Network Storage Protocols Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network Storage Protocols Discussions

Start a New Post

Unable to access CIFS share by name

Rowl
‎2017-04-04 09:19 AM

Ran into a strange problem here, hoping someone can point me in the right direction.  We have two Windows 2008 R2 servers that are unable to access a UNC path to an SVM when using the DNS name of the lif. The connection works fine if connecting to the ip address. From these windows servers I can connect to shares by name on other NAS products, and random Windows clients.

 

From these two servers

\\svm\share$ fails

\\svm.our.dom.com\share$ fails

 

\\10.1.1.1\share$ works (assume 10.1.1.1 is address of lif)

\\othernas\share$ works

\\windowsServer\share$ works

 

From other Windows clients \\svm\share$ works

 

I checked that the Windows firewall is disabled, credentials cache is empty, time is in sync with AD. Flushed the DNS cache too. 

 

So it appears I only have a problem connecting to Netapp CIFS share by name from these two servers. Connecting by ip works, so doesn't look like firewall is blocking me. 

 

I know there is a difference in authentication when connecting my address rather than by name, but the details are not clear to me. Something about NTLM vs Kerberos.

 

Thanks

-Rowl

0 Kudos
View By:
4 Replies
Reply
4 REPLIES 4

Re: Unable to access CIFS share by name

mbeattie
NetApp
‎2017-04-04 07:39 PM

Hi Rowl,

 

Have you checked the DNS server IP configured on your windows server, then verified that a DNS A and PTR records for the vserver exist on that DNS server in the correct DNS zone. IE from your server can you do a forward and reverse lookup of the vserver via hostname, fqnd and IP address using nslookup on your windows server? If so and DNS records exist then it could be a group policy issue.

 

Please note that the default security policy in Windows Server 2008 R2 could be preventing access to the CIFS shares depending on the security configuration on the storage.

Check the local policy on your server:

http://technet.microsoft.com/en-us/library/jj852270(v=ws.10).aspx

 

Check the following policy values


•    Domain Member: Digitally sign client communication (when possible)
•    Microsoft network client: Digitally sign communications (always)

 

What's the error message and error code you recieve in windows explorer when attempting to access the share?
Is SMB signing enabled on your storage but not on your windows server?

Do other operating systems have the same issue

 

Also are you attempting to access your vserver via a DNS CName alias? If so you check you have an SPN configured for the CName on your vservers AD computer account object.

Hope that provides a few troubleshooting options.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos
4 Replies
Reply

Re: Unable to access CIFS share by name

Rowl
‎2017-04-24 11:37 AM

This turned out to be an issue with the server having only SMB 1.0 enabled and the filer requiring Kerberos authentication and SMB signing. Unfortunately I got this information second hand and am not exactly sure how this was resolved. Apparently some application running on the server only worked with SMB 1.0, but that sounds like a misunderstanding to me. 

0 Kudos
4 Replies
Reply

Re: Unable to access CIFS share by name

rajivbmenon
‎2019-07-24 03:10 PM

So what is the fix for this? We are having this issue as well in our environment.

 

We have 2008 R2 DC's in one site and 2012 R2 DC's in another. The site with 2012 R2 DC's is not having issues, but the other is.

 

Any idea's?

0 Kudos
4 Replies
Reply

Re: Unable to access CIFS share by name

mbeattie
NetApp
‎2019-07-24 04:40 PM

Hi,

 

I would advise checking there is an AD group policy that sets the SMB signing client configuration in combination with setting the a default authentication security level for you CIFS vserver. You would need to determine the correct configuration for your environment that enables all clients to connect based on the operating systems you are using. Some links to the docs:

 

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-EE6C5170-7CF6-492C-83A6-9904AE247F21.html&lang=en

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-861C90E9-A8B2-405C-9020-0C38679BD72B.html&lang=en

 

Also if you are accessing the CIFS vserver via a DNS CName alias ensure you have set an SPN on the AD computer object to ensure clients are able to authenticate via Kerberos rather than reverting to NTLM.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos
4 Replies
Reply
Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public