Storage version: V300R003C10SPC100
AD domain controller: Windows 2012
Faulty symptom: CIFS users can't access CIFS shares on 5500V3 storage, and no alarm on storage.
1. Check AD domain controller status by command line, but after input command "show domain controller", it returns system busy.
2. After delete and re-join domain controller on Device Manager, the CIFS service restored.
3. Check the storage log, we can find the local domain controllers were unreachable before the issue happened.
4. Only the external domain controllers were reachable, but when storage try to establish connection with these external domain controllers, it found the 445 port was unreachable. In this cause, the clients can't get authentication from Domain controller and service interrupted.
1. Customer configured preferred by command "change domain ad_config". Refer to document(Chapter 8.1):
Normally, customer configure the preferred domain controllers when they have more than one datacenter(DC), and domain controllers in local DC are configured as preferred domain controllers. The storage can configure 3 local domain controllers and 3 external domain controllers.
2. Storage will routine check the domain controllers every 5 seconds, but only check the connectivity on port 389. The domain controller which was found unreachable will be removed from available domain controller list. Storage will also clear the available domain controller list every 4 hours, and get update the domain controller information from DNS server.
3. When user access the CIFS share, it need authentication from domain controller, and storage will tried connect the preferred domain controllers, then try non-preferred domain controllers. If all the domain controllers are not reachable(by check port 389), the storage will report alarm(No available domain controller).
4. In fact, for AD authentication, the storage need to communicate with domain controller both on port 389 and port 445. In this case, all the preferred domain controllers can't reachable on port 389 because network issue. And all the non-preferred domain controllers are reachable on port 389, but port 445. So, storage was still put external domain controllers in available list, didn't report alarm.
1. Fix the network issue between domain controllers and storage.
2. Upgrade V300R006C00SPH105 or later versions, from this version, we check both port 389 and port 445 on domain controllers.