Network and Storage Protocols

Unable to connect to CIFS via DNS from server 2012 & windows 10

oshernesimi
12,947 Views

Hello Netapp Team,

We having a problem to connect to CIFS shared (Netapp) via DNS from Windows Server 2012R2 & Windows 10.

I use Windows AD to map a shared drive. This drive is located on a CIFS Share on a Netapp.

If I tried to connect \\dns\share it fails, but if I tried to connect \\192.168.1.1\share it succeed.

I check DNS problems but the DNS working fine, I have ping to the name.

It appears only on server 2012 & windows 10 (in windows 7, server 2008 are working properly).

When I created a shared folder under server or computer and trying to connect from those computers it's working.

so something on the NetApp needs to change.

 Please advise.

 

Osher.

1 ACCEPTED SOLUTION

Ontapforrum
12,746 Views

You haven't shared the requested info with us, I am assuming you have filers in a very high security zone. Sometimes, requested information helps in solving issue early.

 

Anyway, here is something that will help:


Mapping the SMB server on the DNS server:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-cifs-cg%2FGUID-EC2C5244-CD7A-4322-A5E6-A53B5E9A845C.html

 

In case the NAS NetBios NAME resolving to Data LIF IP is not the one registered in DNS, and it is rather a ALIAS or CNAME then register the SPN for DNS Alias (CNAME).

 

To register the SPN for the DNS alias (CNAME) records, use the Setspn tool with the following syntax:

setspn -A host/your_ALIAS_name target_nas_name
setspn -A host/your_ALIAS_name.company.com target_nas_name

 

Else, you can force "storage to broadcast " the 'NAS' NetBios name to your Windows 2k12:

Further, you can enable this on the storage side.
::> set adv [Go to advanced mode]
::*> vserver cifs options modify -vserver <cifs_server_svm> -is-nbns-enabled true
::*> vserver cifs options modify -vserver <cifs_server_svm> -is-netbios-over-tcp-enabled true

 

View solution in original post

6 REPLIES 6

mbeattie
12,930 Views

Hi Osher,

 

See this Microsoft KB2686098 and this NetApp KB article. Also see this link to the NetApp documentation for SMB signing policies. Depending on your configuration you might consider using AD Group policy to configure the setting appropriate for your environment. Hope that helps

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

oshernesimi
12,920 Views

Hi Matt, 

As I understand I have 2 options:

1. For the testing I can run this command :

Set-SmbClientConfiguration -RequireSecuritySignature $true 

 

or  disable SMB v3 from my Windows 10

 

2. I need to enable SMB v3 on my NetApp to allow Windows server 2012 & Windows 10 to work with CIFS via DNS?

 

Osher.

Ontapforrum
12,874 Views

Please give this output:

 

From storage:

Try to access the share \\hostname\share, and then check event log.
::> event log show -message-name secd*
::> vserver cifs security show -vserver <vserver_name> -fields Lm-compatibility-level
::> vserver cifs show -vserver <vserver_name>

 

From WIN2K12:
C:\Users\user\admin>setspn -L host (CIFS Server NetBIOS Name)

 

You haven't mentioned the ONTAP version here. But, bydefault, all SMB versions are enabled (From 9.2, SMB1 can be disabled). Anyway, I think If you can access the share via IP, then it is something to do with DNS and auth-mechanism.

oshernesimi
12,763 Views

Hi Guys, 

Something that i found today ... 

 I tried "nslookup netapp_name" and it gives me netappname.domain.com

When I tried now to access the share with FQDN ( \\dns.domain.com\share ) it succeeds.

what I need to fix to make all Windows 10 & Server 2012R2 to use shares without all the \\dns.domain.com ???

Something else I realized now is the web access like web01 not working and web01.domain.com is working in those workstations and servers

 Thanks

Osher.

Ontapforrum
12,747 Views

You haven't shared the requested info with us, I am assuming you have filers in a very high security zone. Sometimes, requested information helps in solving issue early.

 

Anyway, here is something that will help:


Mapping the SMB server on the DNS server:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-cifs-cg%2FGUID-EC2C5244-CD7A-4322-A5E6-A53B5E9A845C.html

 

In case the NAS NetBios NAME resolving to Data LIF IP is not the one registered in DNS, and it is rather a ALIAS or CNAME then register the SPN for DNS Alias (CNAME).

 

To register the SPN for the DNS alias (CNAME) records, use the Setspn tool with the following syntax:

setspn -A host/your_ALIAS_name target_nas_name
setspn -A host/your_ALIAS_name.company.com target_nas_name

 

Else, you can force "storage to broadcast " the 'NAS' NetBios name to your Windows 2k12:

Further, you can enable this on the storage side.
::> set adv [Go to advanced mode]
::*> vserver cifs options modify -vserver <cifs_server_svm> -is-nbns-enabled true
::*> vserver cifs options modify -vserver <cifs_server_svm> -is-netbios-over-tcp-enabled true

 

oshernesimi
12,692 Views

Hi Guys,

it was DNS issue.

Once I found that I have CNAME pointed to my NetApp shared drive mapping name and I change it to A record it solved my problem.

 

Thank you all guys.

Public