toasters January 2006

toasters@lists.teaparty.net

86 participants
100 discussions

FW: It supplies us the convenience of ordering mitigating products online and delivered to our home.
by Flammery 27 Jan '06

27 Jan '06

Hey beautiful, Now you understand where I've been purchasing such awesome commodities! Always yours, Flammery ----- Original Message ----- From: "Bay" <bent(a)abdellatif.com> To: "Flammery" <kethabby(a)travel.mail.ru> Sent: Wednesday, January 25, 2006 2:19 PM Subject: It supplies us the convenience of ordering mitigating products online and delivered to our home. Hey chum, Flammery It took some extensive searching, but I scouted out one express outlet that's really gonna provide better selections for us. Since you are always looking out for me, I want to tell you this great outlet with broader range of health products. We cherish being able to obtain the health supplements from the convenience of our apartment. http://imsc.RmB.waytocaptureallthese.com Just go to this shopping heaven. From this day forward, our life is going to be easier. Immediately following selecting the suitable treatment is the prompt consignment to your home! This website deals in the same item as the local outlet, simply less costly. Truly and always yours, Bay

1 0

LDAP mapping
by Outdoorchik2 27 Jan '06

27 Jan '06

Hi, We've been successful with this configuration. Key is to use ldap.ADdomain to specify the ldap server - use FQDN (not netbios domain name). When using ADdomain, the NetApp will find all AD integrated LDAP servers for that domain. When using AD integrated LDAP, don't put any entries into the ldap server or preferrred ldap server options. In order to get proper return for a person's secondary groups, msSFU30MemberUid has to be used. This isn't the attribute that is filled in when using the "Users and Computers" GUI (msSFU30PosixMember is filled in when using the GUI and this one won't work with a NetApp filer). There is no place in the GUI to directly add to or adit msSFU30MemberUid. It has to be edited with an LDAP edit tool or ADSI edit. ------------ Also the NetApp /etc/nsswitch.conf file has to point to LDAP for passwd, shadow,group info: filer*> options ldap ldap.ADdomain example.com ldap.base dc=example,dc=com ldap.base.group ldap.base.netgroup ldap.base.passwd ldap.enable on ldap.name cn=my_user,ou=my_users,dc=example,dc=com ldap.nssmap.attribute.gecos name ldap.nssmap.attribute.gidNumber msSFU30GidNumber ldap.nssmap.attribute.groupname cn ldap.nssmap.attribute.homeDirectory msSFU30HomeDirectory ldap.nssmap.attribute.loginShell msSFU30LoginShell ldap.nssmap.attribute.memberNisNetgroup ldap.nssmap.attribute.memberUid msSFU30MemberUid ldap.nssmap.attribute.netgroupname ldap.nssmap.attribute.nisNetgroupTriple ldap.nssmap.attribute.uid sAMAccountName ldap.nssmap.attribute.uidNumber msSFU30UidNumber ldap.nssmap.attribute.userPassword msSFU30Password ldap.nssmap.objectClass.nisNetgroup ldap.nssmap.objectClass.posixAccount User ldap.nssmap.objectClass.posixGroup Group ldap.passwd ****** ldap.port 389 ldap.servers ldap.servers.preferred ---------------- hosts: files dns nis passwd: files ldap netgroup: files nis group: files ldap shadow: files ldap ------------------------ To test if the NetApp is returning info, use the getXXbyYY command. If the filer returns info, but the client doesn't, then you will be able to tell if it is a client or filer issue. filer>priv set advanced filer*>getXXbyYY getpwbyname_r unix_user_name (returns passwd info) filer*>getXXbyYY getgrbyname unix_group_name (returns GID) filer*>getXXbyYY getgrlist unix_user_name (returns that person's groups) Thanks -O --------------------------------- Bring words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail.

1 0

Number of flexvols ?
by Premanshu Jain 27 Jan '06

27 Jan '06

We are ready to roll out flex-vols and are discussing about the possible performance impact of having lot of flex-vols on a aggregate. We are talking about having 20-30 flex-vols per aggregate. Please share your experience/recommendations ?

