Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

Lost Communication to Primary Filers


Greetings All,


Have a serious problem, and I will try to first give the facts:



Version 8.2.3 7-Mode


We lost communication with both primary filers yesterday.  It looks as if there is a authentication problem.  I am unable to log on with my elevated account, but I can log on with a local account.  If a customer reboots, they will lose connection.


Strange, I can access the DR filers with no issues...


I have rebooted the filers this morning, still unable to access the filers with elevated account via SecureCRT and NetApp OnCommand.


All protocols, CIFS, NFS, iSCSI, and FC/FCoE are enabled.


NOTE: In the CIFS windows, I have clicked on the Options TAB and went to Access Security.  The Enable SMB is NOT checked.


I am now receiving a email from the primary filers stating Configuration Error with the following link



We do not have NetApp support at this time due to a lapse in the contract.  We will finally get support in the next two weeks when they upgrade our systems.


So, does anyone have an idea what is wrong and how I can fix this?



The first question I would have is are you having client access issues?


And when you say you can't connect to filer, are you SSH'ing into filer with your domain account?  


First, thanks for the quick reply.


To answer your questions, the only problem that the clients are having is that they cannot connect to the filers to get their data.


As to SSH'ing, I can do that with a local account, but not the AD account




Ok, make sure your Date on the filer is within 5 minutes of the domain


Then check 


cifs domaininfo see if you have connected DC's.




Good infor.


Typed it in and it is showing me that the PDCBROKEN for all three DNS's


First decent information so far.  Now, how to fix


if your time is within 5 minutes you need to type


cifs resetdc


if that doesn't work, you need to check the AD account to see if the machine account is messed up.



and your max skew should be set at 2m


options timed.max_skew


Did you do the resetdc


Sorry for the delay, director was here.


As to the skew, it is at 30s


For the reset of the dc's, unless you have them available, I am googling it now


Did you apply the patch  ?  latest SMB1 disable patch on windows 2008 or higher server

There is a option you have to enable,  its explicit options,  we had the same issue


options cifs.smb2.client.enable on


and do cifs dctest or resetdc


first wait few min and check if it picks up automatically



Makes sense.. they probably shut off smb 1 for wannacry outbreak


You can try to drop from the domain and re-add, but that's your issue


Already tried that, was hoping that you had another way to try.


It is beginning to look like our higher headquarters did something to the DCs which caused this.  Just waiting on the word now.


Appreicate the support.  Thanks.


Most likely, without dc's you are dead in the water.


Found the resolution.  When they upgraded the DCs to SMB2, SMB2 was enable on the filers, but, the line cifs.smb2.client.enable was missing.  So, I typed in options cifs.smb2.client.enable on, and within ten minutes, we were up and running.


Thanks for the support.


IN AD, the filer names are present and accessible.


As to the max skew, how do I check that and also fix it?

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner