由于 Kerberos 预身份验证失败,Vscan 服务器断开连接
适用于
- ONTAP 9
- VSCAN
- ONTAP AV 连接器
问题描述
- VSCAN 服务器处于断开连接状态,因为域隧道服务器上的计算机帐户无法向域服务器进行身份验证。
Cluster1::> vserver vscan connection-status show-all -vserver <vserver-name>
Connection
Vserver Node Server Status Disconnect Reason
----------- ----------------- --------------- -------------- -----------------
DataSVM node1 10.x.y.z disconnected -
- ONTAP AV 连接器通过域用户轮询集群管理 LIF
- AVShim 日志:
REST API call to 10.231.x.y> using account " domain1\user1" failed. The remote server returned an error: (401) Unauthorized.
- 来自域隧道 vserver 的 EMS 日志:
Mon Jun 02 13:28:34 -0500 [vserver-name: secd: secd.kerberos.preauth:error]: A Kerberos pre-authentication failure occurred for SVM "domain-tunnel-vserver" due to invalid credentials for domain-tunnel-vserver$@domain.com.
Mon Jun 02 21:35:52 -0500 [vserver-name: secd: secd.kerberos.preauth:error]: A Kerberos pre-authentication failure occurred for SVM "domain-tunnel-server" due to out-of-sync machine account password.
Sun Jun 22 04:36:43 -0500 [hz-com-clsp-a04-s03: OffboxVScanTableUpd: Nblade.scannerDisconnected:notice]: Vserver "cpsprod-a0439" disconnected from Vscan server (IP: 10.x.y.z).