VNX2: NAS Servers Display the Error "DC cannot open NETLOGON pipe"
Summary: This article describes a condition that affects VNX systems due to the support of secure RPC function in VNX2 code x.303 and above.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
This solution applies when a minimum of one Windows Server 2008 or earlier domain controllers (DC) is in use and is connected to VNX's NAS server. This solution does not apply to Windows Server 2008 R2 and later domain controllers.
Some NAS Servers are affected by the below error message after upgrading the VNX system to OE version 8.1.21.303 and above:
DC cannot open NETLOGON pipe
This occurs intermittently, and randomly, affecting several NAS Servers simultaneously or individually, but there is always at least one displaying this error:
1315xxxxx60: SMB: 3:[vdma3] 1SMB272 SamLogon[0] DC=DCSRVCPVWSK27 'DC cannot open NETLOGON pipe' NTstatus=WRONG_CREDENTIAL_HANDLE LogonStatus=Capa_ErrorQueryFailed (rSCstatus=-1 pipeClosed=0) [nasadmin@skxxxxx58xxxx6_cs0 ~]$ server_cifssupport vdma3 -pingdc -compname swdfs01p_new vdma3: done PINGDC GENERAL INFORMATION DC SERVER: Netbios name: DCSRVCPVWSK26 CIFS SERVER: Compname: sXXXs01p_new Domain: an.ad.axxxxxxc.co.uk Error 1316xxxxx79: vdma3: compname swdfs01p_new DC=DCSRVCPVWSK26 Step='Open NETLOGON Secure Channel' ' ' 'DC cannot open NETLOGON pipe: status=WRONG_CREDENTIAL_HANDLE
Cause
As part of providing Secure RPC functionality in VNX Code, the "getDCcapas" function was introduced in accordance with the Microsoft Netlogon function specification to support Microsoft's ServerCapabilities parameter.
However, that function was only added to supported versions of Windows Server. The function is not implemented in Windows Server 2008 and earlier. See Microsoft Document: [MS-NRPC]: Netlogon Remote Protocol - 7 Appendix B: Product Behavior Section 3.5.4.4.10:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/0c858a52-732a-43ec-85dd-e44b357c1898.
The ServerCapabilities parameter is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, or Windows Server 2008.
Resolution
Resolution:
The safest long-term solution is to upgrade any domain controller connecting with VNX systems running 8.1.21.303 or later to a supported version of Windows Server. Until then, see the Workaround section below.
Workaround:
The parameter "param NTsec.NETLOGON.getDCcapas" in Dell EMC VNX systems controls how NAS servers check DC capabilities. The workaround is to modify the parameter to disable this feature.
Add a new line "param NTsec NETLOGON.getDCcapas=0" in Param file to make the change persist after DM reboot.
[root@skxxxxx58xxxx6_cs0 slot_x]# cat param param quota policy=filesize param cifs nanoroundoff=1 param cifs acl.retryAuthSid=600 param cifs acl.mappingErrorAction=1 param config cs_external_ip=22.99.58.13 param NDMP concurrentDataStreams=8 param cifs acl.FailOnSDRestoreError=0 param cifs resolver=1 param cifs sendMessage=3 param shadow followdotdot=1 param NTsec NETLOGON.getDCcapas=0 <<<<<<
Note: Once the customer upgrades their older software version on the DC to a newer version, they should reenable the param on VNX.
Additional Information
If the customer does not want to reboot their DM, change the parameter using server_config, but that requires root access. The procedure for this is:
/nas/bin/.server_config servername -v "param NTsec NETLOGON.getDCcapas=0"
Affected Products
VNX2 SeriesArticle Properties
Article Number: 000199316
Article Type: Solution
Last Modified: 07 Nov 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.