agurung
2 Bronze

LDAP and GSS-API major error: Miscellaneous failure

Hi All

we are getting below message on our NS20. till now none of our users are having problem access andy CIFS files and folders. we checked our AD and doesn't seems to be any problem.

LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure

this message is logging often so we were wondering if any one of you have suggestion on how we can remove this logging.

Thank you in advance.
Tags (2)
0 Kudos
15 Replies
Rainer_EMC
5 Osmium

Re: LDAP and GSS-API major error: Miscellaneous failure

are these really the only errors you are getting - or are there any others before or after ?

any idea who/what MONAL is ?
0 Kudos
agurung
2 Bronze

Re: LDAP and GSS-API major error: Miscellaneous failure

Hi Rainer

we have lot of other errors but most of them are for disk quota for other CIFS users from another windows domain.

Monal is namge of CIFS servers for one of the Domain it servers file for.

Thank you again
0 Kudos
nandas
4 Beryllium

Re: LDAP and GSS-API major error: Miscellaneous failure

Are you getting this error message of late or for a long time? Was there any changes in your AD side recently? It looks like a Kerberoes issue with the CIFS server in the AD. You may try using the resetserverpasswd option with the server_cifs -Join command.

However, I'll suggest to open a case with EMC Support if not already done and they may guide you accordingly with proper troubleshooting.

Thanks,
Sandip
0 Kudos

Re: LDAP and GSS-API major error: Miscellaneous failure

The GSSAPI Major error is a broad category of errors, and Miscellaneous failure can encompass many different errors.

What you need to look for is the GSSAPI Minor error which follows (somewhere) the GSSAPI Major error. The minor error will tell us much more about what error you are actually receiving.

"Major" and "Minor" are a little misleading in this context; the correct context would be "Main Category" and "Sub-Category". So we know the main category of the error you are getting is "Miscellaneous failure." Beneath that is a sub-category which we need to find which will point us toward the actual error.

-bill
0 Kudos
Highlighted
agurung
2 Bronze

Re: LDAP and GSS-API major error: Miscellaneous failure

Hi Guys

i think we over looked other error message which was along side with the above message and guys you were right.

"LdapClient::connect: error message: Sasl protocol violation, (error code 99)"

does this make any sense to you?

Thank you

Message was edited by:
akg
0 Kudos
agurung
2 Bronze

Re: LDAP and GSS-API major error: Miscellaneous failure

Hi Guys

only thing we change on our AD recently is we migrated our physical AD server to virtual server.

some changes on DC roles, could that be the problem?

Thank you
0 Kudos

Re: LDAP and GSS-API major error: Miscellaneous failure

The logs can be very useful, but if you're getting stuff flooded in there, it's hard to see exactly what needs to be done. The Sasl protocol violation error is very telling, but there are still a few things that it could be. Please do the following for me; replace server_x with the affected server:

server_log server_x -a -s > log.out
cat log.out | egrep "KERBEROS|LDAP|SMB"


Now you should see some pertinent errors before and after the Sasl protocol error. Please include about 6 lines before and about 6 lines after (from what you get from the above output) and we'll have a pretty good handle on what your issue is.
0 Kudos
agurung
2 Bronze

Re: LDAP and GSS-API major error: Miscellaneous failure

We have Three CIFS Domain they are "1) internal.mit 2)internal.mitacademy 3)syd.internal.mitacademy" there is no trust setup between internal.mit and other domains. it seems to me that some reason all our DCS are not available for hrs at once. i am not sure why that is happening. all our DCs are located on different node of virtual infrastructure and also we have one physical DC.

