Simulator Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Simulator Discussions

Ask a Question

CIFS server can't join AD

ddrougeau
‎2015-07-22 10:53 PM
52,233 Views

I know this has probably been answered somewhere...but I can't find it.  I'm new to NetApp and though this simulator would be a great way to learn since our company is considering their solutions.  I have the initial cluster setup, aggregate, subnet, and vserver.  but when I try to create the CIFS server and join it to my lab DC, I get this error about the LSA service

 

Data ONTAP API Failed :Failed to create the Active Directory machine account "CIFS". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 105] Loaded the preliminary configuration. [ 121] Created a machine account in the domain [ 121] Connecting to LSA server netappdc.netapp.loc (192.168.111.5) [ 123] Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_TKT_NYV) [ 123] Failed to initiate Kerberos authentication. Trying NTLM. [ 124] Successfully authenticated with DC netappdc.netapp.loc **[ 125] FAILURE: Unable to connect to LSA service on ** netappdc.netapp.loc (Error: ** RESULT_ERROR_CIFS_SMB_ACCESS_DENIED) [ 125] No servers available for MS_LSA, vserver: 3, domain: netapp.loc. [ 125] Could not find Windows SID 'S-1-5-21-3619059543-1436041144-4270238130-512' [ 128] Deleted existing account 'CN=CIFS,CN=Computers,DC=netapp,DC=loc' . (Error: 13001)

 

Any help is seriously appreciated...

0 Kudos
1 ACCEPTED SOLUTION

mbeattie
NetApp
‎2015-07-23 01:39 AM
In response to aborzenkov
52,175 Views

Hi,

 

Have you tried setting your timezone to closest city to you listed in the link below:

 

https://library.netapp.com/ecmdocs/ECMP1368852/html/GUID-48AD434D-433B-4208-8D9E-C3696707E20C.html

 

Before you can join the vserver to the domain you first need to set the date\time and timezone to ensure the systems time is within 5 minutes of your domain controller.

 

To check the time on your DC you can use the net time command:

 

C:\>net time \\testdc01
Current time at \\testdc01 is 23/07/2015 6:26:37 PM

The command completed successfully.

 

Then set the date on your cluster:

 

cluster1> system date modify -dateandtime 201507231826.48

cluster1> system date show
Node      Date                      Time zone
--------- ------------------------- -------------------------
node1
          7/23/2015 18:26:53 +10:00 Australia/Sydney

Then set your timezone


cluster1> timezone America/Vancouver
1 entry modified

cluster1> system date show
Node      Date                      Time zone
--------- ------------------------- -------------------------
node1
          7/23/2015 01:27:12 -07:00 America/Vancouver

 

Also it's worth mentioning that you will need to enter credentials of an Active Directory user account during the cifs setup process that has permissions in Active Directory to create the computer object and join the vserver to the domain.

 

The minimum required Active Directory permissions for computer objects in your organizational unit are:

 

http://support.microsoft.com/kb/932455

 

Create Computer Objects

Reset Password

Read and write Account Restrictions

Validated write to DNS host name

Validated write to service principal name

 

hope this helps

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

12 REPLIES 12
All Community Forums
Public