如果客户端不使用NTLMv2、则见证协议连接将失败

适用场景

ONTAP 9 

问题描述

• 在配置要在Hyper-V部署中使用的持续可用(CA)共享时、见证协议将失败、Windows将生成以下事件日志条目：

Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds

• 从Windows Server 2012 R2客户端连接到CA共享时、用户可以成功映射共享并创建/查看文件；但是、SMB 3.0见证协议会失败。

Windows SMWitnessClient 事件日志：
Log Name:      WitnessClientAdmin
Source:        Microsoft-Windows-SMBWitnessClient
Date:          12/25/2016 8:18:41 PM
Event ID:      6
Task Category: None
Level: Critical
Keywords:     
User:          NETWORK SERVICE
Computer:   c1slic01.ccp1.gene.com
Description:
Witness Client failed to find a Witness Server for NetName \ccp1filer with error (A remote procedure call (RPC) protocol error occurred.). Retrying in (15) seconds.

• secd日志：

[kern_secd:info:4681] .------------------------------------------------------------------------------. [kern_secd:info:4681] | RPC FAILURE: | [kern_secd:info:4681] | secd_rpc_auth_msrpc has failed | [kern_secd:info:4681] | Result = 0, RPC Result = 2147483651 | [kern_secd:info:4681] | RPC received at Sat Jan 7 17:12:51 2017 | [kern_secd:info:4681] |------------------------------------------------------------------------------' [kern_secd:info:4681] Failure Summary: [kern_secd:info:4681] Error: MsRPC authentication procedure failed [kern_secd:info:4681] [ 0 ms] Login attempt by domain user 'CCP1\C1SLIC01$' using NTLMv1 style security [kern_secd:info:4681] [ 0] Successfully connected to 10.34.62.1:445 using TCP [kern_secd:info:4681] [ 10] Successfully authenticated with DC ccp1sdc01.ccp1.gene.com [kern_secd:info:4681] [ 12] User authenticated as a domain user [kern_secd:info:4681] **[ 12] FAILURE: Error case not correctly journaled

• 在捕获见证协议握手的数据包跟踪过程中、客户端NTLMSSP_AUTrace会注意到NTLMv2不存在：

• 来自SVM的响应

• 相比之下、成功的见证协议握手、NTLMv2表现 如下：