ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Start a New Post

DNS server is returning ldap errors

harshitmarwah
‎2019-12-12 08:13 AM

Hi All,

 

I'm getting strange errors from DNS server

 

NTAP-clstr::> event log show -message-name secd.*
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
12/12/2019 08:55:23 nodeA ERROR secd.dns.server.timed.out: DNS server 64.181.180.21 did not respond to vserver = PRDCORP within timeout interval.
12/12/2019 08:55:21 nodeA EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (PRDCORP) are currently accessible via the network.
12/12/2019 08:24:01 nodeC ERROR secd.dns.server.timed.out: DNS server 64.181.180.21 did not respond to vserver = PRDCORP within timeout interval.
12/12/2019 08:23:59 nodeC EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (PRDSCORP) are currently accessible via the network.

 

 

Upon checking i found the ip address 64.181.180.21 corresponds to one of NTP servers configured on cluster.

 

NTAP-clstr::> ntp server show
(cluster time-service ntp server show)
Server Version
------------------------------ -------
xx.xxx.xx.xxx auto
xxx.xxx.xx.xxx auto
64.181.180.21 auto

 

Can removing the server from ntp confirguration would stop these alert ?

Or Am i looking at wrong place?How to stop these alert from triggering?

 

Looking for some expert advice!!

 

0 Kudos
1 ACCEPTED SOLUTION

Mjizzini
Community Manager
‎2020-07-09 11:13 PM

Make sure that the dns server is not having issues communicating to the filer. you can check it using  *>> dns show command.

if dns is timing out, we will not get response for our LDAP lookup. 

 

Cifs security can also get the "noserver" error be logged in EMS.

Periodic secd.ldap.noServers error messages in EMS after modifying "cifs security"

View solution in original post

0 Kudos
6 REPLIES 6

Mjizzini
Community Manager
‎2020-07-09 11:13 PM

Make sure that the dns server is not having issues communicating to the filer. you can check it using  *>> dns show command.

if dns is timing out, we will not get response for our LDAP lookup. 

 

Cifs security can also get the "noserver" error be logged in EMS.

Periodic secd.ldap.noServers error messages in EMS after modifying "cifs security"

View solution in original post

0 Kudos

Ontapforrum
‎2020-07-06 04:26 AM

As others have also mentioned : The time difference (clock skew) between the cluster and the domain controller must not be more than five minutes. Just googling, it appears Central Time is 1 hour ahead of Mountain Time.

 

Does the 'status' say 'OK' ?:
::> vserver cifs domain discovered-servers show

 

1) Just RDP to one of your "DC server" and check time there.

 

2) Login to cluster: check the date & time/timezone?
::> date
Node Date Time zone
--------- ------------------------ -------------------------

3) Enter the following command to change it to whatever timezone is "on the DC".

 

timezone -
-timezone -version
BRDRSANCL1::> timezone -timezone
Africa/ America/ Antarctica/ Arctic/ Asia/ Atlantic/
Australia/ Brazil/ CET CST6CDT Canada/ Chile/
Cuba EET EST EST5EDT Egypt Eire
Etc/ Europe/ Factory GB GB-Eire GMT
GMT+0 GMT-0 GMT0 Greenwich HST Hongkong
Iceland Indian/ Iran Israel Jamaica Japan
Kwajalein Libya MET MST MST7MDT Mexico/
NZ NZ-CHAT Navajo PRC PST8PDT Pacific/
Poland Portugal ROC ROK Singapore Turkey
UCT US/ UTC Universal W-SU WET
Zulu

 

4) check the date/time timezone again and ensure it is in sync with DC, with 5 mint difference.
::> date

5) If not manually set the date/time:
::> date YYYYMMDDHHMM


Once the time are in sync, wait for sometime, it will be sorted. Else, you can re-set it.
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-CAED5556-D751-4BCA-BF39-EFDEEBC1312A.html

 

Thanks!

0 Kudos

ANDRESCHMITZ
NetApp A-Team
‎2019-12-12 12:35 PM
You should also check if you have a time difference between your cluster and your AD greater than 5 Minutes. If your Cluster time is more than 5 minutes behind your AD time the Kerberos ticket is expired.

donny_lang
NetApp A-Team
‎2019-12-12 12:01 PM

I do not think removing the NTP configuration will solve your problem. The errors mean that ONTAP is having trouble contacting the LDAP server configured for the PRDCORP vserver. Here is a useful KB that will walk through some troubleshooting steps that can help narrow down the issue:

 

https://kb.netapp.com/app/answers/answer_view/a_id/1029829/~/how-to-troubleshoot-ldap-issues-in-clustered-data-ontap-

 

0 Kudos

S-Sahu
‎2020-07-06 03:09 AM
In response to donny_lang

It is saying do not have permission to access the link, 

 

You do not have permission to view this page. @donny_lang 

 
0 Kudos

harshitmarwah
‎2019-12-17 05:44 AM
In response to donny_lang

Hi Donny , I checked the article earlier but as per pt.1 I verfied the the ladp is not being used as name service. As its not configured  as a source in the nsswitch configuration.

 

Hi Andre, Yea i checked that my Netapp cluster is configured with MST timezone while AD server lives in CST. And also one more strange thing i noticed on Cluster. Today logged in System Manger GUI under settings i went to Data and Time option but its not loading and screen showing "Loading information" from past 2hrs.

 

0 Kudos
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

View All
NetApp Insights to Action
I2A Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public