Subscribe

Failed to create active directory machine account

I'm trying to create an active-directory account to be able to authenticate to a cluster with an ad account. As I have no cifs svm in the cluster I use a data svm with a mgmt lif on e0M for authentication as described in the system admin guide. The create fails. However, I can't see why as DNS, firewall and credentials of my userid should be ok. Hope somebody can help on this. I attach the secd.log. From what I can see it finds all necessary DCs in the environment but in the end fails to create the machine account.

 

Q100BPCC002::> vserver active-directory create -vserver q100bpcv002_cp01 -account-name q100bpcc002 -domain v998dpv1.v998.intern -ou OU=Fileserver,OU=Server,OU=VRZ

In order to create an Active Directory machine account, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "OU=Fileserver,OU=Server,OU=VRZ"
container within the "V998DPV1.V998.INTERN" domain.

Enter the user name: j255030

Enter the password:

Warning: An account by this name already exists in Active Directory at CN=q100bpcc002,OU=Fileserver,OU=Server,OU=VRZ,DC=v998dpv1,DC=v998,DC=intern
         Ok to reuse this account? {y|n}: y

Error: Machine account creation procedure failed
  ...
  [  1090] Successfully connected to 17.243.129.17:88 using TCP
  [  1151] Unable to connect to LSA service on
           v998spwdv12124s.v998dpv1.v998.intern (Error:
           RESULT_ERROR_SPINCLIENT_SOCKET_SEND_ERROR)
  [  1160] Successfully connected to 7.242.192.141:445 using TCP
  [  1173] Successfully connected to 17.243.129.17:88 using TCP
  [  1234] Unable to connect to LSA service on
           v998spwdv12125s.v998dpv1.v998.intern (Error:
           RESULT_ERROR_SPINCLIENT_SOCKET_SEND_ERROR)
  [  3235] TCP connection to 12.243.129.17:445 via interface
           17.249.26.72 failed: (Operation timed out).
  [  3235] Could not open a socket to
           'v998spwdv12121b.v998dpv1.v998.intern'
  [  3235] Unable to connect to LSA service on
           v998spwdv12121b.v998dpv1.v998.intern (Error:
           RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  5236] TCP connection to 12.243.129.22:445 via interface
           17.249.26.72 failed: (Operation timed out).
  [  5236] Could not open a socket to
           'v998spwdv12126b.v998dpv1.v998.intern'
  [  5236] Unable to connect to LSA service on
           v998spwdv12126b.v998dpv1.v998.intern (Error:
           RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  7237] TCP connection to 12.243.129.19:445 via interface
           17.249.26.72 failed: (Operation timed out).
  [  7237] Could not open a socket to
           'v998spwdv12123b.v998dpv1.v998.intern'
  [  7237] Unable to connect to LSA service on
           v998spwdv12123b.v998dpv1.v998.intern (Error:
           RESULT_ERROR_SPINCLIENT_UNABLE_TO_RESOLVE_SERVER)
  [  7238] No servers available for MS_LSA, vserver: 5, domain:
           v998dpv1.v998.intern.
**[  7238] FAILURE: Unable to make a connection
**         (LSA:V998DPV1.V998.INTERN), result: 6940
  [  7238] Could not find Windows SID
           'S-1-5-21-1374259203-670540105-1957837697-512'
  [  7239] Uncaptured failure while creating server account

Error: command failed: Failed to create the Active Directory machine account "Q100BPCC002". Reason: SecD Error: no server available.

Re: Failed to create active directory machine account

i remember that mgmt port can't be used for cifs authentication as the default firewall policy and connectivity issue from 8.3.

someone correct me if i'm wrong

Cannot find the answer you need?  No need to open a support case - just CHAT and we’ll handle it for you.