No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess 6.5 Alarm Handling 05

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
1000001 AD Server Abnormal

1000001 AD Server Abnormal

Description

The alarm module checks the Domain Name System (AD) server every 2 minutes. This alarm is generated when the alarm module detects that the AD server is abnormal or unavailable for three consecutive times. This alarm is cleared when the alarm module detects that the AD server becomes normal.

Attribute

Alarm ID

Alarm Severity

Auto Clear

1000001

Critical

Yes

Parameters

Name

Meaning

Alarm ID

Identifies an alarm. Each alarm is uniquely identified by an alarm ID and an alarm name.

Alarm Severity

Indicates the severity of an alarm. Value:

  • Critical: indicates that a fault affecting services provided by the system occurs. You need to rectify the fault immediately. If a device or resource is faulty, rectify it immediately even if the fault occurs during non-working hours.
  • Major: indicates that a fault affecting the service quality of the system occurs. You need to rectify the fault immediately. If the service quality of a device or resource is degraded, rectify it immediately during working hours.
  • Minor: indicates a fault that does not affect service quality. To prevent more serious faults, this type of alarm needs to be observed or handled if necessary.
  • Warning: indicates a fault that may affect service quality. This type of alarm must be handled based on the error type.

Alarm Name

Identifies an alarm. Each alarm is uniquely identified by an alarm ID and an alarm name.

Object Type

Specifies the type of the object for which the alarm is generated.

Alarm Object Name

Specifies the name of the object for which the alarm is generated.

Generation Time

Specifies the time when the alarm is generated.

Clear Time

Specifies the time when the alarm is cleared.

Clear Mode

Specifies whether the alarm is manually or automatically cleared.

Operation

Specifies the operation that can be performed on the alarm.

Value: Manually Clear Alarm

Impact on the System

Users cannot log in to VMs using accounts (in domain mode: domain accounts or local accounts, in non domain mode: local accounts).

Possible Causes

  • IP address conflict.
  • The IP address has been changed. The alarms generated by the IP address must be manually cleared and the alarm component information must be reconfigured.
  • The network is faulty.
  • The DNS server is not running properly.
  • The DNS host record of the domain controller is lost or deleted.
  • AD is dedomain.

Procedure

  1. Check the OS of the server on which the alarm is generated.

    • If the OS is Windows, go to Step 2.
    • If the OS is Linux, go to Step 34.

  2. Log in to FusionAccess and choose System > Initial Configuration > Domain/OU to view the domain account configured for the faulty AD. Use the account to log in to the AD server and check whether the login is successful.

  3. If the login is successful, one possible cause for the alarm is that the password of the domain account is changed but is not synchronized to FusionAccess. Log in to FusionAccess and choose System > Initial Configuration > Domain/OU to reconfigure a domain account for the faulty AD.
  4. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 12.
    • If no, no further operation is required.

  5. View the cause for the login failure.

    • If the cause is password expiration, go to Step 6.
    • If the cause is account expiration, go to Step 8.
    • If the cause is account expiration, go to Step 10.
    • Otherwise, contact Huawei technical support.

  6. Use the domain account queried in Step 2 to log in to the AD and change the account password. Log in to FusionAccess and choose System > Initial Configuration > Domain/OU to reconfigure a domain account for the faulty AD.
  7. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 12.
    • If no, no further operation is required.

  8. Log in to the AD using another administrator account and choose > Windows Administrative Tools > Active Directory Users and Computers > Infrastructure Domain Name (for example, vdesktop.huawei.com) > Infrastructure Server OU Name (for example, UserOU). Right-click the locked domain account and choose Properties > Account. Select Unlock account, set Account expires to the time later than the current date or select Never, and click OK.
  9. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 12.
    • If no, no further operation is required.

  10. Log in to the AD using another administrator account and choose > Windows Administrative Tools > Active Directory Users and Computers > Infrastructure Domain Name (for example, vdesktop.huawei.com) > Infrastructure Server OU Name (for example, UserOU). Right-click the locked domain account and choose Properties > Account. Select Unlock account and click OK to unlock the domain account.
  11. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 12.
    • If no, no further operation is required.

  12. Log in to the ITA server as user gandalf, and check whether the AD server network is normal. Run ping -c 3 IP address of the AD server on the CLI to check whether the network is normal.

    • If yes, go to Step 18.
    • If no, go to Step 13.

      The communication is normal if the command output is as follows:

      PING 192.168.190.2 (192.168.190.2) 56(84) bytes of data. 
      64 bytes from 192.168.190.2: icmp_seq=1 ttl=64 time=0.047 ms 
      64 bytes from 192.168.190.2: icmp_seq=2 ttl=64 time=0.057 ms 
      64 bytes from 192.168.190.2: icmp_seq=3 ttl=64 time=0.058 ms 
      (Note: The IP addresses are only examples. Use the actual IP addresses.)

  13. Log in to the AD server using the domain administrator account, choose > Control Panel > Network and Internet > Network Connections, right-click the AD service NIC, choose Properties, choose Internet Protocol Version 4 (TCP/IPv4), click Properties, click Advanced, choose DNS in the advanced TCP/IP settings window, and check whether Register this connection's addresses in DNS is selected, as shown in Figure 78-1.

    Figure 78-1 Advanced TCP/IP Settings

  14. Select Register this connection's addresses in DNS, and click OK.
  15. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 16.
    • If no, no further operation is required.