please find below log as per your suggestion

note:- L-DC1, L-DC2, M-Server are Dcs of internal.mit domain
L-Pokhara, Pokhara are DCs of internal.mitacademy

thank you again

2008-06-12 03:32:21: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:32:21: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:32:21: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:32:21: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:32:21: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:32:21: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:32:21: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:32:21: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:32:21: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:32:21: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:32:21: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:32:21: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:32:21: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:32:21: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:32:21: SMB: 4: GPO update failed for server monal
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:37:27: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:37:27: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:37:27: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:37:27: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:37:27: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:37:27: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:37:27: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:37:27: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:37:27: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:37:27: SMB: 4: GPO update failed for server monal
2008-06-12 03:40:11: SMB: 4: DCInvalidate M-SERVER from updateW2kInfo
2008-06-12 03:40:11: SMB: 4: DC6bdcdc04: setDCDown DC, refresh if needed (origin=rpc)
2008-06-12 03:40:11: SMB: 3: DC6bdcdc0c M-SERVER[MIT] dispatchIPCtoDC: No Reply TID=800 PID=1001 UID=800
2008-06-12 03:40:11: SMB: 3: cMsRPC_Request::Close bad reply ntStatus=DOMAIN_CONTROLLER_NOT_FOUND
2008-06-12 03:42:02: SMB: 3: KC_GetCreds:gss_acquire_cred_ext failed; majStatus=0xd0000, min=-1765328347
2008-06-12 03:42:02: SMB: 3: DC_GetBlob INTERNAL.MIT\monal L-DC1\HOST=Miscellaneous failure. Clock skew too great.
2008-06-12 03:42:33: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:42:33: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:42:33: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:42:33: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:42:33: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:42:33: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:42:33: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:42:33: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:42:34: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:42:34: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:42:34: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:42:34: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:42:34: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:42:34: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:42:34: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:42:34: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:42:34: SMB: 4: GPO update failed for server monal
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:47:40: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:47:40: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:47:40: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:47:40: SMB: 4: Unable to connect to Active Directory server m-server.internal.mit (10.0.0.8), port 389
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:47:40: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:47:40: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:47:40: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:47:40: SMB: 4: Unable to connect to Active Directory server m-server.internal.mit (10.0.0.8), port 389
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:47:40: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:47:40: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:47:40: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:47:40: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:47:40: SMB: 4: Unable to connect to Active Directory server l-dc2.internal.mit (10.0.0.11), port 389
2008-06-12 03:47:40: SMB: 4: GPO update failed for server monal
2008-06-12 03:52:46: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API major error: Miscellaneous failure
2008-06-12 03:52:46: LDAP: 3: LDAP authentication: Unable to acquire credentials for principal: MONAL$@INTERNAL.MIT. - GSS-API minor error: Clock skew too great
2008-06-12 03:52:46: LDAP: 3: LdapClient::connect: error message: Sasl protocol violation, (error code 99)
2008-06-12 03:52:46: SMB: 4: Unable to connect to Active Directory server l-dc1.internal.mit (10.0.0.1), port 389
2008-06-12 03:55:59: SMB: 4: DCInvalidate L-DC1 from updateW2kInfo
2008-06-12 04:11:12: SMB: 4: >DC=L-POKHARA(172.16.32.3) R=11 T=1 ms S=0,1/-1
2008-06-12 04:27:50: SMB: 4: >DC=M-SERVER(10.0.0.8) R=8 T=1 ms S=0,1/-1
2008-06-12 04:38:06: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 04:39:32: SMB: 3: last message repeated 7 times
2008-06-12 04:40:00: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 04:42:09: SMB: 3: last message repeated 8 times
2008-06-12 04:42:17: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 04:59:32: SMB: 4: >DC=L-DC1(10.0.0.1) R=8 T=1 ms S=0,1/-1
2008-06-12 07:40:51: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 07:46:32: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 07:49:23: SMB: 3: last message repeated 9 times
2008-06-12 07:49:34: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 07:54:46: SMB: 3: last message repeated 5 times
2008-06-12 08:16:08: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 08:23:51: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 08:24:02: SMB: 3: last message repeated 3 times
2008-06-12 08:24:02: SMB: 3: Domain='syd-academic' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 08:24:04: SMB: 3: Domain='SYD-ACADEMIC' trusted DC='-': ignored errorFlags=0x0 DCStatus=0x547,5
2008-06-12 08:25:23: SMB: 3: last message repeated 2 times
0 Kudos
Peter_EMC
3 Zinc

Re: LDAP and GSS-API major error: Miscellaneous failure

The "clock skew too great" messages:

"This generally occurs because the system's clock deviates too much from the time on the authenticating KDC. You are, generally, allowed upto five minutes of clock skew"

I think there is a time synchronization issue in your environment