ONTAP Hardware
ONTAP Hardware
Hello All,
I'm Using FAS3240 for NAS Data.
i got this event every week on /etc/messages
vfiler1@FAS3240_Node2 auth.dc.trace.DCConnection.errorMsg AUTH: Domain Controller error: NetLogon error 0xc0000022: - Filer`s security information differs from domain controller \\'Active Directory's Name'
what can i do do solve this event?
While finding articles about event, i found this page. but i can't access to this page cause of permisson.
so i don't know this page is helpful.
Netapp KB:
https://kb.netapp.com/support/index?page=content&id=2013862&locale=en_US
Thanks for your attention.
Hi,
The following are the possible causes and their solutions:
1. The Auth message could be due to the DC machine account differing from that of the storage system, in which case cifs setup should be run again on the storage system.
Note: Running cifs setup will be disruptive
2. The issue could also be due to a failure of the netlogon service on the DC.
Perform the following steps:
a.Enable the cifs.trace_login option to determine which domain controller is rejecting the logins.
b.Verify the netlogon service on all of your DCs through the start > run > services.msc plugin.
If it is in any status other than 'started', the service needs to be restarted. If the service does not start, contact Microsoft Support.
As a workaround, until the netlogin service can be resolved, point the storage system to a different domain controller if possible by using the cifs prefdc command.
Thanks
On Windows 2000 machines, it could also be due to the RestrictAnonymous registry key.
Windows 2000 introduced a new value of 2 for RestrictAnonymous, which sets no access without explicit anonymous permissions.
These RestrictAnonymous numbers correspond to the following settings:
0 - None. Rely on default permissions.
1 - Do not allow enumeration of SAM accounts and names
2 - No access without explicit anonymous permissions
This does not affect Windows XP and Windows Server 2003, as RestrictAnonymous can be set to either 0 or 1 in those versions.
In Regedit, navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
If RestrictAnonymous is set to 2, set it to 1 or 0;
Note: After the value is changed, the system must be restarted for the change to take effect.
Thanks
in AD, already netlogon service is started.
I'n using windows 2008R2 OS for AD
and i have another question.
My 2008 R2 OS AD euthentication only allow kerberos.
so i changed options.cifs LMCompatiability vaullt from 1 to 5 (5 means only allow kerberos euthentication in Controller).
(https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-55B2F618-A90A-44FC-BA6E-92098E94D79A.html)
after i changed this options, it can't connect new cifs sessions.
-FAS3240 controller doesn't allow kerberos euthentication for cifs shares?
-or should i check other configs?
Hi Syniori ,
Hi Guys,
Did any one find solution to the subjected issue?