4 4

RE: CIFS PDC Issues
by Sphar, Mike 27 Jan '06

27 Jan '06

Is there really any reason to still use WINS if your network is all active-directory at this point? Only reason I can think of is if you still have Windows 95/NT-era boxes floating around. But even then, the Netapps don't necessarily have to use WINS, you could just make manual WINS entries for them. -- Michael W. Sphar - IS&T - Lead Systems Administrator SMBU Engineering Support Services, BMC Software _____ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Lai, Derek Sent: Friday, January 27, 2006 11:44 AM To: markallen(a)micron.com; aaron.hill(a)cba.com.au; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues > If I use prefdc and all of my DC's in my list become unavailible will the filer automatically broadcast to find a DC? Yes I think it will. The problem I've had is similar to yours in that we had a bunch of domain controllers out in the branches that we demoted late last year. These were never removed from WINS. So periodically the filer tries to ping all of them. Alot of these addresses no longer exist so we are getting alerts because a server is trying to ping invalid addresses. I opened a case with NetApp and the support engineer suggested that setting prefdc would preclude the filer from trying to access the rest of the domain controllers that are no longer there. That did not work. The other suggestion I got was to remove WINS from CIFS SETUP altogether. Derek _____ From: markallen(a)micron.com [mailto:markallen@micron.com] Sent: Friday, January 27, 2006 7:04 AM To: aaron.hill(a)cba.com.au; Lai, Derek; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Aaron, Thanks for the information. We found out that one of our DC's were upgraded and moved to a different domain. WINS was never updated to reflect this change so the filers still see this DC as a valid DC in their domain. I'm going to use prefdc until our Windows crew removes this system from WINS. I'm running 6.5.5 on the majority of the filers we saw impact on. I still seen issues on two filers running 7.02. The cifs resetdc would work on some of the filers but not all of them. On two of the filers I had to actually terminate cifs and do a cifs setup to bring it back to life. I had to use prefdc on one filer because if kept trying to rebind to the DC that shouldn't be listed in our domain. This was the only work around I could think of at the time. If I use prefdc and all of my DC's in my list become unavailible will the filer automatically broadcast to find a DC? -Mark _____ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Hill, Aaron Sent: Thursday, January 26, 2006 6:19 PM To: 'Lai, Derek'; markallen; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Yeah, we saw something like this a few times with Win2k AD DC's periodically last year. The issue was intermittent and could affect 1 filer in a cluster even though they had the same settings. Deep analysis was done involving packet traces, Microsoft/NetApp escalation concalls and stubbornly attempting to reproduce the issue in a lab without success. The root cause was never fully determined and the only fix we had was reactive ..... cifs resetdc to re-establish the authenticated pipe with the DC's. Essentially, anyone with an existing CIFS session established was ok. They could operate as per normal. It was clients attempting new connections that were met with the "Access is denied" message. Do you know if ALL sessions were affected, existing AND new? Our problem may have been a little different to you in that we had a defined prefdc list of 5 DC's. It seemed that if 1 DC "authentication pipe" shutdown with the filer, the filer was not smart enough to move onto the next one in the list. This is essentially because the only way a DC was tested as being "available" was by a ping test. Something they call DCPING as part of the Filer AD site awareness. NetApp did release a fix in 6.5.6 (or maybe a slightly earlier P release) that made the DC test a little smarter. I believe it now uses the ability to establish a pipe as an available DC criteria. We haven't had any reported incidents in the past few months, so it may have helped. It is hard to say due to the intermittent nature. I will try and track down our original case number if it helps. Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. -----> This is very similar to the error we would see just before connections dropped for the clients. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file:///\\WNTNANI\> : Connection terminated ----> This happens regularly and isn't anything to be concerned about. EXCEPT apparently when it follows the previous message and no sessions are attempted to be established with other DC's. The other messages look familiar, but I can't be sure. What does your "testdc" return? Does this affect all filers or only some? i.e. Like one cluster partner affected without the other. Are your DC's experiencing any issues? i.e. Are the Domain Controller services and dependent services all up and running? Can you connect to a share on your domain controllers directly when this happens? Good luck, Aaron _____ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Lai, Derek Sent: Friday, 27 January 2006 10:14 AM To: markallen(a)micron.com; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Are the times synced up between filer and the domain controllers? Kerberos is very time sensitive. Derek _____ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of markallen(a)micron.com Sent: Thursday, January 26, 2006 2:13 PM To: toasters(a)mathworks.com Subject: CIFS PDC Issues Today I had several filers at different OS levels stop serving data via CIFS with the following errors. I had to stop and restart CIFS to get CIFS working properly. The filer acted as if its kerberos ticket wasn't valid with any of the domain controllers. Has anyone seen this before? Cifs domain info command: Not currently connected to any DCs Preferred Addresses: None Favored Addresses: ip WNTNABO2 PDCBROKEN ip WNTNABO1 PDCBROKEN Other Addresses: ip WNTNABO4 PDCBROKEN ip WNTNACRUBO1 PDCBROKEN /etc/messages output: Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file:///\\WNTNANI> : Connection terminated. Thu Jan 26 15:04:07 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:04:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:04:39 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:05:11 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for . Thu Jan 26 15:05:43 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:07:01 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:09:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Any insight into this would really help me out. I have a case open with Netapp as well. -Mark ************** IMPORTANT MESSAGE ************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ***************************************************************

