Network and Storage Protocols

Only connecting to read-only domain controller during CIFS setup



I'm trying to add a controller (at a remote site) to our active directory domain but I keep getting an error that the AD account we're using doesn't have permissions.  We ran a pktt capture and found that the filer is only communicating with the read-only domain controller (which is in close proximity).  This is a problem because it's read-only and can't be updated.  Is this normal behavior?  I would think that it should recognize that it's a read-only DC and move on to the read/write domain controller (which is at our primary datacenter).  Any help would be appreciated.  Thanks.



possible some sorta bug/missing feature. during cifs setup filer is doing a dns/wins/ldap site query and chooses the closest dc possible. maybe a quick fix would be to shut down that read only dc, do setup, and then boot up again.

That's what we're thinking--either shutdown the local r/o DC or maybe add an incorrect route to that DC on the filer.  Will let you know how that works.

Well, taking down the R/O DC at our remote site which has the filer in question and then running CIFS setup fixed the problem.  Our team is still convinced that NetApp's OS doesn't handle read-only DC's correctly.  Does anyone else have experience here?  We're trying to complete our RCA.  Thanks.


cifs setup creates a computer account or reuses a computer account that has been pre-created and then sets the machine account password.

Next time use cifs prefdc and specify a writable DC, run cifs setup and then change cifs prefdc to use the local RODC.


cifs prefdc is usualy the way to go but i think you cannot use cifs prefdc before actualy having done a cifs setup at all. i might be wrong tho.


you can use cifs prefdc prior to running cifs setup.


We used cifs prefdc to specify a read/write DC but after running CIFS setup our packet capture confirmed that it was still only connecting to the local RODC.  Possibly a networking issue or a bug in DataOnTap.


I had problems trying to join a filer in a remote site with an RODC to the domain too.  cifs domaininfo showed me all DCs as "BROKEN".  What I did was set the site for the filer's IP to my RWDC site in AD Sites and Services... once that propagated, I was able to join my filer without a problem.  Question now is do I leave it this way and will it impact performance?