Mailing List Archive: LDAP timeout errors since upgrade to 9.13.1

LDAP timeout errors since upgrade to 9.13.1

Jul 17, 2023, 1:55 PM

Post #1 of 5 (318 views)

Hi All,

Since upgrading to 9.13.1 our AFF/FAS on-premise cluster has an alert in
the System Manager dashboard and shows us receiving these errors every
hour or two:

secd.ldap.noServers: None of the LDAP servers configured for Vserver
(vfiler_name) are currently accessible via the network for LDAP service
type (Service: LDAP (Active Directory), Operation: SiteDiscovery).

We run a redundant pair of slapd LDAP servers presented via an F5 BigIP
at a single IP. The SVMs LDAP settings include of a list of the F5's
highly available IP and then the two back end servers.

Nothing has changed with our LDAP service. The LDAP servers don't seem
to be distressed and no other systems/services that touch our LDAP are
complaining. Our NetApp SVMs don't seem to be dropping or bouncing any
filer traffic.

Has anything changed from 9.9 to 9.13 in the way ONTAP talks to LDAP? Is
it chattier? More sensitive to lags?

Randy

Re: LDAP timeout errors since upgrade to 9.13.1 [ In reply to ]

tmacmd at gmail

Jul 17, 2023, 2:56 PM

Post #2 of 5 (318 views)

Permalink

Check the routing inside the svm. Might be a route issue. Still works just
a false positive going out the wrong route?

On Mon, Jul 17, 2023 at 4:57 PM Randy Rue <randyrue@gmail.com> wrote:

> Hi All,
>
> Since upgrading to 9.13.1 our AFF/FAS on-premise cluster has an alert in
> the System Manager dashboard and shows us receiving these errors every hour
> or two:
>
> secd.ldap.noServers: None of the LDAP servers configured for Vserver
> (vfiler_name) are currently accessible via the network for LDAP service
> type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
>
> We run a redundant pair of slapd LDAP servers presented via an F5 BigIP at
> a single IP. The SVMs LDAP settings include of a list of the F5's highly
> available IP and then the two back end servers.
>
> Nothing has changed with our LDAP service. The LDAP servers don't seem to
> be distressed and no other systems/services that touch our LDAP are
> complaining. Our NetApp SVMs don't seem to be dropping or bouncing any
> filer traffic.
>
> Has anything changed from 9.9 to 9.13 in the way ONTAP talks to LDAP? Is
> it chattier? More sensitive to lags?
>
>
> Randy
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> https://www.teaparty.net/mailman/listinfo/toasters

--
Sent from Gmail Mobile.

Re: LDAP timeout errors since upgrade to 9.13.1 [ In reply to ]

randyrue at gmail

Jul 18, 2023, 7:48 AM

Post #3 of 5 (318 views)

Permalink

Got a case open with NA and sent autosupports, will let you know what
they come back with

On 7/17/23 14:56, tmac wrote:
> Check the routing inside the svm. Might be a route issue. Still works
> just a false positive going out the wrong route?
>
> On Mon, Jul 17, 2023 at 4:57 PM Randy Rue <randyrue@gmail.com> wrote:
>
> Hi All,
>
> Since upgrading to 9.13.1 our AFF/FAS on-premise cluster has an
> alert in the System Manager dashboard and shows us receiving these
> errors every hour or two:
>
> secd.ldap.noServers: None of the LDAP servers configured for
> Vserver (vfiler_name) are currently accessible via the network for
> LDAP service type (Service: LDAP (Active Directory), Operation:
> SiteDiscovery).
>
> We run a redundant pair of slapd LDAP servers presented via an F5
> BigIP at a single IP. The SVMs LDAP settings include of a list of
> the F5's highly available IP and then the two back end servers.
>
> Nothing has changed with our LDAP service. The LDAP servers don't
> seem to be distressed and no other systems/services that touch our
> LDAP are complaining. Our NetApp SVMs don't seem to be dropping or
> bouncing any filer traffic.
>
> Has anything changed from 9.9 to 9.13 in the way ONTAP talks to
> LDAP? Is it chattier? More sensitive to lags?
>
>
> Randy
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> https://www.teaparty.net/mailman/listinfo/toasters
>
> --
> Sent from Gmail Mobile.

