Solved: Re: Cloud Ontap not joining ADS

gerdhecken · ‎2016-03-08

Hello all,

I´m building an Demo Environment at AWS with Cloud Ontap.

I´ve trouble with the CIFS Setup. Cloud Ontap can not connect to the DNS Server.

Error: Machine account creation procedure failed
[ 0 ms] Trying to create machine account 'FS-CO1' in domain
           'NALAB.LOC' for Vserver 'svm_co1'
[ 2009] Failed to connect to 172.31.27.65 for DNS: Operation
           timed out
**[ 4020] FAILURE: Unable to contact DNS to discover domain
**         controllers.
[ 4020] Failed to find a domain controller

Error: command failed: Failed to create the Active Directory machine account "FS-CO1". Reason: Unable to contact DNS.

The ADS /DNS Server are in the same VPC and Subnet and both are up and running.

From the ADS-Server I can ping the CIFS Data LIF. But from the Cloud Ontap SSH Shell

I can not ping the ADS-Server.

The iSCSI Configuration works without any problems.

Have anyone an Idea?

Gerd

gerdhecken · ‎2016-03-08

Hi Ashrut,

Hi Yaronh,

thank you for your help. After I add several Ports to the security Group it´s all OK.

Cifs Setup works fine.

Type	Protocol	Port Range	Source
nameserver (42)	TCP (6)	42	0.0.0.0/0
DNS (TCP) (53)	TCP (6)	53	0.0.0.0/0
Custom TCP Rule	TCP (6)	88	0.0.0.0/0
LDAP (389)	TCP (6)	389	0.0.0.0/0
Custom TCP Rule	TCP (6)	445	0.0.0.0/0
Custom TCP Rule	TCP (6)	464	0.0.0.0/0
RDP (3389)	TCP (6)	3389	0.0.0.0/0
DNS (UDP) (53)	UDP (17)	53	0.0.0.0/0
ALL ICMP	ICMP (1)	ALL	0.0.0.0/0

Kindly Regards

Gerd

View solution in original post

ashrut · ‎2016-03-08

Hi Gerd,

One of the reason could be Security Groups (aka AWS firewalls), Does your security group for ADS/DNS server allow CIFS ,DBS, and PING traffic?

Security groups are per instance concept so even though everything lives in same subnet , certain instance can fail to reach other instance.

-Ashrut

yaronh · ‎2016-03-08

Hi Gerd,

First, I must comment that sometimes AWS based ADS/DNS might not be pingable, and that might hinge on your security setting.

Can you share your Cloud ONTAP security group information (Which ports are open)?

As a test - I'd try opening up everything, just to see if that's the issue.

Second, did you try to set CIFS from Cloud Manager using UI or on the CLI level?

Thanks,

Yaron Haimsohn

Cloud Solution Architect

gerdhecken · ‎2016-03-08

Hi Ashrut,

Hi Yaronh,

thank you for the reply.

I´ved controlled the security Rules. For my ADS-Server there is only one "Inbound-Rule" for RDP.

Type	Protocol	Port Range	Source
RDP (3389)	TCP (6)	3389	0.0.0.0/0

Outbound all traffic is allowed.

I try to configure the Inbound Rule from the ADS-Server.

Regards

Gerd

gerdhecken · ‎2016-03-08

Hi Ashrut,

Hi Yaronh,

thank you for your help. After I add several Ports to the security Group it´s all OK.

Cifs Setup works fine.

Type	Protocol	Port Range	Source
nameserver (42)	TCP (6)	42	0.0.0.0/0
DNS (TCP) (53)	TCP (6)	53	0.0.0.0/0
Custom TCP Rule	TCP (6)	88	0.0.0.0/0
LDAP (389)	TCP (6)	389	0.0.0.0/0
Custom TCP Rule	TCP (6)	445	0.0.0.0/0
Custom TCP Rule	TCP (6)	464	0.0.0.0/0
RDP (3389)	TCP (6)	3389	0.0.0.0/0
DNS (UDP) (53)	UDP (17)	53	0.0.0.0/0
ALL ICMP	ICMP (1)	ALL	0.0.0.0/0

Kindly Regards

Gerd

Cloud Ontap not joining ADS

Get ready to power on