CTA with Unity Kerberos SPN's?

Question

I have been trying to 'Verify' a server config in CTA/VE, and can't get past a CIFS error:  'CIFS authentication:  Failed.  Failed to authenticate credentials'.  I get the same error with both the NetBIOS and Kerberos options.  I am trying to authenticate with Active Directory (Win2012R2).  The server is a NAS on a Unity 300F.  I have tried to configure the NAS for Kerberos (computer or user account), and tried Simple (LDAP).  No go.  This happens with both SMB and multiprotocol NAS.  Running Wireshark on the DC, with the Kerberos setting in CTA, gives me this error during the verify process: 'KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN'.  That tells me that an SPN is missing from the computer or user account, I believe.  But I can't find any documentation on it. Questions: 1.  What SPN's are needed for the user account that I specify in the CTA/VE CIFS tab of the file server config? 1a.  Do I need any SPN's for the Unity NAS computer account (or user account if I need to use that option)? 2.  The documentation (docu80745) states to confirm that 'NTLM is configured for authentication'.  Configured with which setting?  'Network security: LAN Manager Authentication' has multiple options and I have tried a few. Any help with these errors would be greatly appreciated!  I have tried everything I can think of. Thanks!

primo2_9625b0 · Accepted Answer

This turned out to be a customized MTU setting on the original network configuration in CTA.  I was thinking iSCSI rather than Ethernet and changed the MTU from 1500 to 9000.  After changing it back, everything worked.

Rainer_EMC · Answer

this is very specific - I doubt that you get an answer on a forum unless there already is a knowledgebase article about it or someone solved the very same issue and responds.

I would suggest to go the regular support route by opening a service reqeust

Rainer_EMC · Answer

thanks for the feedback yes MTU mismatch can cause strange problems

Unity

Was this post helpful?