Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

Not able to join to AD due to Unable to contact DNS

Manchana
‎2016-01-06 11:25 PM
16,552 Views

Hi Team,

 

Unable to join vserver to AD and giving error as Unable to contact DNS

 

SA6CLS02::> vserver cifs create -vserver NS6VFL02 -cifs-server NS6VFL02 -domain wa6ads07.axabs-in.intraxa

In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the
"CN=Computers" container within the "WA6ADS07.AXABS-IN.INTRAXA" domain.

Enter the user name: aravind shastry.adm

Enter the password:

Error: Machine account creation procedure failed
[ 0 ms] Trying to create machine account 'NS6VFL02' in domain
'WA6ADS07.AXABS-IN.INTRAXA' for Vserver 'NS6VFL02'
[ 2004] Failed to connect to 10.90.125.10 for DNS: Operation
timed out
[ 4013] Failed to connect to 10.90.125.10 for DNS: Operation
timed out
**[ 4014] FAILURE: Unable to contact DNS to discover domain
** controllers.

Error: command failed: Failed to create the Active Directory machine account "NS6VFL02". Reason: Unable to contact DNS.

 

 

****************************

Attached text file for more info

 

SA6CLS02::> network ping -node SA6UNS06 axabs-in.intraxa
axabs-in.intraxa is alive

SA6CLS02::> network ping -node SA6UNS05 axabs-in.intraxa
no answer from axabs-in.intraxa

SA6CLS02::> network ping -node SA6UNS05 axabs-in.intraxa
axabs-in.intraxa is alive

SA6CLS02::> network ping -node SA6UNS06 -destination 10.90.141.1
10.90.141.1 is alive

SA6CLS02::> network ping -node SA6UNS05 -destination 10.90.141.1
10.90.141.1 is alive

 

Added record in DNS for Data  LIF1 and able to ping Gateway & DNS IP from filer

 

Regards

Srikanth

9966443310

 

Preview file
23 KB
0 Kudos
View By:
Tags (1)
7 REPLIES 7

mbeattie
NetApp
‎2016-01-07 04:36 PM
16,303 Views

Hi,

 

Have you ensured the DNS service on the vserver is configured before attempting to join it to the domain? EG:

 

cluster1> services dns create -vserver vserver1 -domains testlab.local -name-servers 192.168.100.10 -state enabled -timeout 5 -attempts 3

 

cluster1> services dns show -vserver vserver1

               Vserver: vserver1
               Domains: testlab.local
          Name Servers: 192.168.100.10
    Enable/Disable DNS: enabled
        Timeout (secs): 5
      Maximum Attempts: 3

 

If the vservers DNS service is not configured\enabled then you won't be able to join it the domain

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos

mbeattie
NetApp
‎2016-01-07 05:02 PM
16,299 Views

Hi,

 

Also i noticed you are attempting to create the vserver's computer object in the Computers container in AD (this is unlikely to be the cause of your issue) however the best practise is to specify which organizational unit the computer account is created in by using the -ou paramater. EG

 

cluster1> vserver cifs create ?
   [-vserver] <vserver name>           Vserver
   [-cifs-server] <NetBIOS>            CIFS Server NetBIOS Name
   [-domain] <TextNoCase>              Fully Qualified Domain Name
  [[-ou] <text>]                       Organizational Unit (default:
                                       CN=Computers)

 

This will enable you to delegate administration and apply group policy (as you can't apply group policy to a container object in AD). Also ensure that the Active Directory user account specified when joining the vserver to the domain has sufficent permissions on the OU to create the computer object and join it to the domain.The following table defines the permissions required to securely delegate Active Directory permissions to perform a CIFS setup and create computer objects for vservers within an Organizational Unit (http://support.microsoft.com/kb/932455)

 

  • Create Computer Objects
  • Delete Computer Objects
  • Reset Password
  • Read and write Account Restrictions
  • Validated write to DNS host name
  • Validated write to service principal name

Hope this information is useful

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos

Manchana
‎2016-01-14 07:53 AM
In response to mbeattie
16,248 Views

Thanks Matt.

I have tried with your options but no luck .

 

Data LIF is not able to ping Gateway and DNS server so i have raise a request to Network team to open firewall port open. Hope it will be work 

 

 

 

 

SA6CLS02::*> event log show -event secd*
Time Node Severity Event
------------------- ---------------- ------------- ---------------------------
1/7/2016 16:21:52 SA6UNS06 WARNING secd.dns.server.timed.out: DNS server 10.90.125.70 did not respond to vserver = NS6VFL02 within timeout interval.
1/7/2016 15:57:42 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.70 did not respond to vserver = NS6VFL02 within timeout interval.
1/7/2016 15:18:19 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.70 did not respond to vserver = NS6VFL02 within timeout interval.
1/7/2016 15:14:04 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.70 did not respond to vserver = NS6VFL02 within timeout interval.
1/7/2016 15:06:46 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.70 did not respond to vserver = NS6VFL02 within timeout interval.
1/7/2016 14:00:47 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.70 did not respond to vserver = NS6VFL02 within timeout interval.
1/7/2016 13:53:27 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.10 did not respond to vserver = NS6VFL02 within timeout interval.
1/7/2016 13:42:23 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.10 did not respond to vserver = NS6VFL02 within timeout interval.
1/6/2016 22:47:19 SA6UNS05 WARNING secd.dns.server.timed.out: DNS server 10.90.125.10 did not respond to vserver = NS6VFL02 within timeout interval.
9 entries were displayed.

 

 

Thanks

Srikanth Manchana

+91 9966443310

0 Kudos

JamesIlderton
‎2016-01-14 09:49 AM
In response to Manchana
16,228 Views

What version of cDOT are you using?  We had a similar issue due to case sensativity and our Bluecat DNS system.  8.3.1 resolved the issue (see bug ID 886457).  Note that the workaround in this bug ID did not work for us and Support recommended the upgrade, which worked as promised.

0 Kudos

Manchana
‎2016-03-01 11:38 PM
In response to JamesIlderton
16,008 Views

SA2CLS01::> version
NetApp Release 8.3P1: Tue Apr 07 16:05:35 PDT 2015

0 Kudos

mhwc22
‎2016-10-14 10:32 AM
In response to Manchana
14,682 Views

Hi,  

I am having the same problem with version 8.3.2P2, did you ever find a resolution?

0 Kudos

Manchana
‎2016-10-14 10:39 AM
In response to mhwc22
14,678 Views

Add ports to VLAN on network switch side  and do Vlan tagging at C mode

 

 

Regards

Srikanth

0 Kudos
Announcements
All Community Forums
Public