使用AD用户身份验证时、AIQUM会间歇性报告集群不可访问

• ActiveIQ Unified Manager （ AIQUM ） 9.6 及更高版本
• ONTAP 9
• Kerberos 身份验证

• AIQUM会触发以下警报： The cluster <cluster_name> is not reachable. Username or password has changed. Edit the cluster and enter valid username and password
• 警报本质上是间歇性的
• 在检查集群后、显示的凭据正确无误
• 此外、对于通过同一集群中的AD凭据访问的NFS共享、也会显示同一个问题描述
• ONTAP事件日志显示：

ERROR     secd.cifsAuth.problem: vserver (ant-ntap-clu28-ads) General CIFS authentication problem. Error: Ontap admin cifs authentication basic procedure failed
  [ 36 ms] Successfully connected to ip <share_IP>, port 88 using TCP
  [   93] Successfully connected to ip <share_IP>, port 88 using TCP
  [   116] Unknown error: 39756032
  [   117] Kerberos authentication failed. Trying NTLM
  [   117] Login attempt by domain user '<domain\user>' using NTLMv2 style security
  [   134] Successfully connected to ip <share_IP>, port 445 using TCP
  [   170] Successfully connected to ip <share_IP>, port 88 using TCP
  [   209] Unknown error: 39756032
  [   209] Kerberos authentication failed with result: 7556.
  [   209] Unable to connect to NetLogon service on <share_name_with_domain> (Error: RESULT_ERROR_SECD_NO_CONNECTIONS_AVAILABLE)
  [   209] No servers available for MS_NETLOGON, vserver: 3, domain: <domain_name>.
**[   209] FAILURE: Unable to make a connection (NetLogon:<domain_name> result: 6940