NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

Active directory SID translation slow

EVILUTION
6,062 Views

I have two sites both with different clustermode (6210 and 8060) hardware but on the same domain.   These FAS clusters house our company SHARE and HOME drives.   Over the last 6 months SID resolution has been getting slower to now what I would consider painfully slow for some security groups.   Via windows file explorer it sometimes takes 5 minutes to resolve the sids.  Manually trying to resolve sometimes fails but if I wait a minute or two it will then resolve.  We have increased the size of the cache dedicated to holding the SIDs 5x with no effect.  

 

NETAPP: diag secd authentication translate -node DIX-NETAPP-01 -vserver DIX-P-INFNAS-01 -sid S-1-5-21-2019431095-1834360568-1243820751-149394

Error: command failed: RPC call to SecD failed. RPC: "secd_rpc_auth_sid_to_name_1".  Reason: "translateSidToName: RPC: Timed out; ct = 0x827c16b40 rem_addr = 127.0.0.1:670".

 

NETAPP::*> diag secd authentication translate -node DIX-NETAPP-01 -vserver DIX-P-INFNAS-01 -sid S-1-5-21-2019431095-1834360568-1243820751-149394
SHOESD01\NAS_FULLCTRL_LL (Domain group)

 

Has anyone else run into something similar?  I have been considering flushing the cache but I'm not sure doing that on a production server is a good idea. 

 

 

 

1 REPLY 1

Tvoyce
4,958 Views
I am experiencing the same. Seems to coincide around the same time we ran our wannacry patches and making SMB changes to our Windows servers.
Public