ONTAP Discussions

After DC Update No CIFS Access (PDC BROKEN)

marshit
10,440 Views

Hello Folks, 

 

I'm running 7-mode NetApp release 8.2.5 - yes, this system is going away and EOL already. But nevertheless I have a Windows 2016 server that was updated last week. It's a VM and we changed to a different VM but used the same name as the previous so DNS didn't needed to be changed. 

 

Now I noticed that none of my CIFS connections works. When I run cifs sessions it's completly empty. I have ran testdc, prefdc, resetdc, stopped and restarted CIFS service and still no luck.

 

When I run cifs domaininfo command it says BROKEN everywhere for Favored and Preferred Addresses. 

 

What can I do next?

 

 

 

14 REPLIES 14

NetApp_SR
10,416 Views

You say its a different VM so some security identifier may have changed try "cifs terminate" and then "cifs setup". Follow the prompts to reconnect.

aladd
10,404 Views

Check to make sure of what SMB version is presently being used and authentication method between storage and the DC.

Mjizzini
10,395 Views

ONTAP is utilizing SMB1 to communicate with the DC(s) and the DC(s) cannot communicate over SMB1

Enable smb2 for DC connection on the filer, or enable smb1 on the DC.

Authentication issues after upgrading domain controller to Server 2016

paul_stejskal
10,340 Views

Did it break right after updates to Windows 2016? If so, which updates were applied?

marshit
10,337 Views

I'm on WIndows 2019 but is wasn't an OS upgrade just now, that was done months agao and has been working fine. 

 

@NetApp_SR I already tried running setup again for CIFS several times and what it did was fix the "domaininfo" to where it doesn't say "BROKEN" anymore but yet I still can't access. 

 

Now I did notice there are no computer objects within AD for for NAS filers, do those need to be manually added again? The DNS entries are still within AD and apppear to be fine.

aladd
10,311 Views

Yes, you will need a machine account on the DC in order to effectively authenticate.

 

CIFS setup should correct the machine account issue, but it sounds like we need more information on the problem.

 

Can you try to authenticate and then get the output to the following command?

 

::>event log show -event *secd*

marshit
10,219 Views

None of these commands are for 7-mode. I also had already re-added the objects to AD.

marshit
10,219 Views

Your command didn't work and that also is not a 7-mode command.

tahmad
10,199 Views

are you able to share the logs requested by aladd

marshit
10,179 Views

@tahmad That command didn't work on 8.2.5 version of 7-mode.

aladd
10,156 Views

Sorry @marshit ,

 

Can you please try to reauthenticate and then collect the output from the following:

 

>rdfile /etc/messages

AlexDawson
10,201 Views

To confirm, is it running 8.2.5P5?

marshit
10,179 Views

@AlexDawson You are correct.

Public