アーカイブ:SECDが原因でCIFS access lost due to SECD become unresponsive with lot of closed LDAP port 389 connections
| アーカイブ依頼者:Andre Knaup |
| アーカイブの理由: PR https://kb.netapp.com/on-prem/ontap/.../CONTAP-155703 とARS KB https://kb.netapp.com/on-prem/ontap/...responsivenessとの重複 |
環境
- ONTAP 9
- CIFS
- Secure Lightweight Directory Access Protocol (LDAPとStart-TLS)
- 信頼できるドメイン
問題
- 信頼できるドメイン 環境ですべてのCIFS共有にアクセスできない
::> cifs domain trusts show -vserver SVM
- EMSログ:
例:
[node-01: secd: secd.cifsAuth.problem:error]: vserver (<vserver_name>) General CIFS authentication problem.
Error: User authentication procedure failed CIFS SMB2 Share mapping - Client Ip = 1.22.333.444
[ 0 ms] Login attempt by domain user 'domain\user' using NTLMv2 style security
[ 0] Unable to connect to NetLogon service on domain.com (Error: RESULT_ERROR_SPINCLIENT_SOCKET_CONNECT_ERROR)
[ 0] No servers available for MS_NETLOGON, vserver: 8, domain: dom.com **
[ 0] FAILURE: Unable to make a connection (NetLogon:DOMAIN.COM),
Result: RESULT_ERROR_SECD_NO_SERVER_AVAILABLE [ 0] CIFS authentication failed
- SecDログ:
Failed to open file: /mroot/etc/cluster_config/vserver/.vserver_<number>/config/name_services//etc/resolv.conf. Error: Too many open files
ERR : Error!!! Socket Error: Too many open files { in DisplayPerror() at src/Support/CustomErrors.cpp:56 }
ERR : ldapSaslBindGssapi: Kerberos Error: 'Too many open files'
- その他の症状はEMSにあります。
例:
secd.dns.srv.lookup.failed: DNS server failed to look up service (_ldap._tcp.dc._msdcs.ds.domain.com) for vserver (<SVM>) with error (No such process)
secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.domain._sites.corp.domain.com) for vserver (SVM_ontap) with error (Too many open files).
Failed to create RPC client handle to MGWD: 127.0.0.1: RPC: Remote address unknown
Unable to connect to NetLogon service on <domain controller> (Error: RESULT_ERROR_SECD_COULD_NOT_CREATE_RPC_HANDLE_TO_MGWD)