...
After a node add or access zone configuration change, if the node is unable to communicate with an authentication provider like Active Directory, it may be unable to refresh the configuration. This may lead to authentication failures to this node since the authentication providers in the access zone may not be updated. You may see similar error messages in /var/log/lsassd.log:2018-07-03T13:26:16+02:00 ISILON-12 lsass[921]: [lsass] Network error connecting to EXAMPLE.LOCAL. Error code: 2453 (symbol: NERR_DCNotFound)2018-07-03T13:26:16+02:00 ISILON-12 lsass[921]: [lsass] Do not know about domain 'EXAMPLE.LOCAL'2018-07-03T13:26:16+02:00 ISILON-12 lsass[921]: [lsass] Failed to refresh configuration -> error = 40700, symbol = , client pid = 2981
There was a problem within lsass for failing to update the configuration when the authentication provider was offline. Lsass should simply not use the information from the offline/unreachable authentication provider and update all other relevant authentication information and access zone updates.
WORKAROUND:Restart lsass to verify if that allows the configuration to be updated. This is a node specific command and should not be disruptive to client connections: # pkill -f 'lw-container lsass' This issue is addressed in the following OneFS versions:8.0.0.78.0.1.2 and later8.1.0.1 and later8.1.2.0 and later8.1.1.0 and laterhttps://support.emc.com/docu86404_Isilon-OneFS-8.1.0.1-Release-Notes.pdf?language=en_USpage 12190698 When a node was added to a cluster, if the authentication provider was not available, the joining node did not have an authentication provider that was configured in the cluster. 8.0.0.7, item 190698: https://support.emc.com/kb/521889
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.