Skip to main content
NetApp Knowledge Base site will be down for 3 hours between Oct 26, 23:59 PST and Oct 27, 02:59 PST, for system maintenance and infrastructure update.
NetApp Stage KB

CONTAP-80033: NTLM authentication fails due to enforcement of Netlogon RPC sealing

Views:
1
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
NAS
Last Updated:

 

Issue

  • CIFS shares not accessible using CIFS server IP address
  • CIFS Domain authentication using NTLM fails
Example:
  • secd.cifsAuth.problem
    • FAILURE: Pass-through authentication failed. (NT Status: NT_STATUS_NO_LOGON_SERVERS(0xc000005e))
  • Windows Domain Controller (DC) logs

Log Name: System Source: NETLOGON Date: 2/22/2023 3:17:28 PM Event ID: 5838 Task Category: None Level: Error Keywords: Classic User: N/A Computer: dc1.demo.netapp.local Description: The Netlogon service encountered a client using RPC signing instead of RPC sealing. Machine SamAccountName: CIFSSERVERNAME

  • Kerberos authentication is working
  • ONTAP features configured for domain authentication using NTLMv1 or NTLMv2 are affected (e.g. CIFS, Vscan, RBAC, domain tunnel, etc.):

::> set advanced ::*> vserver cifs session show -vserver <vserver> -fields auth-mechanism,address,windows-user node vserver session-id connection-id address auth-mechanism windows-user ------------ --------- -------------------- ------------- ------------ -------------- ------------ netapp-01a <vserver> 17134789207261194186 2550496605 10.62.125.88 NTLMv2 DEMO\user6 netapp-01b <vserver> 17134789207261194188 2550496606 10.216.29.42 Kerberos DEMO\Administrator 2 entries were displayed.

Note: If Kerberos authentication attempt fails, NTLM (NTLMv1 or NTLMv2) is default fallback.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.