Cloud Volumes ONTAP

Cloud Ontap not joining ADS

gerdhecken

Hello all,

 

I´m building an Demo Environment at AWS with Cloud Ontap.

I´ve trouble with the CIFS Setup. Cloud Ontap can not connect to the DNS Server.

 


Error: Machine account creation procedure failed
  [  0 ms] Trying to create machine account 'FS-CO1' in domain
           'NALAB.LOC' for Vserver 'svm_co1'
  [  2009] Failed to connect to 172.31.27.65 for DNS: Operation
           timed out
**[  4020] FAILURE: Unable to contact DNS to discover domain
**         controllers.
  [  4020] Failed to find a domain controller

Error: command failed: Failed to create the Active Directory machine account "FS-CO1". Reason: Unable to contact DNS.

 

 

The ADS /DNS Server are in the same VPC and Subnet and both are up and running.

From the ADS-Server I can ping the CIFS Data LIF. But from the Cloud Ontap SSH Shell

I can not ping the ADS-Server.

 

The iSCSI Configuration works without any problems.

 

Have anyone an Idea?

 

Gerd

1 ACCEPTED SOLUTION

gerdhecken

Hi Ashrut,

Hi Yaronh,

 

thank you for your help. After I add several Ports to the security Group it´s all OK.

Cifs Setup works fine.

 

Type
Protocol
Port Range
Source
nameserver (42)
TCP (6)
42
0.0.0.0/0
DNS (TCP) (53)
TCP (6)
53
0.0.0.0/0
Custom TCP Rule
TCP (6)
88
0.0.0.0/0
LDAP (389)
TCP (6)
389
0.0.0.0/0
Custom TCP Rule
TCP (6)
445
0.0.0.0/0
Custom TCP Rule
TCP (6)
464
0.0.0.0/0
RDP (3389)
TCP (6)
3389
0.0.0.0/0
DNS (UDP) (53)
UDP (17)
53
0.0.0.0/0
ALL ICMP
ICMP (1)
ALL
0.0.0.0/0

 

Kindly Regards

Gerd

View solution in original post

4 REPLIES 4

yaronh

Hi Gerd,

 

First, I must comment that sometimes AWS based ADS/DNS might not be pingable, and that might hinge on your security setting.

Can you share your Cloud ONTAP security group information (Which ports are open)?

 

As a test - I'd try opening up everything, just to see if that's the issue.

 

Second, did you try to set CIFS from Cloud Manager using UI or on the CLI level?

 

Thanks,

Yaron Haimsohn

 

Cloud Solution Architect

gerdhecken

Hi Ashrut,

Hi Yaronh,

 

thank you for the reply.

I´ved controlled the security Rules. For my ADS-Server there is only one "Inbound-Rule" for RDP.

 

Type
Protocol
Port Range
Source
RDP (3389)
TCP (6)
3389
0.0.0.0/0

 

Outbound all traffic is allowed.

I try to configure the Inbound Rule from the ADS-Server.

 

Regards

Gerd

 

gerdhecken

Hi Ashrut,

Hi Yaronh,

 

thank you for your help. After I add several Ports to the security Group it´s all OK.

Cifs Setup works fine.

 

Type
Protocol
Port Range
Source
nameserver (42)
TCP (6)
42
0.0.0.0/0
DNS (TCP) (53)
TCP (6)
53
0.0.0.0/0
Custom TCP Rule
TCP (6)
88
0.0.0.0/0
LDAP (389)
TCP (6)
389
0.0.0.0/0
Custom TCP Rule
TCP (6)
445
0.0.0.0/0
Custom TCP Rule
TCP (6)
464
0.0.0.0/0
RDP (3389)
TCP (6)
3389
0.0.0.0/0
DNS (UDP) (53)
UDP (17)
53
0.0.0.0/0
ALL ICMP
ICMP (1)
ALL
0.0.0.0/0

 

Kindly Regards

Gerd

View solution in original post

ashrut

Hi Gerd,

 

One of the reason could be Security Groups (aka AWS firewalls), Does your security group for ADS/DNS server allow CIFS ,DBS, and PING traffic?

 

Security groups are per instance concept so even though everything lives in same subnet , certain instance can fail to reach other instance.

 

-Ashrut

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public