Re: secd.ldap.noServers

sakumar821 · ‎2022-10-31

Hello,

We are in 9.8 P12 version, nowadays the EMS logs are flooded with below message. Vserver is completely serving NFS data and network team said everything fine related to packet transmission. NetApp support couldn't help much here, any suggestions please.

LDAP checks are always good..

"EMERGENCY secd.ldap.noServers: None of the LDAP servers configured for Vserver (xxxxxx) are currently accessible via the network for LDAP service type (Service: LDAP (Active Directory), Operation: SiteDiscovery)"

pedro_rocha · ‎2022-10-31

Him

There's this Bug bu I it should be fixed in your release: https://mysupport.netapp.com/site/bugs-online/product/ONTAP/BURT/1041972

Did you manage to verify if there is any periodicity? Like every "4 hours it shows up..."

Maybe these can help:

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/secd.ldap.noServers_messages_every_4_hours_during_domain_discovery

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/LDAP_servers_secured_with_LDAP_Signing_and%2F%2For_Sealing_receive_sec...

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/secd.ldap.query.timed.out_reported_during_SiteDiscovery

Mjizzini · ‎2022-10-31

The LDAP logs are related to LDAP Active Directory. They are related to your CIFS service.

Check your DC connections.

*>> diag secd connections show

*>> diag secd connections test

parisi · ‎2022-11-01

Also check to ensure you:

a) have or have not configured LDAP in nsswitch and are actually using/need to use LDAP for UNIX user and group lookups

b) have or have not configured an LDAP server (ldap client show)

If you've configured the SVM to use LDAP for UNIX lookups (different from AD for CIFS) and the server isn't configured to be a UNIX LDAP server, then you might see these.

sakumar821 · ‎2022-11-02

secd connections show says

(No connections active or currently cached), Timeouts: 0, Avg Wait: 0.00ms.

sakumar821 · ‎2022-11-02

nswwitch is configured with LDAP and files and there are 2 LDAP servers available in LDAP config

parisi · ‎2022-11-02

Does AD actually have LDAP configured? Are you using it to query UNIX identities? Check TR-4835 for commands on how to query users/groups.

sakumar821 · ‎2022-11-07

There's a dedicated LDAP server and it works fine with 98% of the vservers in our environment. I'm trying to under TR-4835 and querying part before giving a try, will update here soon with the results..

Thank you

Ontapforrum · ‎2022-11-02

You mentioned - NetApp support couldn't help much here. Could you tell us if the case is still open/investigating? Or is it closed. If closed, what are their findings/closing comments.