Subscribe

Active directory SID translation slow

I have two sites both with different clustermode (6210 and 8060) hardware but on the same domain.   These FAS clusters house our company SHARE and HOME drives.   Over the last 6 months SID resolution has been getting slower to now what I would consider painfully slow for some security groups.   Via windows file explorer it sometimes takes 5 minutes to resolve the sids.  Manually trying to resolve sometimes fails but if I wait a minute or two it will then resolve.  We have increased the size of the cache dedicated to holding the SIDs 5x with no effect.  

 

NETAPP: diag secd authentication translate -node DIX-NETAPP-01 -vserver DIX-P-INFNAS-01 -sid S-1-5-21-2019431095-1834360568-1243820751-149394

Error: command failed: RPC call to SecD failed. RPC: "secd_rpc_auth_sid_to_name_1".  Reason: "translateSidToName: RPC: Timed out; ct = 0x827c16b40 rem_addr = 127.0.0.1:670".

 

NETAPP::*> diag secd authentication translate -node DIX-NETAPP-01 -vserver DIX-P-INFNAS-01 -sid S-1-5-21-2019431095-1834360568-1243820751-149394
SHOESD01\NAS_FULLCTRL_LL (Domain group)

 

Has anyone else run into something similar?  I have been considering flushing the cache but I'm not sure doing that on a production server is a good idea. 

 

 

 

Re: Active directory SID translation slow

I am experiencing the same. Seems to coincide around the same time we ran our wannacry patches and making SMB changes to our Windows servers.