DNS障害が原因のsecd.lsa.noServers
環境
- ONTAP 9
問題
- ユーザがCIFS / SMB共有にアクセスできない
- EMS:
secd.lsa.noServers
[NODE-02: secd: secd.dns.server.timed.out:error]: DNS server 192.X.X.X did not respond to vserver = SVM1 within timeout interval.
[NODE-02: secd: secd.netlogon.noServers:EMERGENCY]: None of the Netlogon servers configured for Vserver (SVM1) are currently accessible via the network.
[NODE-02: secd: secd.dns.srv.lookup.failed:error]: DNS server failed to look up service (_ldap._tcp.dc._msdcs.domain.com) for vserver (SVM1) with error (Operation timed out).
[NODE-02: secd: secd.cifsAuth.problem:error]: vserver (SVM1) General CIFS authentication problem.
Error: Get DC connection latency times procedure failed
[ 38 ms] Successfully connected to ip 192.X.X.X, port 389 using TCP
[ 2047] LDAP search for the "dnsHostName" attribute(s) within base "" (scope: 0) using filter "(objectClass=*)" failed with error: Timed out
[ 7054] Failed to connect to 1192.X.X.X for DNS via Source Address 192.X.X.X: Operation timed out
**[ 7059] FAILURE: Unable to contact DNS to discover domain controllers.
[ 7059] Unable to make a connection (NetLogon:DOMAIN.COM), Result: RESULT_ERROR_DNS_CANT_REACH_SERVER
[ 7061] Retry requested, but the retry window (7000 ms) has expired; giving up.
- 問題が報告されている間にストレージで収集されたパケットトレースは、ONTAPがクエリを送信しているときにDNSサーバから応答がないことを示しています。
- ONTAP CLIコマンド
dns checkで、DNSに到達できないことが示されています(ノードごとに異なる場合があります)。
NODE::> dns check -vserver SVM1
Name Server Vserver Name Server Status Status Details
------------- --------------- ------------ --------------------------
SVM1_CIFS 192.X.X.X down Operation timed out.
- DCに到達可能
NODE-01::> cifs check -vserver SVM1
Vserver : SVM1
Cifs NetBIOS Name : DOMAIN
Cifs Status : Running
Site : SITE-NAME
Node Name DC Server Name DC Server IP Status Status Details
--------------- -------------- --------------- ------ --------------
NODE-01 domain.com 192.X.X.X up Response time (msec): 118
注:到達可能なDNSの予想される出力
NODE-02::> cifs check -vserver SVM1
Vserver : SVM1
Cifs NetBIOS Name : DOMAIN
Cifs Status : Running
Site :
Node Name DC Server Name DC Server IP Status Status Details
--------------- -------------- --------------- ------ --------------
NODE-02 domain.COM - down Unable to contact DNS
注:Site とエラーのエントリがありません