メインコンテンツまでスキップ

DC で SMB3 暗号化が有効になっている場合、 SVM は DC に接続できません

Views:
88
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

に適用されます

  ONTAP 9

問題

  • DC で SMB3 暗号化が有効になっている場合、 SVM は DC に接続できません。 
  • DC のステータスが「 unavailable 」と表示される  
::*> vserver cifs domain discovered-servers show
Node: CDOT-01
Vserver: test
 
Domain Name   Type   Preference DC-Name     DC-Address    Status
--------------- -------- ---------- --------------- --------------- ---------
naslab.local   KERBEROS favored   rodc       10.216.41.192  undetermined
naslab.local   KERBEROS preferred  win-aesid9bf636 10.216.41.191  undetermined
naslab.local   KERBEROS preferred  win-m2fcklun4l2 10.216.41.190  undetermined
naslab.local   MS-LDAP  favored   RODC       10.216.41.192  undetermined
naslab.local   MS-LDAP  preferred  win-aesid9bf636 10.216.41.191  undetermined
naslab.local   MS-LDAP  preferred  win-m2fcklun4l2 10.216.41.190  undetermined
naslab.local   MS-DC   favored   rodc       10.216.41.192  undetermined
naslab.local   MS-DC   preferred  win-aesid9bf636 10.216.41.191  OK
naslab.local   MS-DC   preferred win-m2fcklun4l2 10.216.41.190  unavailable  <<<<<<<<<< SVM fails to connect.
 
  • SE次元 トレースを有効にした場合、 SVM からのセッションセットアップ要求で、「アクセスが拒否されました」( NT エラー 0xc0000022 )が発生したことが SVM からのセッションセットアップ要求で DC で失敗したことを示します。
[kern_secd:info:8039] | [001.556.907]  info :  Successfully connected to ip 10.216.41.190, port 445 using TCP { in _connect() at src/connection_manager/secd_connection_shim.cpp:317 }
[kern_secd:info:8039] | [001.558.049]  debug:  NEGOTIATE RESPONSE: DC selected SMB2/3 dialect 0x210  { in Smb2ParseNegotiateResponse() at src/Smb2/Smb2Negotiate.cpp:211 }
[kern_secd:info:8039] | [001.558.055]  debug:  SIGNING: DC REQUIRES signing  { in Smb2ParseNegotiateResponse() at src/Smb2/Smb2Negotiate.cpp:216 }
[kern_secd:info:8039] | [001.560.847]  info :  [krb5 context 10EEC600] Creating authenticator for TEST123$@NASLAB.LOCAL -> cifs/win-m2fcklun4l2.naslab.local@, seqnum 62567361, subkey aes256-cts/3FC8, session key aes256-cts/32F1
[kern_secd:info:8039] | [001.565.821]  ERR  :  Encountered NT error (NT_STATUS_ACCESS_DENIED) for SMB command SessionSetup  { in LogNtStatusCode() at src/Commands/Commands.cpp:448 }
[kern_secd:info:8039] | [001.565.834]  ERR  :  SMB2 response has NT error 0xc0000022  { in ParseSmb2HeaderResponse() at src/Smb2/Smb2Utils.cpp:313 }
[kern_secd:info:8039] | [001.565.847]  ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in Smb2ParseSessionSetupResponse() at src/Smb2/Smb2SessionSetup.cpp:184
[kern_secd:info:8039] | [001.565.854]  ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in Smb2SessionSetup() at src/Smb2/Smb2SessionSetup.cpp:275
[kern_secd:info:8039] | [001.565.861]  ERR  :  RESULT_ERROR_GENERAL_FAILURE:3 in LogOnUserExtBody() at src/Actions/ActionsONTAP.cpp:2468
[kern_secd:info:8039] | [001.567.323]  ERR  :  RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE:6942 in connectToDomainController() at src/connection_manager/secd_connection.cpp:246
[kern_secd:info:8039] | [001.567.333]  debug:  Connected but failed to authenticate with DC win-m2fcklun4l2.naslab.local  { in connectToDomainController() at src/connection_manager/secd_connection.cpp:262 }
 
  • DC で SMB3 暗号化が有効になっている
PS C:\Users\Administrator.NASLAB> Get-SmbServerConfiguration |findstr "EncryptData"
EncryptData            : True

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support