A few days ago I had to upgrade an Hyper-V 2012 R2 cluster to Hyper-V 2016. Using the Cluster rolling upgrade feature made my life a lot easier! However, when checking the SMB logs after installation I discovered the following errors were occurring:
The error used a name that was referring to the node name in netapp with the SVM server name. This name didn’t exist in the DNS and wasn’t used before. A quick fix could be creating the DNS record, but this didn’t resolved the problem.
This error didn’t impact the day to day functionalities of the Hyper-V environment. After digging into the SMB 3 protocol and the witness client of SMB 3 we decided that potentially, when one of the 2 netapp controllers stopped working, the SMB 3 failover functionality would not work since the witness isn’t working.
We opened a ticket with Netapp to investigate this problem. This was a known bug. Microsoft changed their way of using DCE-RPC Authentication. Because of this Netapp refused the connection and the witness was not setup.
The workaround for this issue was to force the SMB connection to use Kerberos. This could be done by registering the following SPN:
setspn -s HOST\<nodename + SVM Name> <Netapp Netname>
After a few hours, Kerberos was used and the error didn’t occur anymore.