I have HA NetApp Storage running CIFS connected to the DCs. Everything was working fine until three days ago. The first controller was not serving CIFS Data after a reboot. The next day it happened on the second controller also. Running CIFS Domaininfo shows as below.
cifs domaininfo NetBIOS Domain: xxxxxxxxx Windows Domain Name: xxxxxxxxx.com Domain Controller Functionality: Windows 8 Domain Functionality: Windows 8 Forest Functionality: Windows 2008 R2 Filer AD Site: default-first-site-name
Not currently connected to any DCs Preferred Addresses: 126.96.36.199 xxxxxxx PDCBROKEN Favored Addresses: 188.8.131.52 PDCBROKEN 184.108.40.206 PDCBROKEN 220.127.116.11 PDCBROKEN Other Addresses: 18.104.22.168 PDCBROKEN
The windows version four of the DC server has been upgraded to 2016, only one of the DC is still running windows server 2012. But after the upgrade , the cifs shares were still accessible without any issue.
Please I need you assistance to get this resolved asap. Thanks in advance.
I had a customer tinking all was good to find out that even though the time was correct, the timezone distorted everything making it look correct. Upon examining the UTC time, there was an hour difference preventing access to CIFS shares.
I have checked the time and the timezone both are is in sync but the issues .
Have anyone experience similar situation and can help out. Below are the alerts.
Thu Aug 31 04:20:58 GMT [xxxxxx:cifs.server.errorMsg:error]: CIFS: Error for server \\xxxxxxxx: Error while negotiating protocol with server STATUS_IO_TIMEOUT. Thu Aug 31 04:21:19 GMT [xxxxxx:cifs.server.infoMsg:info]: CIFS: Warning for server \\xxxxxxx: Connection terminated.
Note, you MUST be on a version of ONTAP that supports this. It was added in 9.1P8 (I think) and all future releases. I have had some customers have to upgrade to this release to get it to work. They were running 8.3 and did the 8.3->9.0->9.1 hops. Worked like a champ after words.
1. The customer is using older (Win2012) DCs and enables security STIGs that effectivley turn off SMBv1 on the DCs preveting a running ONTAP vsrerver from communicating any longer.
2. The customer has installed new Windows (2016 or newer) which I think actually disables SMBv1 by default anyway but their ONTAP version is too old (8.3/9.0 or earlier than the 9.1P8 release) and ONTAP will refuse to connect.
In case #2, if you are running a current ONTAP version, ONTAP will detect if SMBv1 is in use and actually disable it for you.