跳转到主内容

如果客户端不使用NTLMv2、见证协议连接将失败

Views:
9
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>1071123</a>
Last Updated:

适用场景

  • 集群模式 Data ONTAP 8 
  • ONTAP 9 

问题描述

在配置要在Hyper-V部署中使用的持续可用(CA)共享时、见证协议将失败、Windows将生成以下事件日志条目:
Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds"。 从Windows Server 2012 R2客户端连接到CA共享时、用户可以成功映射此共享并创建/查看文件;但是、SMB 3.0见证协议会失败。

在Windows "MBWitnessClient"事件日志中、显示以下错误:
Log Name:      WitnessClientAdmin

Source:        Microsoft-Windows-SMBWitnessClient

Date:          12/25/2016 8:18:41 PM

Event ID:      6

Task Category: None

Level: Critical

Keywords:     

User:          NETWORK SERVICE

Computer:

   c1slic01.ccp1.gene.com

Description:

Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds.

secd日志中将显示以下内容:
0000000d.000f55bf 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] .------------------------------------------------------------------------------.
0000000d.000f55c0 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                                 RPC FAILURE:                                 |
0000000d.000f55c1 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                        secd_rpc_auth_msrpc has failed                        |
0000000d.000f55c2 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                     Result = 0, RPC Result = 2147483651                      |
0000000d.000f55c3 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |                   RPC received at Sat Jan  7 17:12:51 2017                   |
0000000d.000f55c4 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] |------------------------------------------------------------------------------'
0000000d.000f55c5 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Failure Summary:
0000000d.000f55c6 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] Error: MsRPC authentication procedure failed
0000000d.000f55c7 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [  0 ms] Login attempt by domain user 'CCP1\C1SLIC01$' using NTLMv1 style security
0000000d.000f55c8 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [     0] Successfully connected to 10.34.62.1:445 using TCP
0000000d.000f55c9 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [    10] Successfully authenticated with DC ccp1sdc01.ccp1.gene.com
0000000d.000f55ca 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681]   [    12] User authenticated as a domain user
0000000d.000f55cb 1627b85f Sat Jan 07 2017 17:12:51 -08:00 [kern_secd:info:4681] **[    12] FAILURE: Error case not correctly journaled

在捕获见证协议握手的数据包跟踪中、客户端NTLMSSP_AUTH期间会注意到NTLMv2不存在:


集群模式Data ONTAP 8.

以下屏幕截图显示了SVM的响应:

集群模式Data ONTAP 8.

通过对成功的见证协议握手的示例跟踪进行比较、可以清楚地看到NTLMv2:


集群模式Data ONTAP 8.
 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.