跳转到主内容

启用 AES 加密会导致共享访问互连丢失

Views:
4
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

适用于

  • Windows 7 、 Windows 2008 R2 、
  • Windows 8 、 Windows 2012 、
  • Windows 8.1 、 Windows 2012 R2
  • 集群模式 Data ONTAP 8.3 到 8.3.2 P3

问题

某些客户端工作站可能会遇到间歇性 CIFS 共享中断(访问丢失)、这可能需要两分钟的时间。中断(访问丢失)将在 4 小时的时间间隔内发生、并且可能需要两分钟才能恢复访问。

此问题将出现在版本低于 8.3.2.P4 和 ONTAP 9.0 的集群模式 Data ONTAP 系统上。

很少客户机会注意到以下 Kerberos 错误: 

KRB5KDC_ERR_PREAUTH_FAILED ( CIFS server account password does not match password stored in Active Directory)

在 EMS 消息中,将报告以下错误消息:

Wed Jul 13 03:39:05 CEST [cdot-cls-1-01: secd: secd.kerberos.preauth:error]:
Kerberos pre-authentication failure due to out-of-sync machine account password for vserver (svm1).
Wed Jul 13 03:39:05 CEST [cdot-cls-1-01: secd: secd.unexpectedFailure:debug]:
vserver (svm1) Unexpected failure. Error: CIFS server password change procedure failed

   [ 2 ms] Successfully connected to 172.30.0.13:88 using TCP
   [ 3] Successfully connected to 172.30.0.13:88 using TCP
   [ 9] FAILURE: CIFS server could not authenticate as 'User_Name$@Domain.NET':
   CIFS server account password does not match password stored in Active Directory (KRB5KDC_ERR_PREAUTH_FAILED)

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support