topic Re: Been having a strange LDAP issue lately in ONTAP Discussions

Been having a strange LDAP issue lately

Sycraft — Thu, 18 Jul 2019 22:01:51 GMT

Multiple times a day I get the following error in the logs:

Event:

secd.ldap.noServers: None of the LDAP servers configured for Vserver (*******) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).

Message Name:

secd.ldap.noServers

Thing is, when I look up the error and then try the diags, they work fine. The FAS has no trouble talking to the AD servers that are doing LDAP. For example:

******::> ldap check -vserver *****

Vserver: *****
Client Configuration Name: Linux
LDAP Status: up
LDAP Status Details: Successfully connected to LDAP server "10.***.***.***".

There are no issues with users accessing files that I'm aware of. I'm at a loss as to what the cause or resolution is. I'm not a UNIX guy myself and the LInux admin is disinterested in working on diagnosing it since it is "working fine and just generating warnings".

Any ideas?

Re: Been having a strange LDAP issue lately

mbeattie — Fri, 19 Jul 2019 02:23:09 GMT

Hi Sycraft,

Does your verver have a route to the domain controller\global catalgue server? I had a quick search for you in NetApp Support. I can't be sure if this is related given the limited details but check the following:

https://kb.netapp.com/app/answers/answer_view/a_id/1080502

Are there any additional logs you can post? Also is your vserver in any type of secured network zone with firewall restrictions that could be blocking access to the domain controller\global catalogue? I check the following ports are allowed between your vserver and DC

port 389 (UDP and TCP) – LDAP
port 464 (TCP) - Kerberos Kpasswd
port 88 (UDP and TCP) - Kerberos Traffic
port 3268 (TCP) - Global Catalog

Note: if using SSL to secure AD you'd need LDAPs(636) and MSFT-GC-SSL(3269)

Given the error states "Operation: SiteDiscovery" i'd check the vserver can contact the global catalogue (just a suspicion, couldn't find any related information to that specificially). For a more verbose list see the following firewall port requirements:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)

Hope that helps

/Matt

Re: Been having a strange LDAP issue lately

Sycraft — Fri, 19 Jul 2019 21:00:32 GMT

Ya it can reach the GC just fine, all 6 DCs are Global Catalog servers in this domain, and it can reach all of them. It is not in any kind of restricted space, just our regular server subnet which has no outbound firewall, and an inbound firewall that allows traffic from the subnets where the DCs live explicitly.

What's stranger still is there's no issue on the CIFS SVM. We have two SVMs, one for CIFS, one for NFS. The CIFS SVM is happy as can be, no errors, just the NFS one that is generating errors. It is working fine as far as I know at serving files, hence why our UNIX guy doesn't want to work on the issue, just throwing errors in the logs.

What additonal logs would be useful in trying to diagnose this issue?

Re: Been having a strange LDAP issue lately

mbeattie — Tue, 23 Jul 2019 01:03:33 GMT

Hi,

Thanks, that eliminates a lot of potential troubleshooting areas. Next I'd start by checking for any other secd errors that might be related and determine how frequently the issue occurrs.

event log show -message-name secd.*

/Matt

Re: Been having a strange LDAP issue lately

Sycraft — Tue, 23 Jul 2019 23:45:01 GMT

Looks like every couple hours there's a LSA no servers and LDAP no servers emergency. For reference ENGR-Linuxstore is the NFS server, ENGR-NAS is the CIFS server and 10.140.96.31 and 51 are two of the DCs. They are also used as the primary and secondary DNS servers for all our systems.

The log follows:

Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
7/23/2019 16:01:02 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/23/2019 15:00:39 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 14:00:52 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 13:22:46 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 13:22:44 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 13:08:54 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 13:08:54 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 13:00:39 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 12:24:36 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/23/2019 12:00:36 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 11:47:11 ENGR-Vast_B ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/23/2019 11:00:48 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 10:00:32 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 09:24:51 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 09:24:49 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 09:16:17 ENGR-Vast_B ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/23/2019 09:14:15 ENGR-Vast_B ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/23/2019 09:13:16 ENGR-Vast_A ERROR secd.dns.server.timed.out: DNS server 10.140.96.31 did not respond to vserver = ENGR-NAS within timeout interval.
7/23/2019 09:11:44 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 09:11:43 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 09:01:18 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 08:01:23 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/23/2019 07:01:03 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 06:01:07 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 05:24:56 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 05:24:54 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 05:10:02 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 05:10:01 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 05:00:52 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 04:01:57 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 03:00:42 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 02:06:58 ENGR-Vast_A ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/23/2019 02:04:49 ENGR-Vast_A ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/23/2019 02:00:31 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/23/2019 01:24:00 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 01:23:55 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 01:03:40 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/23/2019 01:03:39 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/23/2019 01:01:14 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/23/2019 00:04:49 ENGR-Vast_B ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/23/2019 00:02:40 ENGR-Vast_B ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/23/2019 00:00:40 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/23/2019 00:00:28 ENGR-Vast_B ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/22/2019 23:00:33 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 22:00:44 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/22/2019 21:25:34 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 21:25:32 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 21:00:50 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 20:56:56 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 20:56:55 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 20:00:35 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/22/2019 19:00:32 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 18:01:44 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 17:25:10 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 17:25:08 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 17:00:35 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.52 did not respond to query within timeout (5 seconds) interval.
7/22/2019 16:56:45 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 16:56:44 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 16:01:41 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/22/2019 15:00:44 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 14:01:23 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 13:31:45 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
Press <space> to page down, <return> for next line, or 'q' to quit...
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
7/22/2019 13:31:40 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 13:10:08 ENGR-Vast_A ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.32
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/22/2019 13:02:05 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 12:55:05 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 12:55:05 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 12:25:13 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 12:00:28 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 11:51:26 ENGR-Vast_B ERROR secd.cifsAuth.denied: vserver (ENGR-NAS) Cannot authenticate CIFS user. Error: User authentication procedure failed
CIFS SMB2 Share mapping - Client Ip = 10.140.96.31
[ 0 ms] LM Compatibility level set to ntlmv2-krb disallowed NTLM authentication
**[ 0] FAILURE: CIFS authentication failed
7/22/2019 11:01:08 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 10:00:50 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.52 did not respond to query within timeout (5 seconds) interval.
7/22/2019 09:33:16 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 09:33:14 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 09:00:31 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 08:52:24 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 08:52:24 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 08:00:36 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/22/2019 07:00:31 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.52 did not respond to query within timeout (5 seconds) interval.
7/22/2019 06:01:13 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 05:31:53 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 05:31:50 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 05:00:42 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 04:46:10 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 04:46:09 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 04:00:55 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 03:01:17 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/22/2019 02:01:31 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.51 did not respond to query within timeout (5 seconds) interval.
7/22/2019 01:29:22 ENGR-Vast_A EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 01:29:20 ENGR-Vast_A EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
7/22/2019 01:02:05 ENGR-Vast_B ERROR secd.ldap.query.timed.out: Vserver 'ENGR-Linuxstore': LDAP server 10.140.96.31 did not respond to query within timeout (5 seconds) interval.
7/22/2019 00:38:26 ENGR-Vast_B EMERGENCY secd.lsa.noServers: None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network.
7/22/2019 00:38:26 ENGR-Vast_B EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
93 entries were displayed.

Re: Been having a strange LDAP issue lately

mbeattie — Wed, 24 Jul 2019 00:51:59 GMT

Hi,

Could be a network issue. "None of the LSA servers configured for Vserver (ENGR-Linuxstore) are currently accessible via the network". Is there a default route for the NFS vserver? Can the vserver's management LIF route to the DC's?

>vserver route show -vserver ENGR-Linuxstore

>vserver services name-service ldap show -vserver ENGR-Linuxstore

/Matt

Re: Been having a strange LDAP issue lately

Sycraft — Fri, 23 Aug 2019 19:19:22 GMT

So the solution was found when troubleshooting an unrelated problem:

Somehow the computer account in Active Directory had lost its assocation with the server (or the other way around). We deleted the Active Directory configuration on the SVM, reset the computer account in AD, and then added the Active Directory configuration back. The errors stopped after that.

It would seem the username/password the SVM had in the AD was enough for lookup for accounts, but the proper computer account assocation was required for the other functions that were failing.

Re: Been having a strange LDAP issue lately

LORENZO_CONTI — Thu, 26 Mar 2020 16:24:13 GMT

Hello,

after upgrading our AD servers the following errors started to appear frequently

"None of the LSA servers configured for Vserver (svmname) are currently accessible via the network."

I've applied this workaround ad fixed the secd.lsa.noServers problem.

vserver cifs security modify -vserver svmname -smb1-enabled-for-dc-connections false -smb2-enabled-for-dc-connections true

source: https://community.netapp.com/t5/General-Discussion/Message-secd-lsa-noServers-None-of-the-LSA-servers-configured/td-p/154999

Re: Been having a strange LDAP issue lately

TOPHAN — Tue, 25 Aug 2020 11:45:08 GMT

Thank you so much!!