ONTAP Discussions
ONTAP Discussions
Hi All,
I'm getting strange errors from DNS server
NTAP-clstr::> event log show -message-name secd.*
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
12/12/2019 08:55:23 nodeA ERROR secd.dns.server.timed.out: DNS server 64.181.180.21 did not respond to vserver = PRDCORP within timeout interval.
12/12/2019 08:55:21 nodeA EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (PRDCORP) are currently accessible via the network.
12/12/2019 08:24:01 nodeC ERROR secd.dns.server.timed.out: DNS server 64.181.180.21 did not respond to vserver = PRDCORP within timeout interval.
12/12/2019 08:23:59 nodeC EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (PRDSCORP) are currently accessible via the network.
Upon checking i found the ip address 64.181.180.21 corresponds to one of NTP servers configured on cluster.
NTAP-clstr::> ntp server show
(cluster time-service ntp server show)
Server Version
------------------------------ -------
xx.xxx.xx.xxx auto
xxx.xxx.xx.xxx auto
64.181.180.21 auto
Can removing the server from ntp confirguration would stop these alert ?
Or Am i looking at wrong place?How to stop these alert from triggering?
Looking for some expert advice!!
Solved! See The Solution
Make sure that the dns server is not having issues communicating to the filer. you can check it using *>> dns show command.
if dns is timing out, we will not get response for our LDAP lookup.
Cifs security can also get the "noserver" error be logged in EMS.
Periodic secd.ldap.noServers error messages in EMS after modifying "cifs security"
I do not think removing the NTP configuration will solve your problem. The errors mean that ONTAP is having trouble contacting the LDAP server configured for the PRDCORP vserver. Here is a useful KB that will walk through some troubleshooting steps that can help narrow down the issue:
Hi Donny , I checked the article earlier but as per pt.1 I verfied the the ladp is not being used as name service. As its not configured as a source in the nsswitch configuration.
Hi Andre, Yea i checked that my Netapp cluster is configured with MST timezone while AD server lives in CST. And also one more strange thing i noticed on Cluster. Today logged in System Manger GUI under settings i went to Data and Time option but its not loading and screen showing "Loading information" from past 2hrs.
It is saying do not have permission to access the link,
You do not have permission to view this page. @donny_lang
As others have also mentioned : The time difference (clock skew) between the cluster and the domain controller must not be more than five minutes. Just googling, it appears Central Time is 1 hour ahead of Mountain Time.
Does the 'status' say 'OK' ?:
::> vserver cifs domain discovered-servers show
1) Just RDP to one of your "DC server" and check time there.
2) Login to cluster: check the date & time/timezone?
::> date
Node Date Time zone
--------- ------------------------ -------------------------
3) Enter the following command to change it to whatever timezone is "on the DC".
timezone -
-timezone -version
BRDRSANCL1::> timezone -timezone
Africa/ America/ Antarctica/ Arctic/ Asia/ Atlantic/
Australia/ Brazil/ CET CST6CDT Canada/ Chile/
Cuba EET EST EST5EDT Egypt Eire
Etc/ Europe/ Factory GB GB-Eire GMT
GMT+0 GMT-0 GMT0 Greenwich HST Hongkong
Iceland Indian/ Iran Israel Jamaica Japan
Kwajalein Libya MET MST MST7MDT Mexico/
NZ NZ-CHAT Navajo PRC PST8PDT Pacific/
Poland Portugal ROC ROK Singapore Turkey
UCT US/ UTC Universal W-SU WET
Zulu
4) check the date/time timezone again and ensure it is in sync with DC, with 5 mint difference.
::> date
5) If not manually set the date/time:
::> date YYYYMMDDHHMM
Once the time are in sync, wait for sometime, it will be sorted. Else, you can re-set it.
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-CAED5556-D751-4BCA-BF39-EFDEEBC1312A.html
Thanks!
Make sure that the dns server is not having issues communicating to the filer. you can check it using *>> dns show command.
if dns is timing out, we will not get response for our LDAP lookup.
Cifs security can also get the "noserver" error be logged in EMS.
Periodic secd.ldap.noServers error messages in EMS after modifying "cifs security"