Merge pull request #192074 from b-hchen/patch-38

Retracting Encrypted SMB connection to domain controller

Author: PRMerger20

articles/azure-netapp-files/create-active-directory-connections.md

@@ -194,13 +194,6 @@ This setting is configured in the **Active Directory Connections** under **NetAp
 
         ![Active Directory AES encryption](../media/azure-netapp-files/active-directory-aes-encryption.png)
 
-
-    * <a name="encrypted-smb-connection"></a>**Encrypted SMB connection to domain controller** 
-
-        Select this checkbox to enable SMB encryption for communication between the Azure NetApp Files service and the domain controller (DC). When you enable this functionality, SMB3 protocol will be used for encrypted DC connections, because encryption is supported only by SMB3. SMB, Kerberos, and LDAP enabled volume creation will fail if the DC doesn't support the SMB3 protocol. 
-
-        ![Snapshot that shows the option for encrypted SMB connection to domain controller.](../media/azure-netapp-files/encrypted-smb-domain-controller.png) 
-
     * **LDAP Signing**   
         Select this checkbox to enable LDAP signing. This functionality enables secure LDAP lookups between the Azure NetApp Files service and the user-specified [Active Directory Domain Services domain controllers](/windows/win32/ad/active-directory-domain-services). For more information, see [ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023).  
 

articles/azure-netapp-files/troubleshoot-volumes.md

@@ -12,19 +12,13 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: troubleshooting
-ms.date: 03/15/2022
+ms.date: 03/17/2022
 ms.author: anfdocs
 ---
 # Troubleshoot volume errors for Azure NetApp Files
 
 This article describes error messages and resolutions that can help you troubleshoot Azure NetApp Files volumes. 
 
-## General errors for volume creation or management 
-
-|     Error conditions    |     Resolutions    |
-|-|-|
-| Error during SMB, LDAP, or Kerberos volume creation: <br> `Failed to create the Active Directory machine account "PAKA-5755". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 34] Loaded the preliminary configuration. [ 80] Created a machine account in the domain [ 81] Successfully connected to ip 10.193.169.25, port 445 using TCP [ 83] Unable to connect to LSA service on win-2bovaekb44b.harikrb.com (Error: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR) [ 83] No servers available for MS_LSA, vserver: 251, domain: http://contoso.com/. **[ 83] FAILURE: Unable to make a connection (LSA:CONTOSO.COM), ** result: 6940 [ 85] Could not find Windows SID 'S-1-5-21-192389270-1514950320-2551433173-512' [ 133] Deleted existing account 'CN=PAKA-5755,CN=Computers,DC=contoso,DC=com' .`  | SMB3 is disabled on the domain controller. <br> Enable SMB3 on the domain controller and then try creating the volume. See [How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows](/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3) for details about enabling SMB3. |
-
 ## Errors for SMB and dual-protocol volumes
 
 |     Error conditions    |     Resolutions    |

articles/azure-netapp-files/whats-new.md

@@ -12,7 +12,7 @@ ms.service: azure-netapp-files
 ms.workload: storage
 ms.tgt_pltfrm: na
 ms.topic: overview
-ms.date: 03/15/2022
+ms.date: 03/17/2022
 ms.author: anfdocs
 ---
 
@@ -22,10 +22,6 @@ Azure NetApp Files is updated regularly. This article provides a summary about t
 
 ## March 2022
 
-* [Encrypted SMB connection to domain controller](create-active-directory-connections.md#encrypted-smb-connection)
-
-    You can now enable SMB encryption for communication between the Azure NetApp Files service and the Active Directory Domain Services domain controller (DC). When you enable this functionality, SMB3 protocol will be used for encrypted DC connections.
-
 * Features that are now generally available (GA)   
 
     The following features are now GA. You no longer need to register the features before using them.