  16. Locate and rectify the network fault based on the actual situation on site.
  17. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 18.
    • If no, no further operation is required.

  18. Log in to the AD server using an existing domain account, and check whether TCP port 445 is available.

    • Choose Start > Run, enter cmd, and click OK to enter the command-line interface (CLI).
    • Enter netstat -ano|findstr port. Check whether the status of the port is LISTENING.
    • If yes, go to Step 21.
    • If no, go to Step 19.

  19. Locate and rectify the TCP port fault.
  20. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 21.
    • If no, no further action is required.

  21. Choose > Windows Administrative Tools > Services to open the service list and check whether the status of Huawei Monitor Service is Started.

  22. Right-click Huawei Monitor Service and choose Restart or Start. Check whether the status of Huawei Monitor Service is Started.

    • If yes, go to Step 23.
    • If no, contact Huawei technical support.

  23. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 24.
    • If no, no further operation is required.

  24. On the service list, check whether the status of Active Directory Domain Services is normal. See Figure 78-2.

    • If yes, go to Step 25.
    • If no, contact Huawei technical support.
    Figure 78-2 Active Directory Domain Services

  25. Create a domain user on the AD server. The account name is ADTest.

    For details, see Service Provisioning > Creating VM Users > Creating a Domain User in the FusionAccess Desktop Solution 6.5 Windows Desktop Management Guide.

  26. Check whether the domain user is created successfully.

  27. After 5 to 10 minutes, choose > Windows Administrative Tools > Active Directory Users and Computers.
  28. Right-click the domain name, and choose Refresh. Click the organization unit (OU) to which the ADTest account belongs, and check whether the ADTest account is displayed in the right pane.

  29. Right-click the ADTest account, and choose Delete.

    After this step, go to Step 31.

  30. Restart the AD server.
  31. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 32.
    • If no, no further operation is required.

  32. Restore the faulty AD server.

    For details, see Backup and Restoration > System Restoration > Restoring the AD/DNS/DHCP Server in the FusionAccess Desktop Solution 6.5 System Management Guide.

  33. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, contact Huawei technical support.
    • If no, no further operation is required.

  34. Log in to the server where the alarm is generated using an administrator account and run the arping -c 3 -f -D -I eth0 IP address of the server where the alarm is generated command to check whether IP conflict occurs.

    • If yes, go to Step 35.
    • If no, go to Step 44.

      If the information similar to the following is displayed, no IP conflict occurs:

      ARPING 192.168.162.11 from 0.0.0.0 eth0 
      Sent 3 probes (3 broadcast(s)) 
      Received 0 response(s) 
      (Note: The IP addresses are only examples. Use the actual IP addresses.)     

      If the information similar to the following is displayed, IP conflict occurs:

      ARPING 192.168.162.11 from 0.0.0.0 eth0 
      Unicast reply from 192.168.162.11 [12:6E:D4:AB:CD:EF]  1.022ms 
      Sent 1 probes (1 broadcast(s)) 
      Received 1 response(s) 
      (Note: The preceding IP addresses and MAC addresses are only examples. Use the actual IP addresses and MAC addresses.)     

  35. Log in to the server that causes the IP conflict, shut down the server or change the server IP address, and run the arping -c 3 -f -D -I eth0 IP address of the server where the alarm is generated command again on the server where the alarm is generated to check whether the IP conflict persists.

    • If yes, contact Huawei technical support.
    • If no, go to Step 36.

  36. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 44.
    • If no, no further operation is required.

  37. Log in to FusionAccess and choose System > Initial Configuration > Domain/OU to view the domain account configured for the faulty AD. On the server where the alarm is generated, run the su command to become the root user, then run the pdbedit -u domain account -v command to check whether the status (Account Flags) of the domain account.

    • If the status of the domain account is DUX or contains D, go to Step 38.
    • If the status of the domain account is ULX or contains L, go to Step 40.
    • If the status of the domain account is U or does not contain X, go to Step 40.
    • If the status of the domain account is UX, go to Step 42.
    • If the status of the domain account is others, go to Step 44.

      The information similar to the following is displayed:

      linux-xxx:/home/FusionAccess # pdbedit -u vdsadmin -v 
      Unix username:        vdsadmin 
      NT username: 
      Account Flags:        [UX         ]     

  38. Run the samba-tool user enable domain account command to unlock the domain account.
  39. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 44.
    • If no, no further operation is required.

  40. Run the samba-tool user setexpiry --noexpiry domain account command to make the account never expire.
  41. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 44.
    • If no, no further operation is required.

  42. If the status of the domain account is normal, one possible cause for the alarm is that the password of the domain account is changed but is not synchronized to FusionAccess. Log in to FusionAccess and choose System > Initial Configuration > Domain/OU to reconfigure a domain account for the faulty AD.
  43. Choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, go to Step 44.
    • If no, no further operation is required.

  44. On the server where the alarm is generated, run the service samba-ad status to check whether the status of samba-ad is normal.

    • If yes, contact Huawei technical support.
    • If no, go to Step 45.

  45. Run service samba-ad restart to restart samba-ad. Two minutes after successful restart, choose FusionAccess > Alarm to check whether the alarm still exists.

    • If yes, contact Huawei technical support.
    • If no, no further operation is required.

Related Information

None

Translation
Download
Updated: 2019-12-13

Document ID: EDOC1100061083

Views: 6988

Downloads: 20

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next