Failed to join AD server for CIFS setup : Wrong Realm in request

LesterLiu — Wed, 04 Jun 2025 14:59:42 GMT

We have two FS2040 filers: fs-bei-01 and fs-bei-02

Their CIFS service is OK in current domain.

We planned to change the DC server.

I tried to terminate CIFS service and run cifs setup on fs-bei-01, however, we faced error when joining the AD.

It is strange that I tried to change DC server on fs-bei-02 too later with same configurations, and fs-bei-02 successfully changed to another AD server.

The OS and time source and DNS settings are all the same for two filers. I don't know how to debug this issue, there always the same error print. The detailed log is attached below:

fs-bei-01> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        This filer is currently a member of the Active Directory domain
        'CORP.AD.BROADCOM.COM'.
Do you want to continue and change the current filer account information? [n]: y
        Your filer is currently visible to all systems using WINS. The WINS
        name servers currently configured are: [ 10.149.192.22, 10.149.192.23
        ].

(1) Keep the current WINS configuration
(2) Change the current WINS name server address(es)
(3) Disable WINS

Selection (1-3)? [2]: 2
        You can enter up to 4 IPv4 WINS server addresses.
IPv4 address(es) of your WINS name server(s) [135.36.132.211]:
Would you like to specify additional WINS name servers? [y]:
IPv4 address(es) of your WINS name server(s) [135.36.132.212]:
Would you like to specify additional WINS name servers? [y]:
IPv4 address(es) of your WINS name server(s) [135.36.132.53]:
Would you like to specify additional WINS name servers? [n]:
        This filer is currently configured as a multiprotocol filer.
Would you like to reconfigure this filer to be an NTFS-only filer? [n]:
        NIS is currently enabled but NIS group caching is disabled. This may
        have a severe impact on CIFS authentication if the NIS servers are
        slow to respond or unavailable. It is highly recommended that you
        enable NIS group caching.
Would you like to enable NIS group caching? [y]:
        By default, the NIS group cache is updated once a day at midnight. If
        you would like to update the cache more often or at a different time,
        specify a list of hours (1-24, representing the hours in a day) that
        describe when the update should be performed.
Enter the hour(s) when NIS should update the group cache [24]:
Would you like to specify additional hours? [n]:
        The default name for this CIFS server is 'FS-BEI-01'.
Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [CORP.AD.BROADCOM.COM]: Broadcom.net
        In Active Directory-based domains, it is essential that the filer's
        time match the domain's internal time so that the Kerberos-based
        authentication system works correctly. If the time difference between
        the filer and the domain controllers is more than 5 minutes,
        authentication will fail. Time services are currently not configured
        on this filer.
Would you like to configure time services? [n]:
        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the BROADCOM.NET domain.
Enter the name of the Windows user [Administrator@BROADCOM.NET]: broadcom.net\sg020857-a
Password for BROADCOM.NET\sg020857-a:
Could not authenticate with domain controller: Wrong Realm in request.
CIFS - unable to log into domain as BROADCOM.NET\sg020857-a.
        Please try again (Ctrl-C to exit).
Enter the name of the Windows user [BROADCOM.NET\sg020857-a]:
fs-bei-01>
fs-bei-01>
fs-bei-01> ping WCISVMGC02.Broadcom.net
WCISVMGC02.Broadcom.net is alive

I also tried Disable WINS option and tried to set time server with the domain name, the result is always the same, It seems that there is no request send to the AD server, it is illegle to login the destination in the current status...

Could any one help?

Thanks in advance!

Regards,

Lester.

Re: Failed to join AD server for CIFS setup : Wrong Realm in request

georgevj — Tue, 13 Jun 2017 05:15:52 GMT

Is the old AD server is still on the network? Is there a conflict between NetBIOS names of old and new domains?

Did you try the admin user name as "sg020857-a@broadcom.net" instead of "broadcom.net\sg020857-a" ?

Re: Failed to join AD server for CIFS setup : Wrong Realm in request

LesterLiu — Wed, 14 Jun 2017 02:50:38 GMT

Hi Georgevj:

Thanks for your reply, PSB:

Is the old AD server is still on the network?

Yes

Is there a conflict between NetBIOS names of old and new domains?

Did you try the admin user name as "sg020857-a@broadcom.net" instead of "broadcom.net\sg020857-a" ?

Just use sg020857-a will be OK.

Consider the same environment and settings on another filer is OK...

topic Re: Failed to join AD server for CIFS setup : Wrong Realm in request in Network and Storage Protocols

Failed to join AD server for CIFS setup : Wrong Realm in request

Re: Failed to join AD server for CIFS setup : Wrong Realm in request

Re: Failed to join AD server for CIFS setup : Wrong Realm in request