Re: LDAP timeout errors since upgrade to 9.13.1 [ In reply to ]

tmacmd at gmail

Jul 18, 2023, 9:26 AM

Post #4 of 5 (318 views)

Permalink

Sometimes, if you have multiple default routes and they all have a metric
of 20, odd issues crop up like this. Sometimes modifying (actually
delete/recreate the route) may help

On Tue, Jul 18, 2023 at 10:51 AM Randy Rue <randyrue@gmail.com> wrote:

> Got a case open with NA and sent autosupports, will let you know what they
> come back with
> On 7/17/23 14:56, tmac wrote:
>
> Check the routing inside the svm. Might be a route issue. Still works just
> a false positive going out the wrong route?
>
> On Mon, Jul 17, 2023 at 4:57 PM Randy Rue <randyrue@gmail.com> wrote:
>
>> Hi All,
>>
>> Since upgrading to 9.13.1 our AFF/FAS on-premise cluster has an alert in
>> the System Manager dashboard and shows us receiving these errors every hour
>> or two:
>>
>> secd.ldap.noServers: None of the LDAP servers configured for Vserver
>> (vfiler_name) are currently accessible via the network for LDAP service
>> type (Service: LDAP (Active Directory), Operation: SiteDiscovery).
>>
>> We run a redundant pair of slapd LDAP servers presented via an F5 BigIP
>> at a single IP. The SVMs LDAP settings include of a list of the F5's highly
>> available IP and then the two back end servers.
>>
>> Nothing has changed with our LDAP service. The LDAP servers don't seem to
>> be distressed and no other systems/services that touch our LDAP are
>> complaining. Our NetApp SVMs don't seem to be dropping or bouncing any
>> filer traffic.
>>
>> Has anything changed from 9.9 to 9.13 in the way ONTAP talks to LDAP? Is
>> it chattier? More sensitive to lags?
>>
>>
>> Randy
>> _______________________________________________
>> Toasters mailing list
>> Toasters@teaparty.net
>> https://www.teaparty.net/mailman/listinfo/toasters
>
> --
> Sent from Gmail Mobile.
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> https://www.teaparty.net/mailman/listinfo/toasters

--
Sent from Gmail Mobile.

Re: LDAP timeout errors since upgrade to 9.13.1 [ In reply to ]

randyrue at gmail

Jul 27, 2023, 2:33 PM

Post #5 of 5 (307 views)

Permalink

why would this have changed with the upgrade?

On 7/18/23 09:26, tmac wrote:
>
> Sometimes, if you have multiple default routes and they all have a
> metric of 20, odd issues crop up like this. Sometimes modifying
> (actually delete/recreate the route) may help
>
>
> On Tue, Jul 18, 2023 at 10:51 AM Randy Rue <randyrue@gmail.com> wrote:
>
> Got a case open with NA and sent autosupports, will let you know
> what they come back with
>
> On 7/17/23 14:56, tmac wrote:
>> Check the routing inside the svm. Might be a route issue. Still
>> works just a false positive going out the wrong route?
>>
>> On Mon, Jul 17, 2023 at 4:57 PM Randy Rue <randyrue@gmail.com> wrote:
>>
>> Hi All,
>>
>> Since upgrading to 9.13.1 our AFF/FAS on-premise cluster has
>> an alert in the System Manager dashboard and shows us
>> receiving these errors every hour or two:
>>
>> secd.ldap.noServers: None of the LDAP servers configured for
>> Vserver (vfiler_name) are currently accessible via the
>> network for LDAP service type (Service: LDAP (Active
>> Directory), Operation: SiteDiscovery).
>>
>> We run a redundant pair of slapd LDAP servers presented via
>> an F5 BigIP at a single IP. The SVMs LDAP settings include of
>> a list of the F5's highly available IP and then the two back
>> end servers.
>>
>> Nothing has changed with our LDAP service. The LDAP servers
>> don't seem to be distressed and no other systems/services
>> that touch our LDAP are complaining. Our NetApp SVMs don't
>> seem to be dropping or bouncing any filer traffic.
>>
>> Has anything changed from 9.9 to 9.13 in the way ONTAP talks
>> to LDAP? Is it chattier? More sensitive to lags?
>>
>>
>> Randy
>>
>> _______________________________________________
>> Toasters mailing list
>> Toasters@teaparty.net
>> https://www.teaparty.net/mailman/listinfo/toasters
>>
>> --
>> Sent from Gmail Mobile.
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> https://www.teaparty.net/mailman/listinfo/toasters
>
> --
> Sent from Gmail Mobile.