2011-02-28 10:51 AM
I'm trying to add a controller (at a remote site) to our active directory domain but I keep getting an error that the AD account we're using doesn't have permissions. We ran a pktt capture and found that the filer is only communicating with the read-only domain controller (which is in close proximity). This is a problem because it's read-only and can't be updated. Is this normal behavior? I would think that it should recognize that it's a read-only DC and move on to the read/write domain controller (which is at our primary datacenter). Any help would be appreciated. Thanks.
2011-02-28 11:25 AM
possible some sorta bug/missing feature. during cifs setup filer is doing a dns/wins/ldap site query and chooses the closest dc possible. maybe a quick fix would be to shut down that read only dc, do setup, and then boot up again.
2011-02-28 11:34 AM
That's what we're thinking--either shutdown the local r/o DC or maybe add an incorrect route to that DC on the filer. Will let you know how that works.
2011-03-01 07:39 AM
Well, taking down the R/O DC at our remote site which has the filer in question and then running CIFS setup fixed the problem. Our team is still convinced that NetApp's OS doesn't handle read-only DC's correctly. Does anyone else have experience here? We're trying to complete our RCA. Thanks.
2011-03-01 07:55 AM
cifs setup creates a computer account or reuses a computer account that has been pre-created and then sets the machine account password.
Next time use cifs prefdc and specify a writable DC, run cifs setup and then change cifs prefdc to use the local RODC.
2011-03-01 09:27 AM
cifs prefdc is usualy the way to go but i think you cannot use cifs prefdc before actualy having done a cifs setup at all. i might be wrong tho.
2011-03-02 09:49 AM
We used cifs prefdc to specify a read/write DC but after running CIFS setup our packet capture confirmed that it was still only connecting to the local RODC. Possibly a networking issue or a bug in DataOnTap.
2012-07-18 06:55 AM
I had problems trying to join a filer in a remote site with an RODC to the domain too. cifs domaininfo showed me all DCs as "BROKEN". What I did was set the site for the filer's IP to my RWDC site in AD Sites and Services... once that propagated, I was able to join my filer without a problem. Question now is do I leave it this way and will it impact performance?