ONTAP Discussions

Weird phenomenon when using SMB over VPN/SDP

wolfy
2,311 Views

We have been using Akamai EAA which is a SDP and similar to VPN. We let our users use our onsite netapp CIFS file share via EAA.

 

But something weird is happening, when connecting via FQDN, copying any file to the local PC just STOPS. When connecting via NetBios name and IP address it seems to be fine. Also when doing the same procedure using a Windows File Server its fine on all 3.

 

I looked at the SMB session when these things are happening and, when copying fails, there is only 2 kerberos authentication session to the destication file share and when its working fine, there is 2 kerberos session and 1 NTLMv2 authentication session.

 

Has anyone come across something like this? if so if anyone can guide me to a solution that would be more than appreciated.

 

Thankyou.

2 REPLIES 2

Ontapforrum
2,279 Views

Could you share this information:

1) "secd.log" file located in the /etc/log directory accessible via the SPI interface.

2) From a Domain joined machine or a DC, run the command 'setspn.exe -l CIFSFILERNAME' (this is view only, despite the command saying 'set') from the cmd CLI, to have the server display all the entries related to the SPN for the hostname.

wolfy
2,193 Views

hello

 

thanks for the reply.

 

I logged into the spi and tried looking for the secd.log but couldnt find it. Am i missing something?

 

Whilst using the SDP solution i ran the setspn command and it came back with the following

 

C: \ Users \testuser> setspn.exe -l \\ cifserver01.company.local \ section \ G-system \ TEMP \ Software \ Security \ Kaspersky \ [Unavailable test purpose] KES11.6_NA13_KEA None \ 0730 \ installer .EXE
FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x00000525
Account \ cifserver01.company.local \ section \ G-system \ TEMP \ Software \ Security \ Kaspersky \ [Unavailable Test Purpose] KES11.6_NA13_KEA None \ 0730 \ installer.exe was not found
Public