VMware Solutions Discussions

VSC RCU 2.0 add Storage issue

gary_thomas
3,939 Views

Having a problem around adding a storage controller in the new RCU.

When I try to add one it has the following error.

Cannot add new storage controller: "General error".

On account this error has a wonderful description can anyone advise. I have checked the following.

If I use a bad password it indicates a bad password, if i try and add with a account with insufficent rights it also indicates that.

So it not a comms issue.

VSC and SMVI all works fine so its just RCU that is giving me hassles.

Cheers

5 REPLIES 5

costea
3,939 Views

Is NFS licensed on the storage controller?  If not, you'll need to add a trial license.  This is a known issue we're addressing in the next VSC release.

gary_thomas
3,939 Views

That would most likely be it then.

Any ideas when the new update will be out?

costea
3,939 Views

Yes, it will be available next month.

masaru_ryumae
3,939 Views

Hello,

I have somewhat similar issue. I am trying to add storage controllers using a domain user acct which has been added to the filer's administrators group (It's been added to AD for CIFS).

I am using RCU 3.0 with vSphere 4.1 environment.

I have everything working if I just use the filer's root acct to add the storage controller (and I have the NFS license mentioned here). However, our root password changes every 15 min for security purposes, and therefore, this method only works very temporarily.

Is it even possible to use a domain acct to get storage controllers added?

So my AD acct is part of Admin role at the vSphere client for the environment I am trying to add the storage to, and this acct is also the admin group of the filer (I verified it with useradmin domainuser list -g administrators.)

When I add the storage controller, I use the user name as DOMAIN\MYACCT format, and I get a "General Error".

The RCU log on the Virtual Center Server shows the following. I tried with a few different combinations like DOMAIN\\MYACCT, DOMAIN/MYACCT etc, but I haven't found the one that works. If I use these, I get "Authentication failure" instead. It seems to me that '\' character between DOMAIN and MYACCT might be causing the issue, but I am not sure.

2011-05-11 16:03:43,714 (1397166411) [Thread-55] INFO  com.netapp.kamino.server.jzapi.FilerUtil - Connected to MYFILER.
2011-05-11 16:03:44,830 (1397167527) [Thread-55] ERROR com.netapp.kamino.server.jzapi.FilerUtil - Failed to get the available zapis for user DOMAIN\MYACCT.
netapp.manage.NaAPIFailedException: Could not list user(s). Error: User name contains an invalid character  (errno=13114)
at netapp.manage.NaServer.invokeElem(NaServer.java:640)
at com.netapp.kamino.server.jzapi.FilerUtil.getAvailableZapis(FilerUtil.java:3036)
at com.netapp.kamino.server.jzapi.FilerUtil.buildFiler(FilerUtil.java:188)
at com.netapp.kamino.server.ServerServiceImpl$1.call(ServerServiceImpl.java:228)
at com.netapp.kamino.server.ServerServiceImpl$1.call(ServerServiceImpl.java:226)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
2011-05-11 16:03:44,831 (1397167528) [http-61921-2] DEBUG com.netapp.kamino.server.ServerServiceImpl - exiting with exception
java.util.concurrent.ExecutionException: com.netapp.kamino.data.ZapiException: Could not list user(s). Error: User name contains an invalid character  (errno=13114)
at java.util.concurrent.FutureTask$Sync.innerGet(Unknown Source)
at java.util.concurrent.FutureTask.get(Unknown Source)
at com.netapp.kamino.server.ServerServiceImpl.buildFiler(ServerServiceImpl.java:243)
at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:527)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:166)
at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:86)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: com.netapp.kamino.data.ZapiException: Could not list user(s). Error: User name contains an invalid character  (errno=13114)
at com.netapp.kamino.server.jzapi.FilerUtil.getAvailableZapis(FilerUtil.java:3044)
at com.netapp.kamino.server.jzapi.FilerUtil.buildFiler(FilerUtil.java:188)
at com.netapp.kamino.server.ServerServiceImpl$1.call(ServerServiceImpl.java:228)
at com.netapp.kamino.server.ServerServiceImpl$1.call(ServerServiceImpl.java:226)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)

So, here are my questions:

1. Do we always have to use root (less preferred) or role based (reduced privilege, more preferred) accts that exist on the filer to be able to add storage controller in RCU plugin?

2. Is it possible to use a domain user acct to add storage controller in RCU plugin? If so, how do you specify the acct (Domain and acct name) when authenticating?

Using 2 is somewhat more convenient since our AD password changes every couple of months, but using 1 is inconvenient since I may have to reauthenticate with the new root password every 15 min or so.

I would appreciate if you could provide any insight.

Thanks so much!

Masa

costea
3,939 Views

RCU 3.0 does not support domain accounts.  It does however allow you to use non-root users to add controllers.  Details on configuring that can be found here: http://communities.netapp.com/docs/DOC-5076

RCU 3.1.2 which is part of the forthcoming VSC 2.1 release will contain support for domain accounts.  VSC 2.1 should release to NOW in a couple of weeks.

Public