Accepted Solution

Error 0xc0000022: STATUS_ACCESS_DENIED

Hi there!

We have a problem in a customers environment that clients that are not in the same Active Directory cannot get access to cifs shares.

The error at the Ontap 8.1.1P1 7-Mode-Cli is as follows:

Tue Jan 22 09:08:30 CET [netapp1:auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Connection with \\APEFF established.

Tue Jan 22 09:08:30 CET [netapp1:auth.trace.authenticateUser.loginRejected:info]: AUTH: Login attempt by user rejected by the domain controller with error 0xc0000022: STATUS_ACCESS_DENIED.

Clients from inside the AD can access the shares, but the others cannot. I think this can be a problem caused by a GPO in the 2008-AD?!?!

Thanks for your replies!

Re: Error 0xc0000022: STATUS_ACCESS_DENIED

Have you tried this one?

To avoid this issue, disable SMB 2.x on the system by entering the following command:

options cifs.smb2.client.enable off

Re: Error 0xc0000022: STATUS_ACCESS_DENIED

Hi! I have already tried this option, but with no success.

Yesterday I tried a dcdiag on the first discovered and preferred DC and the log showed me several errors.

So I changed the preferred DC to the second DC and now everything works fine.

I recommended the customer to reinstall the corrupted DC.

Many thanks for your help!