ONTAPをActive Directoryに参加させようとしたら「Reason: SecD Error: no server available.」でエラーになった。
ontap91::> vserver cifs create -cifs-server newsvm0 -domain adosakana.local -ou CN=Computers
In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
"ADOSAKANA.LOCAL" domain.
Enter the user name: administrator
Enter the password:
Error: Machine account creation procedure failed
[ 91] Loaded the preliminary configuration.
[ 213] Created a machine account in the domain
[ 214] Successfully connected to ip 172.17.44.49, port 445 using
TCP
[ 249] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 250] Cluster and Domain Controller times differ by more than
the configured clock skew (KRB5KRB_AP_ERR_SKEW)
[ 250] Kerberos authentication failed with result: 7537.
[ 258] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 259] Cluster and Domain Controller times differ by more than
the configured clock skew (KRB5KRB_AP_ERR_SKEW)
[ 259] Kerberos authentication failed with result: 7537.
[ 259] Unable to connect to LSA service on
adserver.adosakana.local (Error:
RESULT_ERROR_KERBEROS_SKEW)
[ 260] No servers available for MS_LSA, vserver: 2, domain:
adosakana.local.
**[ 260] FAILURE: Unable to make a connection (LSA:ADOSAKANA.LOCAL),
** result: 6940
[ 260] Could not find Windows SID
'S-1-5-21-937304154-1581684492-536532533-512'
[ 284] Deleted existing account
'CN=NEWSVM0,CN=Computers,DC=adosakana,DC=local'
Error: command failed: Failed to create the Active Directory machine account
"NEWSVM0". Reason: SecD Error: no server available.
ontap91::>
「古いONTAPがActive Directoryに参加できない」や「ONTAP 9.5でsambaドメインに参加できない & ONTAP 9.7で失敗」の話かな?と思って対処してみるも変わらない
もしかして、と時刻を確認してみると、Active DirstoryサーバとONTAPとの時刻差が3分以上あった。
時計を合わせるとActive Directoryへの参加が成功した。