Hi!

I'm trying to join a NetApp svm with cDot 8.3 to a fresh dsfw installation of OES 11 SP2 with all patches.

nmas traces says:
4257580800 LDAP: [2015/09/03 18:49:22.949] DoBind on connection 0xe52a700
4257580800 LDAP: [2015/09/03 18:49:22.949] Bind name:NULL, version:3, authentication:GSS-SPNEGO
4257580800 NMAS: [2015/09/03 18:49:22.949] 524405: Destroy NMAS Session for reuse
4257580800 NMAS: [2015/09/03 18:49:22.949] 524405: Create NMAS Session
4257580800 NMAS: [2015/09/03 18:49:22.949] 524405: SASL GSS-SPNEGO started
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: GSS_Accept_sec_context: An unsupported mechanism was requested
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: GSS_Accept_sec_context: No error
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: NMAS Audit with Audit PA not installed
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: NMAS Audit with XDAS not installed
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: ERROR: -1693 SASL_DoMechanism: NMAS_InvokeMechanism
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: Client Session Destroy Request
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: Destroy NMAS Session
4257580800 NMAS: [2015/09/03 18:49:22.950] 524405: Aborted Session Destroyed (with MAF)
4257580800 LDAP: [2015/09/03 18:49:22.950] Environment variable is set to not put NMAS NetworkAddress:
4257580800 LDAP: [2015/09/03 18:49:22.950] Failed to authenticate full context on connection 0xe52a700, err = -1693 (0xfffff963)
4257580800 LDAP: [2015/09/03 18:49:22.950] Sending operation result 49:"":"" to connection 0xe52a700

The NetApp command returns:
Error: Machine account creation procedure failed
[ 0 ms] Trying to create machine account 'SVM-CIFS' in domain
'VM.ITDESIGN.AT' for Vserver 'svm-cifs'
[ 8] Entry for host-name: dsfw-oes11sp2.vm.itdesign.at not
found in the current source: FILES. Ignoring and trying
next available source
[ 10] Entry found for host-name: dsfw-oes11sp2.vm.itdesign.at
using source: DNS
[ 10] Found 1 domain controllers through DNS
[ 10] Connecting to LDAP (Active Directory) server
dsfw-oes11sp2.vm.itdesign.at (198.18.49.51) as
Administrator@VM.ITDESIGN.AT
[ 14] Failed to initiate Kerberos authentication. Trying NTLM.
**[ 17] FAILURE: Unable to connect to LDAP (Active Directory)
** service on dsfw-oes11sp2.vm.itdesign.at (Error: Invalid
** credentials)
[ 18] No servers available for MS_LDAP_AD, vserver: 2, domain:
VM.ITDESIGN.AT.

Error: command failed: Failed to create the Active Directory machine account "SVM-CIFS". Reason: SecD Error: Cannot find an appropriate domain controller.

The trace of the request:
No. Time Source Destination Protocol Length Info
99 20.285181000 198.18.49.75 198.18.49.51 LDAP 178 bindRequest(1) "<ROOT>" , NTLMSSP_NEGOTIATEsasl

Frame 99: 178 bytes on wire (1424 bits), 178 bytes captured (1424 bits) on interface 0
Ethernet II, Src: Vmware_93:2c:e2 (00:0c:29:93:2c:e2), Dst: Vmware_9a:73:4c (00:0c:29:9a:73:4c)
Internet Protocol Version 4, Src: 198.18.49.75 (198.18.49.75), Dst: 198.18.49.51 (198.18.49.51)
Transmission Control Protocol, Src Port: 25040 (25040), Dst Port: 389 (389), Seq: 1, Ack: 1, Len: 112
Lightweight Directory Access Protocol
LDAPMessage bindRequest(1) "<ROOT>" sasl
messageID: 1
protocolOp: bindRequest (0)
bindRequest
version: 3
name:
authentication: sasl (3)
sasl
mechanism: GSS-SPNEGO
credentials: 60820050068200062b0601050502a08200423082003ea082.. .
GSS-API Generic Security Service Application Program Interface
OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
Simple Protected Negotiation
negTokenInit
mechTypes: 1 item
MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
mechToken: 4e544c4d535350000100000007b288e00000000000000000.. .
NTLM Secure Service Provider
NTLMSSP identifier: NTLMSSP
NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Negotiate Flags: 0xe088b207
1... .... .... .... .... .... .... .... = Negotiate 56: Set
.1.. .... .... .... .... .... .... .... = Negotiate Key Exchange: Set
..1. .... .... .... .... .... .... .... = Negotiate 128: Set
...0 .... .... .... .... .... .... .... = Negotiate 0x10000000: Not set
.... 0... .... .... .... .... .... .... = Negotiate 0x08000000: Not set
.... .0.. .... .... .... .... .... .... = Negotiate 0x04000000: Not set
.... ..0. .... .... .... .... .... .... = Negotiate Version: Not set
.... ...0 .... .... .... .... .... .... = Negotiate 0x01000000: Not set
.... .... 1... .... .... .... .... .... = Negotiate Target Info: Set
.... .... .0.. .... .... .... .... .... = Request Non-NT Session: Not set
.... .... ..0. .... .... .... .... .... = Negotiate 0x00200000: Not set
.... .... ...0 .... .... .... .... .... = Negotiate Identify: Not set
.... .... .... 1... .... .... .... .... = Negotiate Extended Security: Set
.... .... .... .0.. .... .... .... .... = Target Type Share: Not set
.... .... .... ..0. .... .... .... .... = Target Type Server: Not set
.... .... .... ...0 .... .... .... .... = Target Type Domain: Not set
.... .... .... .... 1... .... .... .... = Negotiate Always Sign: Set
.... .... .... .... .0.. .... .... .... = Negotiate 0x00004000: Not set
.... .... .... .... ..1. .... .... .... = Negotiate OEM Workstation Supplied: Set
.... .... .... .... ...1 .... .... .... = Negotiate OEM Domain Supplied: Set
.... .... .... .... .... 0... .... .... = Negotiate Anonymous: Not set
.... .... .... .... .... .0.. .... .... = Negotiate NT Only: Not set
.... .... .... .... .... ..1. .... .... = Negotiate NTLM key: Set
.... .... .... .... .... ...0 .... .... = Negotiate 0x00000100: Not set
.... .... .... .... .... .... 0... .... = Negotiate Lan Manager Key: Not set
.... .... .... .... .... .... .0.. .... = Negotiate Datagram: Not set
.... .... .... .... .... .... ..0. .... = Negotiate Seal: Not set
.... .... .... .... .... .... ...0 .... = Negotiate Sign: Not set
.... .... .... .... .... .... .... 0... = Request 0x00000008: Not set
.... .... .... .... .... .... .... .1.. = Request Target: Set
.... .... .... .... .... .... .... ..1. = Negotiate OEM: Set
.... .... .... .... .... .... .... ...1 = Negotiate UNICODE: Set
Calling workstation domain: NULL
Calling workstation name: NULL
[Response In: 101]


Has anybody an idea why this is not working?

Tom