Microsoft Virtualization Discussions

How do I set up RPC access? Current error is "Connect-NaController : RPC Error: The RPC server is unavailable. Code 0x6BA."

hugh_kelley
20,424 Views

Background:

I want to connect to the controller using my  current credentials, no prompts and no hard-code creds in my scripts.  I believe this requires RPC connection, not HTTP(S).

Configuration:

Server and controller are on the same VLAN.  No firewalls or routers separate them.

Tracing route to xxx-psan-02 [10.111.11.40]

over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  xxx-psan-02 [10.111.11.40]

Trace complete.

Result:

With a hard-coded credential and an HTTPS connection, Get-NaController is fine.

With the same hard-coded credential and an RPC connection, I get this result:

PS C:\temp> Connect-NaController -name xxx-psan-02 -RPC -Credential $cred

Connect-NaController : RPC Error: The RPC server is unavailable. Code 0x6BA.

At line:1 char:21

+ Connect-NaController <<<<  -name wat-psan-02 -RPC -Credential $cred

    + CategoryInfo          : InvalidResult: (wat-psan-02:NaController) [Connect-NaController], EAPITRANSMISSION

    + FullyQualifiedErrorId : RpcConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

1 ACCEPTED SOLUTION

cknight
20,421 Views

RPC uses AD-based authentication, so your Windows host and your storage controller must be in the same Windows domain.  Use 'cifs setup' or PowerShell commands to accomplish that.  Also, you must ensure that the domain user that you have used to log into the Windows host is known to the storage controller (Set-NaDomainUser), since those are the credentials used to authenticate with the controller.  Don't pass credentials to Connect-NaController when specifying -RPC.

View solution in original post

14 REPLIES 14

cknight
20,422 Views

RPC uses AD-based authentication, so your Windows host and your storage controller must be in the same Windows domain.  Use 'cifs setup' or PowerShell commands to accomplish that.  Also, you must ensure that the domain user that you have used to log into the Windows host is known to the storage controller (Set-NaDomainUser), since those are the credentials used to authenticate with the controller.  Don't pass credentials to Connect-NaController when specifying -RPC.

hugh_kelley
20,371 Views

Thank you.  In addition to what you suggested, I realized that my "transmission path" isn't quite what I had expected.

Although my computer has a NIC on our iSCSI VLAN, and therefore a direct connection to the controller, that NIC doesn't have the Microsoft client bound to it.   Therefore, the RPC setup traffic was still originating from another NIC (with an ACL between it and the controller).

MDJAMES001
20,371 Views

Clinton,

Does this statement imply that you MUST have CIFS licensed on your controller in order to use RPC authentication?

JGPSHNTAP
20,371 Views

So, in order to setup the filer in AD with cifs setup, you either need iscsi, fcp or cifs licensed.

MDJAMES001
20,371 Views

OK, That works. I have FCP, iSCSI, and NFS, just no CIFS. So that's not my problem. I still can't connect via RPC. Not a big, deal I can connect via HTTP, but it is just annoying, it SHOULD work. And on top of it the 2240 works, yet the dctest looks the same on all three controllers. The 3270s just don't work. I get a 0x5 error (authentication)

Ooops. Just saw Clinton's reply. So CIFS is the requirement I don't have. Hmmm. I'll have to talk to my NetApp Sales rep. Thank you!

cknight
20,371 Views

Yes.

JGPSHNTAP
20,371 Views

Have you gone through cifs setup and added it to the domain?

MDJAMES001
20,371 Views

When I do a cifs testdc and a domaininfo, they both show connected correctly. Now when I do an adupdate, it doesn't work. I'm not sure why.

sneil
20,370 Views

What's the story with Clustered ONTAP.  How do you get Connect-NcController to automatically use the credentials of the logged on user to connected to the SVM?   I still don't want to hard-code usernames or passwords in the script.

GRAEMEOGDEN
12,632 Views

We have been using Set-NcCredential to cache username and password details on a particular server we want to run scripts on, not ideal but avoids having the passwords in the script!

cknight
12,632 Views

The Toolkit's credentials cache is the way to go for now.  I'm unaware of any RPC support, either current or on the roadmap, in Clustered Data ONTAP.

JGPSHNTAP
12,632 Views

Clinton - Ok, my disclaimer is I have yet to go down cluster-mode yet

But are you saying we can't use AD Authentication via cifs like we do in 7-mode to manage the filers via powershell

cknight
12,632 Views

That's what I'm saying.  I would love to be proven wrong.

JSHACHER11
12,632 Views

I am also getting RPC error - also tried http/s

I am using a domain account that it is in the 'domain admin' group and also a builtin\administrators in the controller

I have no problem logging in with that user from Putty

"ensure that the domain user that you have used to log into the Windows host is known to the storage controller - Don't pass credentials to Connect-NaController when specifying -RPC."

I am using VPN to connect to the controller's network - I am indeed using a different domain on my windows host

is there no way to connect? (I cannot add the domain user I'm using on my local PC to the controller)

Connect-NaController : RPC Error: Access is denied. Code 0x5.

At C:\connect.ps1:6 char:21

+ connect-nacontroller <<<<  -name 10.0.8.8 -credential $FasCred -rpc

    + CategoryInfo          : InvalidResult: (10.0.8.8:NaController) [Connect-NaController], EAPITRANSMISSION

    + FullyQualifiedErrorId : RpcConnectionFailed,DataONTAP.PowerShell.SDK.ConnectNaController

++++++++++++++++++++

UPDATE

I've just managed to connect to a different filer with the same domain user, so it is definitely something in the filer's configuration - but what?

Public