ONTAP Hardware

Implementing NAS on FAS 2620

NghiaTD
21,844 Views

Dear All!

 

 I have a question about CIFS server. When I tried to configure NAS on FAS2620, i cannot create CIFS server in SVM fields required with error as below:

 

Data ONTAP API Failed: Failed to create the Active Directory machine account "VMS". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 0 ms] Trying to create machine account 'VMS' in 'VMS.NETAPP.LOCAL' for Vserver 'svm-nas1' [ 2005] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out **[ 4011] FAILURE: Unable to contact DNS to discover domain ** controllers. [ 4011] Unable to connect to any (0) domain controllers. [ 4011] 'NisDomain' configuration not available [ 4011] NIS configuration not found for Vserver 6 [ 6017] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out [ 6017] Unable to contact DNS to discover domain controllers. [ 8021] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out [ 8021] Unable to contact DNS to discover domain controllers. [ 10024] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out [ 10025] Unable to contact DNS to discover domain controllers. [ 10025] No servers available for MS_LDAP_AD, vserver: 6, domain: VMS.NETAPP.LOCAL. . (Error: 13001)

 

 Can someone instruction how to pass this field.

 

Thanks a lot

1 ACCEPTED SOLUTION

TMADOCTHOMAS
21,662 Views

I see there's a clock skew error. You won't be able to join if the time is >5 minutes difference on the NetApp vs. the DC. Check your time settings on the NetApp and make sure they point to the same time server as your DC.

View solution in original post

12 REPLIES 12

TMADOCTHOMAS
21,697 Views

Hi 

NghiaTD
21,694 Views

Hi Thomas!

 

I've already created Active Directory Domain controller with infor:

vms.netapp.local

Ip: 192.168.1.10

 

And i've tried join AD from another server and it's ok.

What infor you want to check?

 

Thanks,

TMADOCTHOMAS
21,658 Views

Check your DNS configuration in the SVM to see if it's correct.

NghiaTD
21,605 Views

Hi Thomas!

 

I've tried with the following informations:

 

CIFS Setup:

 - NetBios Name: vms

 - Domain: vms.netapp.local

 - Organization unit: CN = Computers

 - User: administrator

 - Pass: ...

 

SVM DNS Configured Information:

 - DNS: vms.netapp.local

 - Server Name: 192.168.1.10

 

Server Configured Informations:

 - DNS: vms.netapp.local

 - IP: 192.168.1.10

 

Please check attach file for more informations

Thanks!

 

 

 

NghiaTD
21,594 Views

Updated!

 

Already conntected to AD but created CIFS still failed!

 

The error returned by ONTAP is "Data ONTAP API Failed: Failed to create the Active Directory machine account "NETAPP-01". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 25] Loaded the preliminary configuration. [ 48] Created a machine account in the domain [ 48] Successfully connected to ip 192.168.1.10, port 445 using TCP [ 51] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup [ 51] Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_SKEW) [ 51] Kerberos authentication failed with result: 7537. [ 53] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup [ 53] Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_SKEW) [ 53] Kerberos authentication failed with result: 7537. [ 53] Unable to connect to LSA service on vms-server-01.vms.netapp.local (Error: RESULT_ERROR_KERBEROS_SKEW) [ 53] No servers available for MS_LSA, vserver: 7, domain: vms.netapp.local. **[ 54] FAILURE: Unable to make a connection ** (LSA:VMS.NETAPP.LOCAL), result: 6940 [ 54] Could not find Windows SID 'S-1-5-21-3139160450-3593412140-2123682809-512' [ 56] Deleted existing account 'CN=NETAPP-01,CN=Computers,DC=vms,DC=netapp,DC=local' . "

TMADOCTHOMAS
21,663 Views

I see there's a clock skew error. You won't be able to join if the time is >5 minutes difference on the NetApp vs. the DC. Check your time settings on the NetApp and make sure they point to the same time server as your DC.

NghiaTD
21,544 Views

Hi Thomas!

 

I've fixed and it's ok right now. 

 

Thank for your support.

TMADOCTHOMAS
21,514 Views

Excellent! Glad to hear it is resolved.

NghiaTD
21,476 Views

Hi Thomas!

 

 One more question!

 

 I have two Server running HA and using 1 database will be located at FAS2620. So, with this case I have to create 2 DNS servers or just need only 1 DNS Server when configure SVM.

  Because follow my understanding is if with 1 DNS server (example Server 1), when svr 1 down, svm will be disconnected with AD and I will cannot connect to FAS from Server 2? Is this right?

 

So with this case, what I have to do for best optimization?

 

Regards,

TMADOCTHOMAS
19,135 Views

Good idea to have more than one DNS server anyway, not just because of NetApp SVM configuration. If one DNS server is down, the other takes over. You would configure each SVM with both DNS server IP addresses.

NghiaTD
19,120 Views

Hi Thomas!

 

 OK, so with N servers I can create N dns?

 And, with NetApp (I just have 4 Ethernet ports 1Gbps e0c, e0d, e0e, e0f). How can create redundancy for connections links like some ways on another machine (teaming port, Ether Port channel...) ?

 I've created svm (ntapsvm1) with 2 connection: e0c (192.168.1.40), e0d (192.168.1.41). But I don't know how they can redundancy for each other. I also create svm account on dns server with informations: ntapsvm1 mapping with IP 192.168.1.40.

 

Regards,

 

 

TMADOCTHOMAS
19,083 Views

For redundancy, create an interface group with the two interfaces, and assign the IP to the interface group (or add VLAN tags and assign to the tag).

Public