| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||||||||||||||
Solution Type Technical Instruction Sure Solution 1402248.1 : Sun Storage 7000 Unified Storage System: system log messages for Active Directory issues
In this Document
Created from <SR 3-3740498461> Applies to:Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A] Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A] Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A] Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A] 7000 Appliance OS (Fishworks) GoalThis document details system log messages that may be found in the ZFS Storage Appliance system log after a failure to join an Active Directory domain, and potential solutions.
To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances
FixThe system log can be found in the BUI under Maintenance - LOGS - SYSTEMIn the case of a failure to join an Active Directory domain, this log message is almost always seen: smbd[1938] error unable to join my.domain.com (UNSUCCESSFUL)Preceding this message, there should be a more specific message indicating the cause of the failure. Note the smbd[###], as the smbd service is the one that will be issuing the messages. The following are commonly logged causes and solutions:
LOGON_FAILURE:An incorrect password for the administrative account, or the account may have been locked out due to failed attempts to join. Check this at the Domain Controller, or by using another admin account.
Kerberos error xxxxxxxxxx:A problem with jumbo frame configuration, usually a mismatch between switch/server/appliance, or a firewall blocking TCP port 464 between the appliance and the server. Specifically, it means part of the Kerberos ticket negotiation never made it back to the ZFSSA.
DNS ERROR 3:Failed lookup for server DNS records. See <Document:1402003.1>.
Clock skew too great:The system time between the appliance and the selected Active Directory server do not match. Check NTP settings and/or manually set the time. For large differences, temporarily disable NTP on the appliance, manually set the time, then re-enable NTP. This is necessary because of a limit on the amount of time skew that NTP is permitted to correct. See <Document:1402154.1> for details on setting up NTP and syncing server time.
ldal_sasl_interactive_bind_s failed (Local error):Usually a Kerberos error of some sort. Check DNS settings as above, especially forward and reverse records for the ZFSSA. Also this could be due to insufficient permissions on the administrative account used. See <Document:1402173.1>.
Back to <Document 1402353.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues. References<NOTE:1402154.1> - Sun Storage 7000 Unified Storage System: Configuring the ZFSSA for Active Directory<NOTE:1402003.1> - Sun Storage 7000 Unified Storage System: DNS server settings required for integration of the ZFS Storage Appliance with Active Directory <NOTE:1402173.1> - Sun Storage 7000 Unified Storage System: Admin user privileges required to join the ZFSSA to an Active Directory Domain <NOTE:1402353.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues Attachments This solution has no attachment |
||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||