Solved: DNS server is returning ldap errors

harshitmarwah · ‎2019-12-12

Hi All,

I'm getting strange errors from DNS server

NTAP-clstr::> event log show -message-name secd.*
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
12/12/2019 08:55:23 nodeA ERROR secd.dns.server.timed.out: DNS server 64.181.180.21 did not respond to vserver = PRDCORP within timeout interval.
12/12/2019 08:55:21 nodeA EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (PRDCORP) are currently accessible via the network.
12/12/2019 08:24:01 nodeC ERROR secd.dns.server.timed.out: DNS server 64.181.180.21 did not respond to vserver = PRDCORP within timeout interval.
12/12/2019 08:23:59 nodeC EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (PRDSCORP) are currently accessible via the network.

Upon checking i found the ip address 64.181.180.21 corresponds to one of NTP servers configured on cluster.

NTAP-clstr::> ntp server show
(cluster time-service ntp server show)
Server Version
------------------------------ -------
xx.xxx.xx.xxx auto
xxx.xxx.xx.xxx auto
64.181.180.21 auto

Can removing the server from ntp confirguration would stop these alert ?

Or Am i looking at wrong place?How to stop these alert from triggering?

Looking for some expert advice!!

Mjizzini · ‎2020-07-09

Make sure that the dns server is not having issues communicating to the filer. you can check it using *>> dns show command.

if dns is timing out, we will not get response for our LDAP lookup.

Cifs security can also get the "noserver" error be logged in EMS.

Periodic secd.ldap.noServers error messages in EMS after modifying "cifs security"

View solution in original post

donny_lang · ‎2019-12-12

I do not think removing the NTP configuration will solve your problem. The errors mean that ONTAP is having trouble contacting the LDAP server configured for the PRDCORP vserver. Here is a useful KB that will walk through some troubleshooting steps that can help narrow down the issue:

https://kb.netapp.com/app/answers/answer_view/a_id/1029829/~/how-to-troubleshoot-ldap-issues-in-clustered-data-ontap-

harshitmarwah · ‎2019-12-17

Hi Donny , I checked the article earlier but as per pt.1 I verfied the the ladp is not being used as name service. As its not configured as a source in the nsswitch configuration.

Hi Andre, Yea i checked that my Netapp cluster is configured with MST timezone while AD server lives in CST. And also one more strange thing i noticed on Cluster. Today logged in System Manger GUI under settings i went to Data and Time option but its not loading and screen showing "Loading information" from past 2hrs.

S-Sahu · ‎2020-07-06

It is saying do not have permission to access the link,

You do not have permission to view this page. @donny_lang

ANDRESCHMITZ · ‎2019-12-12

You should also check if you have a time difference between your cluster and your AD greater than 5 Minutes. If your Cluster time is more than 5 minutes behind your AD time the Kerberos ticket is expired.

Ontapforrum · ‎2020-07-06

As others have also mentioned : The time difference (clock skew) between the cluster and the domain controller must not be more than five minutes. Just googling, it appears Central Time is 1 hour ahead of Mountain Time.

Does the 'status' say 'OK' ?:
::> vserver cifs domain discovered-servers show

1) Just RDP to one of your "DC server" and check time there.

2) Login to cluster: check the date & time/timezone?
::> date
Node Date Time zone
--------- ------------------------ -------------------------

3) Enter the following command to change it to whatever timezone is "on the DC".

timezone -
-timezone -version
BRDRSANCL1::> timezone -timezone
Africa/ America/ Antarctica/ Arctic/ Asia/ Atlantic/
Australia/ Brazil/ CET CST6CDT Canada/ Chile/
Cuba EET EST EST5EDT Egypt Eire
Etc/ Europe/ Factory GB GB-Eire GMT
GMT+0 GMT-0 GMT0 Greenwich HST Hongkong
Iceland Indian/ Iran Israel Jamaica Japan
Kwajalein Libya MET MST MST7MDT Mexico/
NZ NZ-CHAT Navajo PRC PST8PDT Pacific/
Poland Portugal ROC ROK Singapore Turkey
UCT US/ UTC Universal W-SU WET
Zulu

4) check the date/time timezone again and ensure it is in sync with DC, with 5 mint difference.
::> date

5) If not manually set the date/time:
::> date YYYYMMDDHHMM

Once the time are in sync, wait for sometime, it will be sorted. Else, you can re-set it.
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-CAED5556-D751-4BCA-BF39-EFDEEBC1312A.html

Thanks!