection over the network to server (ip 1xx.xx.1x.x, port 88). Error: Can't assign requested address ().
Mon Jul 08 14:37:39 +1200 [N01: secd: secd.cifsAuth.problem:error]: vserver (vs1) General CIFS authentication problem. Error: Ontap admin cifs authentication basic procedure failed

  • Vserver for which the errors are generating is domain tunnel vserver.
  • All the errors are for Ontapi access using domain account.
  • Cluster management LIF is on node1(N01).

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.