由于需要StartTLS或LAPS、无法启用AES加密

• ONTAP 9
• 启用AES
• StartTLS
• LDAPS

Tue Jul 19 09:12:00 -0000 [ntap-01: secd: secd.unexpectedFailure:debug]: vserver (svm1) Unexpected failure. Error: CIFS server password reset procedure failed   ...  
[   749] Unable to start TLS: Connect error  
[   749]   Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)  
[   749] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com  
[   749] No servers available for MS_LDAP_AD, vserver: 35, domain: demo.netapp.com. **
[   749] FAILURE: Unable to make a connection (LDAP (Active Directory):DEMO.NETAPP.COM), result: 6940  
[   755] Successfully connected to ip 10.128.24.1, port 88 using TCP  
[   956] Successfully connected to ip 10.128.24.1, port 464 using TCP  
[  1058] Kerberos password set for 'svm1$@DEMO.NETAPP.COM' succeeded  
[  1066] No servers available for MS_LDAP_AD, vserver: 5, domain: demo.netapp.com.
[  1085] Successfully connected to ip 10.128.24.1, port 389 using TCP  
[  1192] Unable to start TLS: Connect error  
[  1192] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)  
[  1192] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com  
[  1290] Successfully connected to ip 10.128.24.2, port 389 using TCP  
[  1394] Unable to start TLS: Connect error  
[  1394] Additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (certificate has expired)  
[  1395] Unable to connect to LDAP (Active Directory) service on dc2.demo.netapp.com

Tue Jul 18 09:12:00 -0000 [ntap-01: mgwd: cifs.domainpwd.not.updated:error]: An attempt to update the domain account password for Vserver svm1 failed during password reset with the following error: Password update failed. Reason: SecD Error: no server available.