General Discussion

Highlighted

Message: secd.lsa.noServers: None of the LSA servers configured

secd.netlogon.noServers: None of the Netlogon servers configured for Vserver

 

This was an easy fix, scouring the web for answers made it more difficult.

Scenario- Transition from 2012 Active Directory to 2019 Active Directory.

 

Run this command #vserver cifs security show -vserver servername

 
Vserver: image1
                    Kerberos Clock Skew:                   - minutes
                    Kerberos Ticket Age:                   - hours
                   Kerberos Renewal Age:                   - days
                   Kerberos KDC Timeout:                   - seconds
                    Is Signing Required:                   -
        Is Password Complexity Required:                   -
   Use start_tls for AD LDAP connection:               false
              Is AES Encryption Enabled:               false
                 LM Compatibility Level:  lm-ntlm-ntlmv2-krb
             Is SMB Encryption Required:                   -
                Client Session Security:                none
        SMB1 Enabled for DC Connections:      system-default
        SMB2 Enabled for DC Connections:      system-default
If you see system-default for the SMB1 and SMB2 settings SMB2 is disabled
This is why your Netapps will not communicate with Active Directory.
Run this command****
vserver cifs security modify -vserver servername -smb1-enabled-for-dc-connections false -smb2-enabled-for-dc-connections true
Output should show
Vserver: image1
                    Kerberos Clock Skew:                   - minutes
                    Kerberos Ticket Age:                   - hours
                   Kerberos Renewal Age:                   - days
                   Kerberos KDC Timeout:                   - seconds
                    Is Signing Required:                   -
        Is Password Complexity Required:                   -
   Use start_tls for AD LDAP connection:               false
              Is AES Encryption Enabled:               false
                 LM Compatibility Level:  lm-ntlm-ntlmv2-krb
             Is SMB Encryption Required:                   -
                Client Session Security:                none
        SMB1 Enabled for DC Connections:               false
        SMB2 Enabled for DC Connections:                true
1 REPLY 1
Highlighted

Re: Message: secd.lsa.noServers: None of the LSA servers configured

Good research. Additionally, default settings for SMB 1.0 and 2.0 connections to domain controllers also depend on the ONTAP version. The system default for ONTAP 9.1 is enabled for SMB 1.0 and disabled for SMB 2.0. The system default for ONTAP 9.2 is enabled for SMB 1.0 and enabled for SMB 2.0. If the domain controller cannot negotiate SMB 2.0 initially, it uses SMB 1.0.

Try the NEW Knowledgebase!
NetApp KB Site
Forums