2 1

RE: CIFS PDC Issues
by Lai, Derek 27 Jan '06

27 Jan '06

> If I use prefdc and all of my DC's in my list become unavailible will the filer automatically broadcast to find a DC? Yes I think it will. The problem I've had is similar to yours in that we had a bunch of domain controllers out in the branches that we demoted late last year. These were never removed from WINS. So periodically the filer tries to ping all of them. Alot of these addresses no longer exist so we are getting alerts because a server is trying to ping invalid addresses. I opened a case with NetApp and the support engineer suggested that setting prefdc would preclude the filer from trying to access the rest of the domain controllers that are no longer there. That did not work. The other suggestion I got was to remove WINS from CIFS SETUP altogether. Derek ________________________________ From: markallen(a)micron.com [mailto:markallen@micron.com] Sent: Friday, January 27, 2006 7:04 AM To: aaron.hill(a)cba.com.au; Lai, Derek; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Aaron, Thanks for the information. We found out that one of our DC's were upgraded and moved to a different domain. WINS was never updated to reflect this change so the filers still see this DC as a valid DC in their domain. I'm going to use prefdc until our Windows crew removes this system from WINS. I'm running 6.5.5 on the majority of the filers we saw impact on. I still seen issues on two filers running 7.02. The cifs resetdc would work on some of the filers but not all of them. On two of the filers I had to actually terminate cifs and do a cifs setup to bring it back to life. I had to use prefdc on one filer because if kept trying to rebind to the DC that shouldn't be listed in our domain. This was the only work around I could think of at the time. If I use prefdc and all of my DC's in my list become unavailible will the filer automatically broadcast to find a DC? -Mark ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Hill, Aaron Sent: Thursday, January 26, 2006 6:19 PM To: 'Lai, Derek'; markallen; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Yeah, we saw something like this a few times with Win2k AD DC's periodically last year. The issue was intermittent and could affect 1 filer in a cluster even though they had the same settings. Deep analysis was done involving packet traces, Microsoft/NetApp escalation concalls and stubbornly attempting to reproduce the issue in a lab without success. The root cause was never fully determined and the only fix we had was reactive ..... cifs resetdc to re-establish the authenticated pipe with the DC's. Essentially, anyone with an existing CIFS session established was ok. They could operate as per normal. It was clients attempting new connections that were met with the "Access is denied" message. Do you know if ALL sessions were affected, existing AND new? Our problem may have been a little different to you in that we had a defined prefdc list of 5 DC's. It seemed that if 1 DC "authentication pipe" shutdown with the filer, the filer was not smart enough to move onto the next one in the list. This is essentially because the only way a DC was tested as being "available" was by a ping test. Something they call DCPING as part of the Filer AD site awareness. NetApp did release a fix in 6.5.6 (or maybe a slightly earlier P release) that made the DC test a little smarter. I believe it now uses the ability to establish a pipe as an available DC criteria. We haven't had any reported incidents in the past few months, so it may have helped. It is hard to say due to the intermittent nature. I will try and track down our original case number if it helps. Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. -----> This is very similar to the error we would see just before connections dropped for the clients. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file://WNTNANI/> : Connection terminated ----> This happens regularly and isn't anything to be concerned about. EXCEPT apparently when it follows the previous message and no sessions are attempted to be established with other DC's. The other messages look familiar, but I can't be sure. What does your "testdc" return? Does this affect all filers or only some? i.e. Like one cluster partner affected without the other. Are your DC's experiencing any issues? i.e. Are the Domain Controller services and dependent services all up and running? Can you connect to a share on your domain controllers directly when this happens? Good luck, Aaron ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Lai, Derek Sent: Friday, 27 January 2006 10:14 AM To: markallen(a)micron.com; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Are the times synced up between filer and the domain controllers? Kerberos is very time sensitive. Derek ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of markallen(a)micron.com Sent: Thursday, January 26, 2006 2:13 PM To: toasters(a)mathworks.com Subject: CIFS PDC Issues Today I had several filers at different OS levels stop serving data via CIFS with the following errors. I had to stop and restart CIFS to get CIFS working properly. The filer acted as if its kerberos ticket wasn't valid with any of the domain controllers. Has anyone seen this before? Cifs domain info command: Not currently connected to any DCs Preferred Addresses: None Favored Addresses: ip WNTNABO2 PDCBROKEN ip WNTNABO1 PDCBROKEN Other Addresses: ip WNTNABO4 PDCBROKEN ip WNTNACRUBO1 PDCBROKEN /etc/messages output: Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file://\\WNTNANI> : Connection terminated. Thu Jan 26 15:04:07 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:04:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:04:39 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:05:11 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for . Thu Jan 26 15:05:43 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:07:01 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:09:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Any insight into this would really help me out. I have a case open with Netapp as well. -Mark ************** IMPORTANT MESSAGE ************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ***************************************************************

1 0

LDAP user mapping
by Graeme Fowler 27 Jan '06

27 Jan '06

Hi Anyone out there successfully using CIFS-To-UNIX username mapping via LDAP lookups against an Active Directory...? To cut a long story short, I have a filer simulator in a development lab with a bunch of qtree (UNIX security style) NFS exports which I also need CIFS access to from a specific workstation. The workstation can connect & browse the CIFS share without issue, but always maps to the "anonymous" user nfsnobody. We've extended the AD schema using Microsoft's Service For Unix 3.5, we have users in the AD with UNIX attributes, and we can successfully use those accounts without a problem on UNIX workstations using pam_ldap and nss_ldap. I'm damned, however, if I can make the filer work. After checking and rechecking the configuration oodles of times, and running "wcc -u <username>", I continue to get "no passwd entry for <username>" on the filer, and the CIFS access is still wrong. Any advice greatly appreciated - once I've got the sim working I can push a project forwards in a live environment. Regards Graeme -- Graeme Fowler Hosting Development Engineer PIPEX This e-mail is subject to: http://www.pipex.net/disclaimer.html

