We have a FAS that is showing up on the support site as having an SMB signing issue. It says "Clustered Data ONTAP has been determined to have a version or configuration exposed to a vulnerability when SMB signing is disabled. NTAP-20160412-0001."
The suggested remediation is simple: Turn on signing, and they give you the command:
No problem, our Vserver that does CIFS has had it enabled since we created it. However the one it is mad about is another Vserver that doesn't do CIFS, just NFS. It is joined to our active directory, but CIFS is not enabled on it. I tried to enable signing anyhow because it isn't like it would hurt but then it says:
"Error: command failed: This operation is not supported for the Active Directory server created using the "vserver active-directory create" command."
So what do I need to do to clear the error? I know it isn't a big deal, but we prefer to have the system in a configuration where there aren't any alerts, keeps the security auditors happy.
You can provide feedback on the AIQ site. That may be an error. Another option would be to update to a version of ONTAP where the issue is fixed. That is from 2016 so that tells me you're on Clustered Data ONTAP 8. I would upgrade to ONTAP 9 if you're not already.
If you are on 9.x, then it is a false positive and really needs to be fixed. Either way it would be good to contact the Support site folks (by pushing feedback). It may take a day but they will open a ticket and get back with you. I do this from time to time even as a NetApp employee, and get good traction.