ONTAP Discussions

ONTAP 9.9.1P7 Cifs Setup in new SVM failed

KPKarthik1
4,518 Views

when we tried to setup CIFS in a new svm it fails please find the bellow error. we already have 4 SVM's running cifs on this cluster. recently we upgraded from 9.7P17 to 9.9.1P7

 

ibmnas2117::> vserver cifs create -cifs-server Deibmsvi10059 -vserver svm_Dehensvj72 -domain hengroup.net -ou OU=Filer,OU=servers,OU=DE,OU=Units -default-site "" -status-admin up

In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient
privileges to add computers to the "OU=Filer,OU=servers,OU=DE,OU=Units" container within the "hengroup.net" domain.

Enter the user name: XXXX

Enter the password:

Warning: An account by this name already exists in Active Directory at CN=DEIBMSVI10059,OU=Filer,OU=servers,OU=DE,OU=Units,DC=henkelgroup,DC=net.
If there is an existing DNS entry for the name DEIBMSVI10059, it must be removed. Data ONTAP cannot remove such an entry.
Use an external tool to remove it after this command completes.
Ok to reuse this account? {y|n}: y

Error: Machine account creation procedure failed
...
[ 3908] SID to name translations of Domain Users and Admins
completed successfully
[ 3937] Modified account 'cn=DEIBMSVI10059,OU=Filer,OU=servers,OU=
DE,OU=Units,dc=HENKELGROUP,dc=NET'
[ 3942] Successfully connected to ip 139.3.202.61, port 88 using
TCP
[ 3964] Successfully connected to ip 139.3.202.61, port 464 using
TCP
[ 3976] Kerberos password set for
'DEIBMSVI10059$@hengroup.net' succeeded
[ 3976] Set initial account password
[ 4006] Successfully connected to ip 139.3.202.61, port 445 using
TCP
[ 4026] Successfully connected to ip 139.3.202.61, port 88 using
TCP
[ 4094] CIFS server account password does not match password
stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)
[ 4094] Failed to initiate Kerberos authentication. Trying NTLM.
[ 4099] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 4115] Encountered NT error (NT_STATUS_AUTH_LOGON_FAILURE) for
SMB command SessionSetup
[ 4128] Successfully connected to ip 139.3.202.61, port 88 using
TCP
[ 4194] CIFS server account password does not match password
stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)
[ 4194] Failed to initiate Kerberos authentication. Trying NTLM.
[ 4200] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 4219] Encountered NT error (NT_STATUS_AUTH_LOGON_FAILURE) for
SMB command SessionSetup
[ 4219] Unable to connect to NetLogon service on
dedussvpdc01.hengroup.net (Error:
RESULT_ERROR_GENERAL_FAILURE)
**[ 4220] FAILURE: Unable to make a connection
** (NetLogon:hengroup.net), result: 3
[ 4220] Unable to make a NetLogon connection to
dedussvpdc01.hengroup.net using the new machine
account

Error: command failed: Failed to create the Active Directory machine account "DEIBMSVI10059". Reason: general failure.

 

The SPN is resolving and DNS entries and machine account are already created

 

1 ACCEPTED SOLUTION

KPKarthik1
4,254 Views

Hello All

After Enabling aes encryption in Vserver. SVM CIFS setup was successful 

vserver cifs security modify -vserver svmname -is-aes-encryption-enabled true

View solution in original post

4 REPLIES 4

Mjizzini
4,498 Views

Delete the existing  machine account "DEIBMSVI10059" from OU=Filer, OU=servers, OU=DE, OU=Units,DC=henkelgroup,DC=net.

KPKarthik1
4,492 Views

even i tried it but didn't succeed

ibmnas2117::> vserver cifs create -cifs-server Deibmsvi10059 -vserver svm_dehensvj72 -domain hengroup.net -ou OU=Filer,OU=servers,OU=DE,OU=Units -default-site "" -status-admin up

In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient
privileges to add computers to the "OU=Filer,OU=servers,OU=DE,OU=Units" container within the "hengroup.net" domain.

Enter the user name: xxxx

Enter the password:

Error: Machine account creation procedure failed
[ 12943] Loaded the preliminary configuration.
[ 15143] Created a machine account in the domain
[ 15143] SID to name translations of Domain Users and Admins
completed successfully
[ 15240] Successfully connected to ip 10.23.19.28, port 88 using
TCP
[ 15640] Successfully connected to ip 10.23.19.28, port 464 using
TCP
[ 15742] Kerberos password set for
'DEIBMSVI10059$@hengroup.net' succeeded
[ 15742] Set initial account password
[ 16142] Successfully connected to ip 10.23.19.28, port 445 using
TCP
[ 16534] Successfully connected to ip 10.23.19.28, port 88 using
TCP
[ 18373] Unknown user (KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN)
[ 18373] Failed to initiate Kerberos authentication. Trying NTLM.
[ 18566] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 18761] Encountered NT error (NT_STATUS_AUTH_LOGON_FAILURE) for
SMB command SessionSetup
[ 19055] Successfully connected to ip 10.23.19.28, port 88 using
TCP
[ 20896] Unknown user (KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN)
[ 20896] Failed to initiate Kerberos authentication. Trying NTLM.
[ 21087] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 21282] Encountered NT error (NT_STATUS_AUTH_LOGON_FAILURE) for
SMB command SessionSetup
[ 21282] Unable to connect to NetLogon service on
usrhlsvpdc02.hengroup.net (Error:
RESULT_ERROR_GENERAL_FAILURE)
**[ 21282] FAILURE: Unable to make a connection
** (NetLogon:hengroup.net), result: 3
[ 21282] Unable to make a NetLogon connection to
usrhlsvpdc02.hengroup.net using the new machine
account
[ 21584] Deleted existing account
'CN=DEIBMSVI10059,OU=Filer,OU=servers,OU=DE,OU=Units,DC=he
nkelgroup,DC=net'

Error: command failed: Failed to create the Active Directory machine account "DEIBMSVI10059". Reason: general failure.

Mjizzini
4,487 Views

KPKarthik1
4,255 Views

Hello All

After Enabling aes encryption in Vserver. SVM CIFS setup was successful 

vserver cifs security modify -vserver svmname -is-aes-encryption-enabled true

Public