ONTAP Hardware

FAS3240 Domain Controller error: NetLogon error 0xc0000022

Syniori
18,788 Views

Hello All,

I'm Using FAS3240 for NAS Data.

i got this event every week on /etc/messages

 

vfiler1@FAS3240_Node2 auth.dc.trace.DCConnection.errorMsg AUTH: Domain Controller error: NetLogon error 0xc0000022: - Filer`s security information differs from domain controller \\'Active Directory's Name' 

 

 

 

 

what can i do do solve this event?

 

 

While finding articles about event, i found this page. but i can't access to this page cause of permisson.

so i don't know this page is helpful.

Netapp KB:

https://kb.netapp.com/support/index?page=content&id=2013862&locale=en_US

 

 

Thanks for your attention. 

5 REPLIES 5

hariprak
18,780 Views

Hi,

 

The following are the possible causes and their solutions:


  1. The Auth message could be due to the DC machine account differing from that of the storage system, in which case  cifs setup should be run again on the storage system.
       Note: Running cifs setup will be disruptive
     
  2. The issue could also be due to a failure of the netlogon service on the DC.
       Perform the following steps:
     a.Enable the cifs.trace_login option to determine which domain controller is rejecting the logins.
     
     b.Verify the netlogon service on all of your DCs through the start > run > services.msc plugin.
       If it is in any status other than 'started', the service needs to be restarted. If the service does not start, contact Microsoft Support.

    As a workaround, until the netlogin service can be resolved, point the storage system to a different domain controller if possible by using the cifs prefdc command.

 

Thanks

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

hariprak
18,779 Views

On Windows 2000 machines, it could also be due to the RestrictAnonymous registry key.
Windows 2000 introduced a new value of 2 for RestrictAnonymous, which sets no access without explicit anonymous permissions.

These RestrictAnonymous numbers correspond to the following settings:
0 - None. Rely on default permissions.
1 - Do not allow enumeration of SAM accounts and names
2 - No access without explicit anonymous permissions

This does not affect Windows XP and Windows Server 2003, as RestrictAnonymous can be set to either 0 or 1 in those versions.

In Regedit, navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA

If RestrictAnonymous is set to 2, set it to 1 or 0;
Note: After the value is changed, the system must be restarted for the change to take effect.

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Syniori
18,693 Views

in AD, already netlogon service is started.

I'n using windows 2008R2 OS for AD

 

and i have another question.

 

My 2008 R2 OS AD euthentication only allow kerberos. 

so i changed options.cifs LMCompatiability vaullt from 1 to 5 (5 means only allow kerberos euthentication in Controller).

(https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-55B2F618-A90A-44FC-BA6E-92098E94D79A.html)

 

after  i changed this options, it can't connect new cifs sessions. 

 

-FAS3240 controller doesn't allow kerberos euthentication for cifs shares? 

-or should i check other configs? 

netapp_ramesh
16,449 Views

Hi  Syniori ,

Was this resolved. Even we are getting the same error in few filers.
 
Regards,
Ramesh
 
 
  

netapp_ramesh
16,021 Views

Hi Guys,

Did any one find solution to the subjected issue?

Public