Thank you.  In addition to what you suggested, I realized that my "transmission path" isn't quite what I had expected.

Although my computer has a NIC on our iSCSI VLAN, and therefore a direct connection to the controller, that NIC doesn't have the Microsoft client bound to it.   Therefore, the RPC setup traffic was still originating from another NIC (with an ACL between it and the controller).

Clinton,

Does this statement imply that you MUST have CIFS licensed on your controller in order to use RPC authentication?

So, in order to setup the filer in AD with cifs setup, you either need iscsi, fcp or cifs licensed.

Yes.

OK, That works. I have FCP, iSCSI, and NFS, just no CIFS. So that's not my problem. I still can't connect via RPC. Not a big, deal I can connect via HTTP, but it is just annoying, it SHOULD work. And on top of it the 2240 works, yet the dctest looks the same on all three controllers. The 3270s just don't work. I get a 0x5 error (authentication)

Ooops. Just saw Clinton's reply. So CIFS is the requirement I don't have. Hmmm. I'll have to talk to my NetApp Sales rep. Thank you!

Have you gone through cifs setup and added it to the domain?

When I do a cifs testdc and a domaininfo, they both show connected correctly. Now when I do an adupdate, it doesn't work. I'm not sure why.

What's the story with Clustered ONTAP.  How do you get Connect-NcController to automatically use the credentials of the logged on user to connected to the SVM?   I still don't want to hard-code usernames or passwords in the script.