Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

Only connecting to read-only domain controller during CIFS setup

paul_w_jackson
‎2011-02-28 10:51 AM
6,961 Views

Hi,

I'm trying to add a controller (at a remote site) to our active directory domain but I keep getting an error that the AD account we're using doesn't have permissions.  We ran a pktt capture and found that the filer is only communicating with the read-only domain controller (which is in close proximity).  This is a problem because it's read-only and can't be updated.  Is this normal behavior?  I would think that it should recognize that it's a read-only DC and move on to the read/write domain controller (which is at our primary datacenter).  Any help would be appreciated.  Thanks.

0 Kudos
View By:
8 REPLIES 8

thomas_glodde
‎2011-02-28 11:25 AM
6,961 Views

possible some sorta bug/missing feature. during cifs setup filer is doing a dns/wins/ldap site query and chooses the closest dc possible. maybe a quick fix would be to shut down that read only dc, do setup, and then boot up again.

paul_w_jackson
‎2011-02-28 11:34 AM
In response to thomas_glodde
6,961 Views

That's what we're thinking--either shutdown the local r/o DC or maybe add an incorrect route to that DC on the filer.  Will let you know how that works.

0 Kudos

paul_w_jackson
‎2011-03-01 07:39 AM
In response to paul_w_jackson
6,961 Views

Well, taking down the R/O DC at our remote site which has the filer in question and then running CIFS setup fixed the problem.  Our team is still convinced that NetApp's OS doesn't handle read-only DC's correctly.  Does anyone else have experience here?  We're trying to complete our RCA.  Thanks.

0 Kudos

spence
NetApp
‎2011-03-01 07:55 AM
In response to paul_w_jackson
6,961 Views

cifs setup creates a computer account or reuses a computer account that has been pre-created and then sets the machine account password.

Next time use cifs prefdc and specify a writable DC, run cifs setup and then change cifs prefdc to use the local RODC.

0 Kudos

thomas_glodde
‎2011-03-01 09:27 AM
In response to spence
6,962 Views

cifs prefdc is usualy the way to go but i think you cannot use cifs prefdc before actualy having done a cifs setup at all. i might be wrong tho.

0 Kudos

spence
NetApp
‎2011-03-01 10:48 AM
In response to thomas_glodde
6,962 Views

you can use cifs prefdc prior to running cifs setup.

0 Kudos

paul_w_jackson
‎2011-03-02 09:49 AM
In response to spence
6,962 Views

We used cifs prefdc to specify a read/write DC but after running CIFS setup our packet capture confirmed that it was still only connecting to the local RODC.  Possibly a networking issue or a bug in DataOnTap.

0 Kudos

kao_lance
‎2012-07-18 06:55 AM
In response to paul_w_jackson
6,962 Views

I had problems trying to join a filer in a remote site with an RODC to the domain too.  cifs domaininfo showed me all DCs as "BROKEN".  What I did was set the site for the filer's IP to my RWDC site in AD Sites and Services... once that propagated, I was able to join my filer without a problem.  Question now is do I leave it this way and will it impact performance?

0 Kudos
Announcements
All Community Forums
Public