1 0

RE: CIFS PDC Issues
by markallen＠micron.com 27 Jan '06

27 Jan '06

Aaron, Thanks for the information. We found out that one of our DC's were upgraded and moved to a different domain. WINS was never updated to reflect this change so the filers still see this DC as a valid DC in their domain. I'm going to use prefdc until our Windows crew removes this system from WINS. I'm running 6.5.5 on the majority of the filers we saw impact on. I still seen issues on two filers running 7.02. The cifs resetdc would work on some of the filers but not all of them. On two of the filers I had to actually terminate cifs and do a cifs setup to bring it back to life. I had to use prefdc on one filer because if kept trying to rebind to the DC that shouldn't be listed in our domain. This was the only work around I could think of at the time. If I use prefdc and all of my DC's in my list become unavailible will the filer automatically broadcast to find a DC? -Mark ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Hill, Aaron Sent: Thursday, January 26, 2006 6:19 PM To: 'Lai, Derek'; markallen; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Yeah, we saw something like this a few times with Win2k AD DC's periodically last year. The issue was intermittent and could affect 1 filer in a cluster even though they had the same settings. Deep analysis was done involving packet traces, Microsoft/NetApp escalation concalls and stubbornly attempting to reproduce the issue in a lab without success. The root cause was never fully determined and the only fix we had was reactive ..... cifs resetdc to re-establish the authenticated pipe with the DC's. Essentially, anyone with an existing CIFS session established was ok. They could operate as per normal. It was clients attempting new connections that were met with the "Access is denied" message. Do you know if ALL sessions were affected, existing AND new? Our problem may have been a little different to you in that we had a defined prefdc list of 5 DC's. It seemed that if 1 DC "authentication pipe" shutdown with the filer, the filer was not smart enough to move onto the next one in the list. This is essentially because the only way a DC was tested as being "available" was by a ping test. Something they call DCPING as part of the Filer AD site awareness. NetApp did release a fix in 6.5.6 (or maybe a slightly earlier P release) that made the DC test a little smarter. I believe it now uses the ability to establish a pipe as an available DC criteria. We haven't had any reported incidents in the past few months, so it may have helped. It is hard to say due to the intermittent nature. I will try and track down our original case number if it helps. Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. -----> This is very similar to the error we would see just before connections dropped for the clients. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file://WNTNANI/> : Connection terminated ----> This happens regularly and isn't anything to be concerned about. EXCEPT apparently when it follows the previous message and no sessions are attempted to be established with other DC's. The other messages look familiar, but I can't be sure. What does your "testdc" return? Does this affect all filers or only some? i.e. Like one cluster partner affected without the other. Are your DC's experiencing any issues? i.e. Are the Domain Controller services and dependent services all up and running? Can you connect to a share on your domain controllers directly when this happens? Good luck, Aaron ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Lai, Derek Sent: Friday, 27 January 2006 10:14 AM To: markallen(a)micron.com; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Are the times synced up between filer and the domain controllers? Kerberos is very time sensitive. Derek ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of markallen(a)micron.com Sent: Thursday, January 26, 2006 2:13 PM To: toasters(a)mathworks.com Subject: CIFS PDC Issues Today I had several filers at different OS levels stop serving data via CIFS with the following errors. I had to stop and restart CIFS to get CIFS working properly. The filer acted as if its kerberos ticket wasn't valid with any of the domain controllers. Has anyone seen this before? Cifs domain info command: Not currently connected to any DCs Preferred Addresses: None Favored Addresses: ip WNTNABO2 PDCBROKEN ip WNTNABO1 PDCBROKEN Other Addresses: ip WNTNABO4 PDCBROKEN ip WNTNACRUBO1 PDCBROKEN /etc/messages output: Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file://\\WNTNANI> : Connection terminated. Thu Jan 26 15:04:07 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:04:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:04:39 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:05:11 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for . Thu Jan 26 15:05:43 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:07:01 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:09:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Any insight into this would really help me out. I have a case open with Netapp as well. -Mark ************** IMPORTANT MESSAGE ************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ***************************************************************

