Data ONTAP Discussions

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Matt,

 

Please find below output of command options wafl.default_nt_user. There is nothing specified for this option

 

xx0001> options wafl.default_nt_user

options wafl.default_nt_user

 

 

Please find below output  of netdom command.

 

C:\WINDOWS\system32>netdom query trust

Direction Trusted\Trusting domain                         Trust type

========= =======================                         ==========

 

<->       x-dom.u-xxx.net

Direct

 

 

The command completed successfully.

 

 

-----------------------------------------

 

We dont have support for these filers as most of them are out of support.

 

 

Regards,

Ramesh

 

 

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi Ramesh,

 

You might want to try:

 

  • Explicity setting the default NT user to null (as the KB states it can appear as null but it may have been set to contain a space).
  • Check the qtree status to ensure they are all set to NTFS (if there are any qtrees that are set to UNIX then you may have mixed mode issues)
  • Check the entries in your usermap.cfg file
  • Check the domain trust is still valid.

 

So for each controller...EG:

 

 

TESTNS01> options wafl.default_nt_user ""

TESTNS01> options wafl.default_nt_user
wafl.default_nt_user

TESTNS01> qtree status
Volume   Tree     Style Oplocks  Status
-------- -------- ----- -------- ---------
vol0              ntfs  enabled  normal
testnv01          ntfs  enabled  normal
testvol2          ntfs  enabled  normal
testvol2 qtree1   ntfs  enabled  normal
testvol2 qtree2   ntfs  enabled  normal
testvol2 qtree3   ntfs  enabled  normal
testnv02          ntfs  enabled  normal
testvol1          ntfs  enabled  normal
testvol1 qtree1   ntfs  enabled  normal
testvol1 qtree2   ntfs  enabled  normal
testvol1 qtree3   ntfs  enabled  normal

TESTNS01> rdfile /etc/usermap.cfg

C:>NETDOM TRUST <%trusting_domain_name%> /Domain:<%trusted_domain_name%> /verify

I'd be more concerned about having 20+ controllers that are out of support and maintence.

Hopefully you have a plan to upgrade and migrate these to supported systems?

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi matt,

 

I have set the  below option to null

options wafl.default_nt_user ""

Please find below qtree status.

 

xxxxxxx> qtree status
Volume Tree Style Oplocks Status
-------- -------- ----- -------- ---------
vol01 ntfs enabled normal
vol01 f_user ntfs enabled normal
vol0 ntfs enabled normal
vol02 ntfs enabled normal
vol02 fteam ntfs enabled normal

 

 

There is no entry in usermap.cfg file.

 

============================

 

 We are seeing these alerts daily twice in the filers /etc/messages files.

 

Sun Sep 3 07:08:16 CEST [xxxxxx:cifs.pipe.errorMsg:error]: CIFS: Error on named pipe with DC: Error connecting to server, open pipe failed
Sun Sep 3 07:08:16 CEST [xxxxxx:smbrpc.pipeCreate.fail:error]: CIFSRPC: Attempt to create pipe LSA for LsarLookupSids failed with error 0xc000005e.

Sun Sep 3 17:13:39 CEST [xxxxxx:cifs.pipe.errorMsg:error]: CIFS: Error on named pipe with DC: Error connecting to server, open pipe failed
Sun Sep 3 17:13:39 CEST [xxxxxx:smbrpc.pipeCreate.fail:error]: CIFSRPC: Attempt to create pipe LSA for LsarLookupSids failed with error 0xc000005e.

 

Mon Sep 4 04:00:03 CEST [xxxxxx:cifs.pipe.errorMsg:error]: CIFS: Error on named pipe with DC: Error connecting to server, open pipe failed
Mon Sep 4 04:00:03 CEST [xxxxxx:smbrpc.pipeCreate.fail:error]: CIFSRPC: Attempt to create pipe LSA for LsarLookupSids failed with error 0xc000005e.

 

Mon Sep 4 14:09:45 CEST [xxxxxx:cifs.pipe.errorMsg:error]: CIFS: Error on named pipe with DC: Error connecting to server, open pipe failed
Mon Sep 4 14:09:45 CEST [xxxxxx:smbrpc.pipeCreate.fail:error]: CIFSRPC: Attempt to create pipe LSA for LsarLookupSids failed with error 0xc000005e.

 

 

 

We get the below alert from DFM 2 to 3 times a month for each filer and we get incident ticket for this. 

 

A CIFS domain controller connection to the filer has failed.Product trap Data- CIFS: Domain controller server DC connection lost:
DC has disconnected from the filer Serial num -6x00000xxxxxx

 

=====================================================================

 

 

 

Regards,

Ramesh

 

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

 

Hi Matt,

 

We also get the below alerts on some filers .

 

auth.dc.trace.DCConnection.errorMsg:error]: AUTH: Domain Controller error: NetLogon error 0xc0000022: - Filer's security information differs from domain controller \\DC

 

 

Regards,

Ramesh

 

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi,

 

See this KB. Have you tried setting "cifs prefdc"? You could also try a "cifs resetdc" to reset your DC connections after setting a preferred domain controller

 

https://kb.netapp.com/support/s/article/ka11A00000015x2QAA/storage-system-s-security-information-differs-from-domain-controller

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: DFM : A CIFS domain controller connection to the filer has failed.

Hi matt,

Thanks for the response.

 

The other DC which is connected to the filer as per below output also throws similar output in other filers. So setting Prefer domain controller may not resolve this issue.

 

As per the KB article we have checked solutions in step2 and 3 which is set as per the KB. Coming to Solution1 . We have never re run cifs setup in the filers. What all the things we need to change while re running the cifs setup?. Can you please advice on this.

 


  1. The Auth message could be due to the DC machine account differing from that of the storage system, in which case  cifs setup should be run again on the storage system.
       Note: Running cifs setup will be disruptive

 

==========================================

 

xx00xx1c@xx00001> cifs domaininfo
NetBIOS Domain:                         XXX
Windows Domain Name:                    XXX.xxx.local
Domain Controller Functionality:        Windows 2012 R2
Domain Functionality:                   Windows 2003
Forest Functionality:                   Windows 2003
Filer AD Site:                          XXX

Current Connected DCs:                  \\XX00111
Total DC addresses found:               3
Preferred Addresses:
                                        None
Favored Addresses:
                                        10.x.x.2     XX00111          PDC
                                        10.x.x.1                      PDC
Other Addresses:
                                        10.x.x.17                    PDC

Connected AD LDAP Server:               \\XX00111.xxx.xxx.local
Preferred Addresses:
                                        None
Favored Addresses:
                                        10.x.x.2    
                                         xx00111.xxx.xxx.local
                                        10.x.x.1    
                                         xx00110.xxx.xxx.local
Other Addresses:
                                        10.x.x.17  
                                         xxc00100.xxx.xxx.local

 

======================

 

Regards,

Ramesh

 

Forums