Network and Storage Protocols

SMB2: Connection to server:\\SPEscanner failed due to mismatch in signature.

DiegoEsteban
3,063 Views

Hi all,

 

We need to migrate one “stand alone” SPE physical scanner from its current domain to the new domain; the SPE is scanning only one 7-mode NetApp over two IP.

We tried to do this 4 months ago unsuccessfully because once we had got the server migrated to the new domain the scanner got disconnected from the NetApp every time it got connected.

 

Please, check below the incoming logs from the NetApp:

Fri Mar 12 22:41:16 WET [netapp:vscan.server.connecting.successful:info]: CIFS: Vscan server \\SPEscanner registered with the filer successfully.

Fri Mar 12 22:41:16 WET [netapp:vscan.server.connecting.already:info]: CIFS: Vscan server x.x.x.x attempted to register but there is already a vscan server registered from that address.

Fri Mar 12 22:41:16 WET [netapp:cifs.smb2.client.signing:error]: Connection to server:\\SPEscannerfailed due to mismatch in signature.

Fri Mar 12 22:41:16 WET [netapp:cifs.server.errorMsg:error]: CIFS: Error for server \\SPEscanner: Error in session setup response STATUS_ACCESS_DENIED

 

It is as if there is something cached in the netapp and it does not like that the scanner has the same name/ip as in the old domain.

 

 

After this errors, we decided to rollback and migrate the scanner to its original domain, but it was still failing for 3 hours and then it started to work “magically”.

 

Sat Mar 13 02:52:23 WET [netapp:vscan.server.connecting.successful:info]: CIFS: Vscan server \\SPEscannerregistered with the filer successfully.
Sat Mar 13 02:59:55 WET [netapp:vscan.server.connecting.disconnect:info]: CIFS: Vscan server \\SPEscannerderegistered and will be removed from the list of available vscan servers.
Sat Mar 13 02:59:55 WET [netapp:cifs.server.infoMsg:info]: CIFS: Warning for server \\SPEscanner : Connection terminated.
Sat Mar 13 02:59:55 WET [netapp:vscan.dropped.connection:warning]: CIFS: Virus scan server \\SPEscanner (x.x.x.x) has disconnected from the filer.
Sat Mar 13 03:02:01 WET [netapp:vscan.server.connecting.successful:info]: CIFS: Vscan server \\SPEscanner registered with the filer successfully.
Sat Mar 13 03:02:01 WET [netapp:vscan.server.connecting.disconnect:info]: CIFS: Vscan server \\SPEscanner deregistered and will be removed from the list of available vscan servers.
Sat Mar 13 03:02:01 WET [netapp:cifs.server.infoMsg:info]: CIFS: Warning for server \\SPEscanner : Connection terminated.
Sat Mar 13 03:02:01 WET [netapp:vscan.dropped.connection:warning]: CIFS: Virus scan server \\SPEscanner (x.x.x.x) has disconnected from the filer.
Sat Mar 13 03:02:01 WET [netapp:vscan.server.connecting.successful:info]: CIFS: Vscan server \\SPEscanner registered with the filer successfully.
Sat Mar 13 03:13:01 WET [netapp:cifs.pipe.errorMsg:error]: CIFS: Error on named pipe with SPEscanner : Error connecting to server, open pipe failed
Sat Mar 13 03:13:01 WET [netapp:cifs.server.infoMsg:info]: CIFS: Warning for server \\SPEscanner : Connection terminated.
Sat Mar 13 03:13:01 WET [netapp:vscan.server.connectError:error]: CIFS: An attempt to connect to vscan server \\SPEscanner failed [0xc00000b5].
Sat Mar 13 03:13:01 WET [netapp:vscan.dropped.connection:warning]: CIFS: Virus scan server \\SPEscanner (x.x.x.x) has disconnected from the filer.
Sat Mar 13 03:13:08 WET [netapp:vscan.server.connecting.successful:info]: CIFS: Vscan server \\SPEscanner registered with the filer successfully.
Sat Mar 13 03:13:08 WET [netapp:vscan.server.connecting.disconnect:info]: CIFS: Vscan server \\SPEscanner deregistered and will be removed from the list of available vscan servers.
Sat Mar 13 03:13:08 WET [netapp:cifs.server.infoMsg:info]: CIFS: Warning for server \\SPEscanner : Connection terminated.
Sat Mar 13 03:13:08 WET [netapp:vscan.dropped.connection:warning]: CIFS: Virus scan server \\SPEscanner (x.x.x.x) has disconnected from the filer.
Sat Mar 13 03:13:08 WET [netapp:vscan.server.connecting.successful:info]: CIFS: Vscan server \\SPEscanner registered with the filer successfully.

 

Have you ever experienced this problem? Is there something cached in the NetApp that prevents the connection?

 

Thanks in advance!

 

Regards,

 

Diego Esteban

Endpoint Specialist

3 REPLIES 3

AlexDawson
3,005 Views

Are you using Active Directory? and have you upgraded your 7-mode filer to 8.2.5P5? 

 

Please be aware of this change made by microsoft - https://support.microsoft.com/en-us/topic/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows-ef185fb8-00f7-167d-744c-f299a66fc00a - you MUST be running ONTAP 8.2.5P5 to continue using Active Directory authentication for a 7-mode filer.

DiegoEsteban
2,991 Views

Hi Alex,

 

Thanks for your response! Yes, we are using AD, we do have one service account for the legacy domain and a new one for the new domain.

 

As per Storage Team, we are currently running  8.2.3P1 7-Mde & SPE 8.2; I do not know why the Ontap version should impact in this case because the authentication is working properly at the moment in the legacy domain even running  8.2.3P1 7-Mde.

 

I raised a case to the AV vendor and they did not find anything wrong in the AV side, and they only suggest me to change the IP/hostname once the scanner is migrated to the new domain.

 

Regards,

Diego Esteban

Endpoint Specialist

 

 

AlexDawson
2,922 Views

Hi Diego,

 

The legacy domain is probably working because it is using older signing protocol, but the new one is not because your client for your "new" domain is expecting the most up to date protocol for signing, and ONTAP 8.2.3 cannot meet it - only 8.2.5P5 can.

 

Sorry!

Public