メインコンテンツまでスキップ

CONTAP-155703:ポート389のソケットリークが原因でSecDが応答しなくなる

Views:
1
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
NAS
Last Updated:

問題

  • In certain rare conditions, Security Daemon (SecD) might become unresponsive due to shortage of file descriptors in the system for LDAP startTLS port 389 connections.
  • This issue will be seen only if multiple CIFS trusted domains are being discovered.
  • Cannot access all CIFS shares in a Trusted Domain environment

::> cifs domain trusts show -vserver SVM

  • EMS logs:

[node-01: secd: secd.cifsAuth.problem:error]: vserver (<vserver_name>) General CIFS authentication problem. Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 1.22.333.444 [ 0 ms] Login attempt by domain user 'domain\user' using NTLMv2 style security [ 0] Unable to connect to NetLogon service on domain.com (Error: RESULT_ERROR_SPINCLIENT_SOCKET_CONNECT_ERROR) [ 0] No servers available for MS_NETLOGON, vserver: 8, domain: dom.com ** [ 0] FAILURE: Unable to make a connection (NetLogon:DOMAIN.COM), Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE [ 0] CIFS authentication failed

  • SECD logs:

Failed to open file: /mroot/etc/cluster_config/vserver/.vserver_<number>/config/name_services//etc/resolv.conf. Error: Too many open files ERR : Error!!! Socket Error: Too many open files { in DisplayPerror() at src/Support/CustomErrors.cpp:56 } ERR : ldapSaslBindGssapi: Kerberos Error: 'Too many open files'

  • Other symptoms are in EMS:

secd.dns.srv.lookup.failed: DNS server failed to look up service (_ldap._tcp.dc._msdcs.ds.domain.com) for vserver (<SVM>) with error (No such process) secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.domain._sites.corp.domain.com) for vserver (SVM_ontap) with error (Too many open files). Failed to create RPC client handle to MGWD: 127.0.0.1: RPC: Remote address unknown Unable to connect to NetLogon service on <domain controller> (Error: RESULT_ERROR_SECD_COULD_NOT_CREATE_RPC_HANDLE_TO_MGWD)

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.