For client - NetApp communication option cifs.smb2.enable is relevant. IIRC option cifs.smb2.client.enable is for NetApp - domain controller communication. So you still should be able to enable SMB2 for clients.
Re: Unable to create NETLOGON pipe No Trusted Logon Servers Available - STATUS_NO_LOGON_SERVERS
It seems you´re facing the OnTap Weakness which is (amongst others) described in BURT 470972
The point is, that OnTap is using a security leak in the smb2-Implementation of Microsoft, which was fixed by some Patches for SMB2 Win2003/2008:
A Kerberos Ticket has a default lifetime of 10 hours. When this Ticket expires, the CIFS Sessions based upon this Ticket must become invalid and the Kerberos-Client (aka Netapp Filer) must request a new ticket and a also a new CIFS Session.
But until now, OnTap is still not able to handle this prodecure correctly, meaning to say pro-actively.
Before Microsoft fixed it, a SMB2-Session wrongly remained active when the Kerberos-Ticket expired.
SMB1 still has this bug, therefore the described workaround (options cifs.smb2.client.enable off => Fallback to SMB1) solves the issue (until Microsoft patches this as well...)
The underlying OnTap Weakness will be corrected in OnTap 8.0.4 and 8.1.2 (just in time for the relase of SMB3 ...;-)