No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CIFS share access failed on 5500V3 because of AD domain controller is not reachable

Publication Date:  2018-02-21 Views:  104 Downloads:  0
Issue Description

Storage version: V300R003C10SPC100

AD domain controller: Windows 2012

Faulty symptom: CIFS users can't access CIFS shares on 5500V3 storage, and no alarm on storage.

Handling Process

1. Check AD domain controller status by command line, but after input command "show domain controller", it returns system busy.

2. After delete and re-join domain controller on Device Manager, the CIFS service restored.

3. Check the storage log, we can find the local domain controllers were unreachable before the issue happened.

4. Only the external domain controllers were reachable, but when storage try to establish connection with these external domain controllers, it found the 445 port was unreachable. In this cause, the clients can't get authentication from Domain controller and service interrupted.

Root Cause

1. Customer configured preferred by command "change domain ad_config". Refer to document(Chapter 8.1):

http://support.huawei.com/enterprise/en/doc/DOC1000084195?idPath=7919749%7C7941815%7C21430818%7C21462748%7C21122033

Normally, customer configure the preferred domain controllers when they have more than one datacenter(DC), and domain controllers in local DC are configured as preferred domain controllers. The storage can configure 3 local domain controllers and 3 external domain controllers.

2. Storage will routine check the domain controllers every 5 seconds, but only check the connectivity on port 389. The domain controller which was found unreachable will be removed from available domain controller list. Storage will also clear the available domain controller list every 4 hours,  and get update the domain controller information from DNS server.

3. When user access the CIFS share, it need authentication from domain controller, and storage will tried connect the preferred domain controllers, then try non-preferred domain controllers. If all the domain controllers are not reachable(by check port 389), the storage will report alarm(No available domain controller).

4. In fact, for AD authentication, the storage need to communicate with domain controller both on port 389 and port 445. In this case, all the preferred domain controllers can't reachable on port 389 because network issue. And all the non-preferred domain controllers are reachable on port 389, but port 445. So, storage was still put external domain controllers in available list, didn't report alarm.

 

Solution

1. Fix the network issue between domain controllers and storage.

2. Upgrade V300R006C00SPH105 or later versions, from this version, we check both port 389 and port 445 on domain controllers.

END