ONTAP Discussions

Active directory SID translation slow

I have two sites both with different clustermode (6210 and 8060) hardware but on the same domain.   These FAS clusters house our company SHARE and HOME drives.   Over the last 6 months SID resolution has been getting slower to now what I would consider painfully slow for some security groups.   Via windows file explorer it sometimes takes 5 minutes to resolve the sids.  Manually trying to resolve sometimes fails but if I wait a minute or two it will then resolve.  We have increased the size of the cache dedicated to holding the SIDs 5x with no effect.  

 

NETAPP: diag secd authentication translate -node DIX-NETAPP-01 -vserver DIX-P-INFNAS-01 -sid S-1-5-21-2019431095-1834360568-1243820751-149394

Error: command failed: RPC call to SecD failed. RPC: "secd_rpc_auth_sid_to_name_1".  Reason: "translateSidToName: RPC: Timed out; ct = 0x827c16b40 rem_addr = 127.0.0.1:670".

 

NETAPP::*> diag secd authentication translate -node DIX-NETAPP-01 -vserver DIX-P-INFNAS-01 -sid S-1-5-21-2019431095-1834360568-1243820751-149394
SHOESD01\NAS_FULLCTRL_LL (Domain group)

 

Has anyone else run into something similar?  I have been considering flushing the cache but I'm not sure doing that on a production server is a good idea. 

 

 

 

1 REPLY 1

Re: Active directory SID translation slow

I am experiencing the same. Seems to coincide around the same time we ran our wannacry patches and making SMB changes to our Windows servers.
Cloud Volumes ONTAP
Review Banner
All Community Forums
Public