由于需要StartTLS或LAPS、无法启用AES加密
适用场景
- ONTAP 9
- 启用AES
- StartTLS
- LDAPS
问题描述
- 尝试启用AES时、返回以下错误消息:
- 错误:命令失败:密码更新失败。原因:SecD错误:无可用服务器。
- 从EMS日志中:
Tue Jul 19 09:12:00 -0000 [ntap-01: secd: secd.unexpectedFailure:debug]: vserver (svm1) Unexpected failure. Error: CIFS server password reset procedure failed ...
[ 749] Unable to start TLS: Connect error
[ 749] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
[ 749] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com
[ 749] No servers available for MS_LDAP_AD, vserver: 35, domain: demo.netapp.com. **
[ 749] FAILURE: Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 6940
[ 755] Successfully connected to ip 10.128.24.1, port 88 using TCP
[ 956] Successfully connected to ip 10.128.24.1, port 464 using TCP
[ 1058] Kerberos password set for 'svm1$@DEMO.NETAPP.COM' succeeded
[ 1066] No servers available for MS_LDAP_AD, vserver: 5, domain: demo.netapp.com.
[ 1085] Successfully connected to ip 10.128.24.1, port 389 using TCP
[ 1192] Unable to start TLS: Connect error
[ 1192] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
[ 1192] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com
[ 1290] Successfully connected to ip 10.128.24.2, port 389 using TCP
[ 1394] Unable to start TLS: Connect error
[ 1394] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)
[ 1395] Unable to connect to LDAP (Active Directory) service on dc2.demo.netapp.com
Tue Jul 18 09:12:00 -0000 [ntap-01: mgwd: cifs.domainpwd.not.updated:error]: An attempt to update the domain account password for Vserver svm1 failed during password reset with the following error: Password update failed. Reason: SecD Error: no server available.