Network and Storage Protocols

windows server 2025 join domain failed

Zhangyufan
769 Views

I have a test lab with ONTAP simulator at 9.13.1 version, and Microsoft published windows server 2025 last month, so I want test ONTAP with new OS.

1.Windows server 2025 is installed and active directory service is installed.

Zhangyufan_2-1732881440392.png

 

Zhangyufan_1-1732881419262.png

 

2. During the cifs create procedure, it shows an error: Machine account creation procedure failed.

Zhangyufan_0-1732881336918.png

3. From wireshark capture, it shows kpasswd replyed an error.

 

4 REPLIES 4

liu
604 Views

The user account in this kb used to add a computer account is using an incorrect password 

Machine Account Creation Procedure Failed - KRB5KDC_ERR_PREAUTH_FAILED - NetApp Knowledge Base

Or the user credentials are incorrect   Machine account creation procedure failed with KRB5_REALM_UNKNOWN error - NetApp Knowledge Base

CristianoRossi
577 Views

If you check Interoperability Matrix for CIFS, Windows 2025 Server is not yet listed, so the validation is not executed yet. 

 

The error is pointing to a duplicate/reused account on Domain Controller for the SVM.

Please retry posting the full secd log for cifs create call to understand the reason for the failure

thanks your reply, I don't know how to collect full secd log, bellow is what I collected logs.

 

ontap_913::*> event log show -node ontap_913-01 -event secd*
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
12/5/2024 01:34:17 ontap_913-01 ERROR secd.unexpectedFailure: Unexpected SecD failure in Vserver "svm_s3". Details: Error: Machine account creation procedure failed
[ 8142] Loaded the preliminary configuration.
[ 8216] Created a machine account in the domain
[ 8219] SID to name translations of Domain Users and Admins completed successfully
[ 8220] Successfully connected to ip 8.47.176.15, port 88 using TCP
[ 8223] Successfully connected to ip 8.47.176.15, port 464 using TCP
**[ 8298] FAILURE: Kerberos password set for 'NETAPP2$@WIN2025AD.COM' failed with Message stream modified (KRB5KRB_AP_ERR_MODIFIED)
[ 8313] Deleted existing account 'CN=NETAPP2,CN=Computers,DC=win2025ad,DC=com'
[ 8313] Retry requested, but the retry window (7000 ms) has expired; giving up.
12/5/2024 01:34:08 ontap_913-01 NOTICE secd.conn.auth.failure: Vserver (svm_s3) could not make a connection over the network to server (ip 8.46.176.15, port 389). Error: Network is unreachable (Operation: AnonymousBind).

CristianoRossi
244 Views

It seems there is a problem on Microsoft side for kpasswd (Kerberos password change service) and it is investigated by Microsoft at the moment. 

Public