ONTAP Hardware

Implementing NAS on FAS 2620

NghiaTD

Dear All!

 

 I have a question about CIFS server. When I tried to configure NAS on FAS2620, i cannot create CIFS server in SVM fields required with error as below:

 

Data ONTAP API Failed: Failed to create the Active Directory machine account "VMS". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 0 ms] Trying to create machine account 'VMS' in 'VMS.NETAPP.LOCAL' for Vserver 'svm-nas1' [ 2005] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out **[ 4011] FAILURE: Unable to contact DNS to discover domain ** controllers. [ 4011] Unable to connect to any (0) domain controllers. [ 4011] 'NisDomain' configuration not available [ 4011] NIS configuration not found for Vserver 6 [ 6017] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out [ 6017] Unable to contact DNS to discover domain controllers. [ 8021] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out [ 8021] Unable to contact DNS to discover domain controllers. [ 10024] Failed to connect to 192.168.1.10 for DNS via Source Address 192.168.1.104: Operation timed out [ 10025] Unable to contact DNS to discover domain controllers. [ 10025] No servers available for MS_LDAP_AD, vserver: 6, domain: VMS.NETAPP.LOCAL. . (Error: 13001)

 

 Can someone instruction how to pass this field.

 

Thanks a lot

1 ACCEPTED SOLUTION

TMADOCTHOMAS

I see there's a clock skew error. You won't be able to join if the time is >5 minutes difference on the NetApp vs. the DC. Check your time settings on the NetApp and make sure they point to the same time server as your DC.

View solution in original post

12 REPLIES 12

TMADOCTHOMAS

Hi 

NghiaTD

Hi Thomas!

 

I've already created Active Directory Domain controller with infor:

vms.netapp.local

Ip: 192.168.1.10

 

And i've tried join AD from another server and it's ok.

What infor you want to check?

 

Thanks,

TMADOCTHOMAS

Check your DNS configuration in the SVM to see if it's correct.

NghiaTD

Hi Thomas!

 

I've tried with the following informations:

 

CIFS Setup:

 - NetBios Name: vms

 - Domain: vms.netapp.local

 - Organization unit: CN = Computers

 - User: administrator

 - Pass: ...

 

SVM DNS Configured Information:

 - DNS: vms.netapp.local

 - Server Name: 192.168.1.10

 

Server Configured Informations:

 - DNS: vms.netapp.local

 - IP: 192.168.1.10

 

Please check attach file for more informations

Thanks!

 

 

 

NghiaTD

Updated!

 

Already conntected to AD but created CIFS still failed!

 

The error returned by ONTAP is "Data ONTAP API Failed: Failed to create the Active Directory machine account "NETAPP-01". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 25] Loaded the preliminary configuration. [ 48] Created a machine account in the domain [ 48] Successfully connected to ip 192.168.1.10, port 445 using TCP [ 51] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup [ 51] Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_SKEW) [ 51] Kerberos authentication failed with result: 7537. [ 53] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED) for SMB command SessionSetup [ 53] Cluster and Domain Controller times differ by more than the configured clock skew (KRB5KRB_AP_ERR_SKEW) [ 53] Kerberos authentication failed with result: 7537. [ 53] Unable to connect to LSA service on vms-server-01.vms.netapp.local (Error: RESULT_ERROR_KERBEROS_SKEW) [ 53] No servers available for MS_LSA, vserver: 7, domain: vms.netapp.local. **[ 54] FAILURE: Unable to make a connection ** (LSA:VMS.NETAPP.LOCAL), result: 6940 [ 54] Could not find Windows SID 'S-1-5-21-3139160450-3593412140-2123682809-512' [ 56] Deleted existing account 'CN=NETAPP-01,CN=Computers,DC=vms,DC=netapp,DC=local' . "

TMADOCTHOMAS

I see there's a clock skew error. You won't be able to join if the time is >5 minutes difference on the NetApp vs. the DC. Check your time settings on the NetApp and make sure they point to the same time server as your DC.

View solution in original post

NghiaTD

Hi Thomas!

 

I've fixed and it's ok right now. 

 

Thank for your support.

TMADOCTHOMAS

Excellent! Glad to hear it is resolved.

NghiaTD

Hi Thomas!

 

 One more question!

 

 I have two Server running HA and using 1 database will be located at FAS2620. So, with this case I have to create 2 DNS servers or just need only 1 DNS Server when configure SVM.

  Because follow my understanding is if with 1 DNS server (example Server 1), when svr 1 down, svm will be disconnected with AD and I will cannot connect to FAS from Server 2? Is this right?

 

So with this case, what I have to do for best optimization?

 

Regards,

TMADOCTHOMAS

Good idea to have more than one DNS server anyway, not just because of NetApp SVM configuration. If one DNS server is down, the other takes over. You would configure each SVM with both DNS server IP addresses.

NghiaTD

Hi Thomas!

 

 OK, so with N servers I can create N dns?

 And, with NetApp (I just have 4 Ethernet ports 1Gbps e0c, e0d, e0e, e0f). How can create redundancy for connections links like some ways on another machine (teaming port, Ether Port channel...) ?

 I've created svm (ntapsvm1) with 2 connection: e0c (192.168.1.40), e0d (192.168.1.41). But I don't know how they can redundancy for each other. I also create svm account on dns server with informations: ntapsvm1 mapping with IP 192.168.1.40.

 

Regards,

 

 

TMADOCTHOMAS

For redundancy, create an interface group with the two interfaces, and assign the IP to the interface group (or add VLAN tags and assign to the tag).

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public