ONTAP Discussions

Cannot add CIFS SVM in AD

FrenchBlue
16,217 Views

Hello,

 

Deployed an Ontap Select instance with the deploy utility, a simple AD/DNS on a Windows 2012 R2 VM, but when I try to create a CIFS SVM, it fails when trying to add it to the domain, with the following error:

 

Data ONTAP API Failed: Failed to create the Active Directory machine account "DATA1CIFS". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 0 ms] Trying to create machine account 'DATA1CIFS' in 'POC.TEST' for Vserver 'Data1' [ 10] No servers configured for the service: _ldap._tcp.POC.TEST [ 10] No servers found in DNS lookup for _ldap._tcp.POC.TEST. [ 10] No servers available for MS_LDAP_AD, vserver: 2, domain: POC.TEST. [ 10] Cannot find any domain controllers; verify the domain name and the node's DNS configuration **[ 10] FAILURE: Unable to connect to any (0) domain controllers. [ 10] 'NisDomain' configuration not available [ 10] NIS configuration not found for Vserver 2 [ 15] No servers found in DNS lookup for _ldap._tcp.dc._msdcs.POC.TEST. [ 17] No servers configured for the service: _ldap._tcp.POC.TEST [ 18] No servers found in DNS lookup for _ldap._tcp.POC.TEST. [ 21] No servers found in DNS lookup for _kerberos._tcp.POC.TEST. [ 21] No servers available for MS_LDAP_AD, vserver: 2, domain: POC.TEST. . (Error: 13001)

 

DNS is working if I logon to the node, I can ping the AD VM:

 

OnTapPOC::> ping -s WindowsAD1
PING WindowsAD1.poc.test (10.127.196.230): 56 data bytes
64 bytes from 10.127.196.230: icmp_seq=0 ttl=128 time=0.145 ms
64 bytes from 10.127.196.230: icmp_seq=1 ttl=128 time=0.211 ms

 

Any idea?

 

Thanks.

1 ACCEPTED SOLUTION

FrenchBlue
16,128 Views

Hello,

 

I changed the node timezone to CET since the AD is CET and the node was UTC, but this didn't solve the problem. In fact it was my fault,  I was confused by the "Domain" tab, where the row to edit is named

 
Double-click the row to edit the list of preferred domain controllers"

 

 

Since the Controller ip has to be filled in, I had put the dns name of of the DC, not the domain name itself. That's why it failed. Now everything is fine, thanks for your help anyway!

 

View solution in original post

3 REPLIES 3

JohnChampion
16,194 Views

Check the times on all machines...CIFS issues are almost always time related.  It's Kerberos so must be less than 5 minutes.

 

Sahana
16,156 Views

Hi

 

Refer a similar solved discussion; https://community.netapp.com/t5/Network-Storage-Protocols-Discussions/CIFS-not-joining-AD-domain/m-p/124585#M8544

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

FrenchBlue
16,129 Views

Hello,

 

I changed the node timezone to CET since the AD is CET and the node was UTC, but this didn't solve the problem. In fact it was my fault,  I was confused by the "Domain" tab, where the row to edit is named

 
Double-click the row to edit the list of preferred domain controllers"

 

 

Since the Controller ip has to be filled in, I had put the dns name of of the DC, not the domain name itself. That's why it failed. Now everything is fine, thanks for your help anyway!

 

Public