| Asset ID: |
1-75-1402353.1 |
| Update Date: | 2012-06-28 |
| Keywords: | |
Solution Type
Troubleshooting Sure
Solution
1402353.1
:
Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues
| Related Items |
- Sun Storage 7410 Unified Storage System
- Sun Storage 7310 Unified Storage System
- Sun ZFS Storage 7120
- Sun ZFS Storage 7420
- Sun Storage 7110 Unified Storage System
- Sun ZFS Storage 7320
- Sun Storage 7210 Unified Storage System
|
| Related Categories |
- PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
- .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
|
In this Document
Applies to:
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)
Purpose
This document provides a procedure to resolve problems integrating the ZFS Storage Appliance into an Active Directory environment. The ZFSSA must successfully join an Active Directory Domain to serve data to Windows/SMB clients, unless using Workgroup mode, which is beyond the scope of this document
Troubleshooting Steps
This document should be used to troubleshoot a failure to join an Active Directory Domain. Each of the following steps will provide instructions and/or a link to a document, to check for issues and provide corrective action as necessary.
NOTE: After a failed attempt to join an AD Domain from the BUI, you will often see a message indicating that the you either have a permission problem or the clocks are out of sync. This is the generic Domain join failure message and doesn't necessarily indicate either of those conditions.
1 - Verify Appliance Configuration Settings.
In addition to the Active Directory settings themselves, it is necessary to configure a DNS server that has the records required to join the Domain. also it may be necessary to configure an Active Directory Site and/or a preferred Domain Controller, and it is strongly recommended to configure NTP to synchronize clocks between the Domain Controllers and the appliance. <Document 1402154.1> covers these settings in detail.
2 - Verify the Administrative User Account.
On the Active Directory configuration screen in the BUI, a user account with permission to join the AD Domain and a password must be supplied. The security requirements for this account may be greater than those required to join a standard Windows system to the Domain. If the user account specified is not a member of the Domain Admins global group in the Domain to be joined, see <Document 1402173.1> for the specific privileges required for this account.
3 - Verify DNS Server-side Settings.
With Active Directory, DNS is used to locate Domain Controllers. Certain DNS records, primarily those of the SRV type are required to locate key Kerberos and Domain resources, and they must be entered correctly. It is also important that a host record and a PTR record (reverse lookup) be entered for each appliance node. See <Document 1402003.1> for detailed information on the required DNS records.
4 - Check for Windows Server 2008 / NTLMv2 issue.
If problems are experienced joining a 2008 domain, <Document 1402208.1> may help resolve an issue with a requirement for the NTLMv2 protocol.
5 - Check the system log.
<Document 1402248.1> shows how to get to the system log and details some common failure messages and solutions.
6 - Check known issues with the upgrade to 2011.1.
<Document 1402313.1> describes two known issues with the latest major software update.
7 - Other known issues.
<Document 1439858.1> describes a problem where all shares become unavailable via SMB when authentication by an Active Directory server fails.
8 - Collect data and contact Oracle ZFSSA Support.
At this point, if the issue has not been resolved by the troubleshooting steps above, raising a support case is recommended. Having the following data available will help to expedite a solution:
- A ZFSSA support bundle. See <Document 1019887.1>
- A network capture of the failed attempt to join the AD Domain. See <Document 1398376.1>
- Detailed information on the DNS and Active Directory configuration.
BAck to <Document 1416406.1> Sun ZFS Storage Appliances Troubleshooting Resource Center.
References
<NOTE:1019887.1> - Sun Storage 7000 Unified Storage System: How to collect a supportbundle using the BUI or CLI
<NOTE:1402248.1> - Sun Storage 7000 Unified Storage System: system log messages for Active Directory issues
<NOTE:1398376.1> - Sun Storage 7000 Unified Storage System: How to get a network trace to assist in troubleshooting network problems
<NOTE:1402003.1> - Sun Storage 7000 Unified Storage System: DNS server settings required for integration of the ZFS Storage Appliance with Active Directory
<NOTE:1402154.1> - Sun Storage 7000 Unified Storage System: Configuring the ZFSSA for Active Directory
<NOTE:1402173.1> - Sun Storage 7000 Unified Storage System: Admin user privileges required to join the ZFSSA to an Active Directory Domain
<NOTE:1402208.1> - Sun Storage 7000 Unified Storage System: Configuring the ZFSSA for Active Directory with NTLMv2 / Windows Server 2008
<NOTE:1402313.1> - Sun Storage 7000 Unified Storage System: ZFS Storage Appliance unable to join/reconnect to Active Directory Domain after upgrade to 2011.1
<NOTE:1416406.1> - Sun ZFS Storage Appliances Troubleshooting Resource Center
Attachments
This solution has no attachment
