Subscribe

STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

Hi,

I hope that you are able to help.

Our customer has two Netapp Systems. 

One standalone system as backup target  and a Metrocluster.

He has to write data on a cifs share by a application with the System Machine Account.

For testing purposes we created a batchfile which should create a directory with mkdir.

At the stand alone system it succeeds on the Metrocluster it fails.

After enabling cifs.trace-login the following message is displayed:

STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

I have searched in several forums about this error.

As solution is suggested to check the spn with setspn.exe -l.

Everything seems to look fine. The customer connects to the filer with the right filername.

So only difference between the Metrocluster and the single machine is, that the Metrocluster is part of a DFS.

Any ideas?

Regards,

Thorsten

 

Re: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

First are we talking 7-mode or cDOT?

 

Secondly, does your CIFS server on the destination side have an SPN registered?

Re: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

these are all 7-mode systems

We do not have a remote site all the systems are on the same location.

The spn is verified and correct.

I!ve tested it with setspn -l

Re: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

Under what user account are you running the batch file? If it runs as LOCALSYSTEM it has different security credentials and probably no access rights to the filer. Does the MKDIR work if you try it (as regular logged in user) from a command prompt? Does CIFS work at all on the filer or do you always get that error? It could be that the clock is out of sync on the NetApp (Kerberos allows for maximum of 300 seconds clock skew). It might also help to reset the password on the filer's domain account by using "cifs changefilerpwd" or reconnect the DCs via "cifs resetdc". If all else fails you can still do "cifs terminate; cifs setup" to re-add the filer to the AD