Subscribe

DFM : A CIFS domain controller connection to the filer has failed.

Hi Guys,

We are getting the below alerts or warnings frequently in the netapp filers console .When we login and check the domain controllers everything is fine and there is no issue reported in client accessing the cifs shares.

 

Please let me know if you have encountered similar issue. Any help on this is highly appreciated.

 

[xxxxxxxxx@xxxxxxx:cifs.pipe.errorMsg:error]: CIFS: Error on named pipe with xxxxxxx: Error connecting to server, open pipe failed 

[xxxxxxxx@xxxxxxx:smbrpc.pipeCreate.fail:error]: CIFSRPC: Attempt to create pipe LSA for LsarLookupSids failed with error 0xc000005e. 

[xxxxxxxx@xxxxxxx:smbrpc.exceptionCaught:error]: CIFSRPC: An RPC exception with a server of type domain controller occurred. 

[xxxxxxxx@xxxxxxx:smbrpc.pipeClose.fail:error]: CIFSRPC: Attempt to close pipe LSA failed with error 0xc0000022.

 

Regards,

Ramesh

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

Any help on this is highly appreciated.

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Ramesh,

 

I'd advise reading this KB article:

 

https://kb.netapp.com/support/s/article/ka11A0000001RTdQAM/controller-does-not-contact-other-dcs-when-there-are-issues-with-a-connected-dc

 

What is the output of "cifs domaininfo"? Do you have multiple Domain controllers in the AD Site\subnet that your controller\vFiler is located in?

The KB article is saying that if you only have a single DC in the AD Site that the vfiler is associated with (via AD sites and services) and there is an issue with the DC, the vfiler won't automatically attemp to find another one. EG:

 

C:\>dsquery server -site testlab
"CN=TESTDC01,CN=Servers,CN=testlab,CN=Sites,CN=Configuration,DC=testlab,DC=local"

Where -site <%site_name%> is the name of the AD site you are troubleshooting. Short answer, to guarentee redundancy there should be atleast two domain controllers

 

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Matt,

Thanks for your quick response. Find below cifs domaininfo output. We are not seeing any issue in client access but we get lot of incident tickets because of this.We want these errors not to occur. Please let me know if there is any solution to supress the errors.

 

==============================

 

xx00xx1c@xx00001> cifs domaininfo
NetBIOS Domain:                         XXX
Windows Domain Name:                    XXX.xxx.local
Domain Controller Functionality:        Windows 2012 R2
Domain Functionality:                   Windows 2003
Forest Functionality:                   Windows 2003
Filer AD Site:                          XXX

Current Connected DCs:                  \\XX00111
Total DC addresses found:               3
Preferred Addresses:
                                        None
Favored Addresses:
                                        10.x.x.2     XX00111          PDC
                                        10.x.x.1                      PDC
Other Addresses:
                                        10.x.x.17                    PDC

Connected AD LDAP Server:               \\XX00111.xxx.xxx.local
Preferred Addresses:
                                        None
Favored Addresses:
                                        10.x.x.2    
                                         xx00111.xxx.xxx.local
                                        10.x.x.1    
                                         xx00110.xxx.xxx.local
Other Addresses:
                                        10.x.x.17  
                                         xxc00100.xxx.xxx.local

 

==================================================

 

Regards,

Ramesh

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

We get the below alert in the DFM for this issue.

 

DFM Alert:

A CIFS domain controller connection to the filer has failed.Product trap Data- CIFS: Domain controller server XX00111 (10.x.x.2) connection lost: DC has disconnected from the filer  Serial num -xx00000xxxxx.

 

Regards,

Ramesh

 

 

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Ramesh,

 

What is the exact version of data ONTAP running on your controller? What's the output the "version" command? As you have multiple DC's in your AD site available to the controller the previous KB article isn't the issue. It sounds like a BUG to me (possibly #390540) but i'd need to the version of ONTAP you are running to see if that is applies.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Ramesh,

 

Also are you running a mixed mode environment? IE windows and unix clients accessing the same CIFS shares? If so this might be relevent (the error messages in KB article match the error messages you initially posted)

 

https://kb.netapp.com/support/s/article/ka11A000000137OQAQ/cifs-rpc-attempt-to-close-pipe-lsa-failed-with-error-0xc0000022

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Matt,

We have this issue in multiple versions of Ontap and in more than 20+ filers we get these alerts .

 

Ex:  7.3.2  ,  8.2.4P4 

 

Regards,

Ramesh

 

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

We are not using mixed mode environment. We are having only windows client accessing the cifs shares.

 

/Ramesh

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Ramesh,

 

The bug #390540 could apply to 7-Mode systems prior to 7.3.6P2 but as you are seeing the issue on other versions ONTAP which include the bug fix i don't think that's the issue (and if it were it would likely be causing your clients disruptions). I'd suggest looking at KB article (in particular point 4 given you are not using mixed mode):

 

https://kb.netapp.com/support/s/article/ka11A000000137OQAQ/cifs-rpc-attempt-to-close-pipe-lsa-failed-with-error-0xc0000022

 

Whats the output of "options wafl.default_nt_user"

Do you have any AD trusts in your environment that may no longer be valid? What's the output of:

 

C:\>netdom query trust

You can then use:

NETDOM TRUST trusting_domain_name /Domain:trusted_domain_name [/UserD:user]
           [/PasswordD:[password | *]] [/UserO:user] [/PasswordO:[password | *]]
           [/Verify] [/RESEt] [/PasswordT:new_realm_trust_password]
           [/Add] [/REMove] [/Twoway] [/REAlm] [/Kerberos]
           [/Transitive[:{yes | no}]]
           [/OneSide:{trusted | trusting}] [/Force] [/Quarantine[:{yes | no}]]
           [/NameSuffixes:trust_name [/ToggleSuffix:#]]
           [/EnableSIDHistory[:{yes | no}]]
           [/ForestTRANsitive[:{yes | no}]]
           [/CrossORGanization[:{yes | no}]]
           [/AddTLN:TopLevelName]
           [/AddTLNEX:TopLevelNameExclusion]
           [/RemoveTLN:TopLevelName]
           [/RemoveTLNEX:TopLevelNameExclusion]
           [/SecurePasswordPrompt]

If that still doesn't resolve the issue, have you logged a case? Guessing you might not be able to given some of the older versions of Data ONTAP you are running.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.