ONTAP Discussions

After DC Update No CIFS Access (PDC BROKEN)

marshit
13,660 Views

Hello Folks, 

 

I'm running 7-mode NetApp release 8.2.5 - yes, this system is going away and EOL already. But nevertheless I have a Windows 2016 server that was updated last week. It's a VM and we changed to a different VM but used the same name as the previous so DNS didn't needed to be changed. 

 

Now I noticed that none of my CIFS connections works. When I run cifs sessions it's completly empty. I have ran testdc, prefdc, resetdc, stopped and restarted CIFS service and still no luck.

 

When I run cifs domaininfo command it says BROKEN everywhere for Favored and Preferred Addresses. 

 

What can I do next?

 

 

 

14 REPLIES 14

NetApp_SR
13,636 Views

You say its a different VM so some security identifier may have changed try "cifs terminate" and then "cifs setup". Follow the prompts to reconnect.

aladd
13,624 Views

Check to make sure of what SMB version is presently being used and authentication method between storage and the DC.

Mjizzini
13,615 Views

ONTAP is utilizing SMB1 to communicate with the DC(s) and the DC(s) cannot communicate over SMB1

Enable smb2 for DC connection on the filer, or enable smb1 on the DC.

Authentication issues after upgrading domain controller to Server 2016

paul_stejskal
13,560 Views

Did it break right after updates to Windows 2016? If so, which updates were applied?

marshit
13,557 Views

I'm on WIndows 2019 but is wasn't an OS upgrade just now, that was done months agao and has been working fine. 

 

@NetApp_SR I already tried running setup again for CIFS several times and what it did was fix the "domaininfo" to where it doesn't say "BROKEN" anymore but yet I still can't access. 

 

Now I did notice there are no computer objects within AD for for NAS filers, do those need to be manually added again? The DNS entries are still within AD and apppear to be fine.

aladd
13,531 Views

Yes, you will need a machine account on the DC in order to effectively authenticate.

 

CIFS setup should correct the machine account issue, but it sounds like we need more information on the problem.

 

Can you try to authenticate and then get the output to the following command?

 

::>event log show -event *secd*

marshit
13,439 Views

None of these commands are for 7-mode. I also had already re-added the objects to AD.

marshit
13,439 Views

Your command didn't work and that also is not a 7-mode command.

tahmad
13,419 Views

are you able to share the logs requested by aladd

marshit
13,399 Views

@tahmad That command didn't work on 8.2.5 version of 7-mode.

aladd
13,376 Views

Sorry @marshit ,

 

Can you please try to reauthenticate and then collect the output from the following:

 

>rdfile /etc/messages

AlexDawson
13,421 Views

To confirm, is it running 8.2.5P5?

marshit
13,399 Views

@AlexDawson You are correct.

Public