StartTLSまたはLDAPSの要件が原因でAES暗号化を有効にできない
環境
- ONTAP 9
- AESの有効化
- STARTTLS
- LDAPS
問題
- AESを有効にしようとすると、次のエラーメッセージが返されます。
- エラー:コマンドが失敗しました:パスワードの更新に失敗しました。理由:SecDエラー:使用可能なサーバがありません。
- EMSログから:
Tue Jul 19 09:12:00 -0000 [ntap-01: secd: secd.unexpectedFailure:debug]: vserver (svm1) Unexpected failure. Error: CIFS server password reset procedure failed ...
[ 749] Unable to start TLS: Connect error
[ 749] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
[ 749] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com
[ 749] No servers available for MS_LDAP_AD, vserver: 35, domain: demo.netapp.com. **
[ 749] FAILURE: Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 6940
[ 755] Successfully connected to ip 10.128.24.1, port 88 using TCP
[ 956] Successfully connected to ip 10.128.24.1, port 464 using TCP
[ 1058] Kerberos password set for 'svm1$@DEMO.NETAPP.COM' succeeded
[ 1066] No servers available for MS_LDAP_AD, vserver: 5, domain: demo.netapp.com.
[ 1085] Successfully connected to ip 10.128.24.1, port 389 using TCP
[ 1192] Unable to start TLS: Connect error
[ 1192] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
[ 1192] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com
[ 1290] Successfully connected to ip 10.128.24.2, port 389 using TCP
[ 1394] Unable to start TLS: Connect error
[ 1394] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
[ 1395] Unable to connect to LDAP (Active Directory) service on dc2.demo.netapp.com
Tue Jul 18 09:12:00 -0000 [ntap-01: mgwd: cifs.domainpwd.not.updated:error]: An attempt to update the domain account password for Vserver svm1 failed during password reset with the following error: Password update failed. Reason: SecD Error: no server available.