Unfortunately I couldn't find a way to copy the file to the NetApp, Share on C$, SFTP and http didn't work for me...

For the second Controller I am ready, but I would like to wait with the update until both are ready.

Is there another way to get the OnTap file to the place it should be for the update ?

Dumb question, but is options cifs.enabled and cifs.smb2.enabled true?

options cifs has this output: (can't find the two options you mentioned)
cifs.AD.retry_delay 15
cifs.LMCompatibilityLevel 1
cifs.W2K_password_change off
cifs.W2K_password_change_interval 4w
cifs.W2K_password_change_within 1h
cifs.audit.account_mgmt_events.enable off
cifs.audit.autosave.file.extension
cifs.audit.autosave.file.extension.nanosecond_precision off
cifs.audit.autosave.file.limit 0
cifs.audit.autosave.onsize.enable off
cifs.audit.autosave.onsize.threshold 75%
cifs.audit.autosave.ontime.enable off
cifs.audit.autosave.ontime.interval 1d
cifs.audit.enable off
cifs.audit.file_access_events.enable on
cifs.audit.liveview.allowed_users
cifs.audit.liveview.enable off
cifs.audit.logon_events.enable on
cifs.audit.logsize 1048576
cifs.audit.nfs.enable off
cifs.audit.nfs.filter.filename
cifs.audit.saveas /etc/log/adtlog.evt
cifs.bypass_traverse_checking on
cifs.client.dup-detection ip-address
cifs.comment Comment
cifs.enable_share_browsing on
cifs.gpo.enable off
cifs.gpo.trace.enable off
cifs.grant_implicit_exe_perms off
cifs.guest_account
cifs.home_dir.generic_share_access_level 1
cifs.home_dir.generic_share_access_warn on
cifs.home_dir_namestyle
cifs.home_dirs_public_for_admin on
cifs.idle_timeout 1800
cifs.ipv6.enable off
cifs.max_mpx 253
cifs.ms_snapshot_mode xp
cifs.netbios_aliases
cifs.netbios_over_tcp.enable on
cifs.nfs_root_ignore_acl off
cifs.oplocks.enable on
cifs.oplocks.opendelta 0
cifs.per_client_stats.enable off
cifs.perfmon.allowed_users
cifs.perm_check_ro_del_ok off
cifs.perm_check_use_gid on
cifs.preserve_unix_security off
cifs.restrict_anonymous 0
cifs.restrict_anonymous.enable off
cifs.save_case on
cifs.scopeid
cifs.search_domains
cifs.show_dotfiles on
cifs.show_snapshot off
cifs.shutdown_msg_level 2
cifs.sidcache.enable on
cifs.sidcache.lifetime 1440
cifs.signing.enable off
cifs.smb2.enable on
cifs.smb2.signing.max_threads 3
cifs.smb2.signing.multiprocessing default
cifs.smb2.signing.required off
cifs.smb2_1.branch_cache.enable off
cifs.smb2_1.branch_cache.hash_time_out 3600 (value might be overwritten in takeover)
cifs.smbx_signing_required off
cifs.snapshot_file_folding.enable off
cifs.symlinks.cycleguard on
cifs.symlinks.enable on
cifs.trace_dc_connection off
cifs.trace_login off
cifs.universal_nested_groups.enable on
cifs.widelink.ttl 10m

I was able to copy it with http, now it's time to make the update, hope it works out

Upgrade successful, but I am still not able to connect to Controller 1, Controller 2 has a connection, but now I have this error:

[storename:krb.kt.princ.notfound.cred:warning]: Kerberos: Did not find principal HOST/storename@DOMAIN in keytab. This is a CIFS problem.

I am not able to open the C$ share with any combination of credentials.

The mentioned solution here also didn't work --> https://matthewfugel.wordpress.com/2016/02/09/fixing-a-broken-cifsnetbios-alias/

It can be a wrong SPN, duplicate machine account name, or the machine account has been deleted.

How to set the correct SPN for a storage controller

Note:

You can always  delete the old machine account manually from your AD before reconfiguring CIFS.

>cifs terminate
>cifs setup

I am now back to where I was before the update, controller 1 does not work, access to controller 2 now works again after setting the following options:
options cifs.smb2.client.enable
options cifs.netlogon.secure_channel.enable
However, it only works via IP, and not with the hostname for controller 2.

I stopped counting, but after the last cifs setup I am again able to connect with hostname. But still not able to connect to controller 1.

I suspect if you have gone this far:

1. Stop CIFS again
2. CLEAN OUT DNS -> remove all records for the IPs and the Hostname. 
   1. Thoroughly! Check again
3. Verify/Create the reverse lookup zone (if not created)
4. Maybe try to enable Dynamic DNS
   1. options dns.update.enable on|off|secure
      1. In newer environments, I find secure needs to be enabled
5. Redo the CIFS setup
6. Follow the earlier link to verify and update the SPNs also.

Done the following:
1. Set options dns.update.enable secure on both controllers
2. Stopped cifs
3. Removed DNS entries (AAA record and reverse)
4. Removed Computer object from AD
5. Done cifs setup again
6. Recreated both DNS entries

7. Computer object there

Still the same 😞

I tried also to connect to 445 with telnet, only possible to controller 2

OMG, you are my hero! Thank you so much.

Checking the DNS settings and this setting to automatically set the DNS entries was the trick I needed.

I learned now that my manual entries pointed to the wrong IP's (e0M) and the automatic creation used e0a.

(for whatever reason the one wrong IP had worked)

Thanks again to all of you for the perfect support for a newbie like me 🙄