1 0

RE: Number of flexvols ?
by Glenn Walker 27 Jan '06

27 Jan '06

There are two potential issues with having any number of flexvols: Performance DR Capabilities Performance: Not so much an issue with having too many, as too busy flexvols... Know what your applications are doing and size the underlying disks accordingly. It is possible (with the current versions of ONTAP - future ones _may_ address this) to starve one flexvol due to IO on another one. Having more disks in the aggr will help to address this and depending on the type of data (online transaction vs decision support for example) this may never surface. Plan accordingly based on the type of workload you have! DR Capabilities: In the rare event that you have an aggr go offline, you will lose access to all underlying flexvols - if this is a concern to you, please place mission critical accordingly. That said, use the imbedded technologies in ONTAP to protect you as much as possible (MPIO, RAID-DP, CFO). Placing separate data sets on multiple aggregates for Business Continuance is probably about as safe as placing the separate data sets on multiple filers - RAID-DP failures are very rare and are not seen in the wild to a great degree. Hoe this helps... Glenn -----Original Message----- From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Skottie Miller Sent: Thursday, January 26, 2006 4:35 PM To: Premanshu Jain Cc: toasters(a)mathworks.com Subject: Re: Number of flexvols ? I mis-red this, and my brain inserted the phrase "flex cache vols". Thats been a focus for us lately. so, when someone asks that question, at least one answer's been posted ;-) As for local resident volumes, "use them instead of qtrees" is what I've heard from NetAPp, which implese "use alot of them". 20 - 30 should not be an issue. -skottie Premanshu Jain wrote: > > We are ready to roll out flex-vols and are discussing about the possible > performance impact of having lot of flex-vols on a aggregate. We are > talking about having 20-30 flex-vols per aggregate. > > Please share your experience/recommendations ? > > -- Scott Miller skottie(a)anim.DreamWorks.com

1 0

RE: CIFS PDC Issues
by Glenn Walker 27 Jan '06

27 Jan '06

My $.02 Having the ONTAP version would be helpful here. A few thoughts of my own, based on my history with ONTAP and CIFS: Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. <-- This error is indicative of the DC not liking the filer SPN, from what I can gather. Your filer isn't using Kerberized NFS by chance is it? The other possibility of the above error would be using a different KRB realm - having an NFS and CIFS realm that do not match was only recently supported (if that version is out yet). Thu Jan 26 15:04:39 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for <-- I feel that this error is indicative of the filer not being able to connect to the DC. If this were a simple DNS\WINS error, I don't believe that it would be under the auth threads. A PKTT during the issue would be IMMENSELY helpful here. Glenn ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Hill, Aaron Sent: Thursday, January 26, 2006 8:19 PM To: 'Lai, Derek'; markallen(a)micron.com; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Yeah, we saw something like this a few times with Win2k AD DC's periodically last year. The issue was intermittent and could affect 1 filer in a cluster even though they had the same settings. Deep analysis was done involving packet traces, Microsoft/NetApp escalation concalls and stubbornly attempting to reproduce the issue in a lab without success. The root cause was never fully determined and the only fix we had was reactive ..... cifs resetdc to re-establish the authenticated pipe with the DC's. Essentially, anyone with an existing CIFS session established was ok. They could operate as per normal. It was clients attempting new connections that were met with the "Access is denied" message. Do you know if ALL sessions were affected, existing AND new? Our problem may have been a little different to you in that we had a defined prefdc list of 5 DC's. It seemed that if 1 DC "authentication pipe" shutdown with the filer, the filer was not smart enough to move onto the next one in the list. This is essentially because the only way a DC was tested as being "available" was by a ping test. Something they call DCPING as part of the Filer AD site awareness. NetApp did release a fix in 6.5.6 (or maybe a slightly earlier P release) that made the DC test a little smarter. I believe it now uses the ability to establish a pipe as an available DC criteria. We haven't had any reported incidents in the past few months, so it may have helped. It is hard to say due to the intermittent nature. I will try and track down our original case number if it helps. Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. -----> This is very similar to the error we would see just before connections dropped for the clients. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file:///\\WNTNANI\> : Connection terminated ----> This happens regularly and isn't anything to be concerned about. EXCEPT apparently when it follows the previous message and no sessions are attempted to be established with other DC's. The other messages look familiar, but I can't be sure. What does your "testdc" return? Does this affect all filers or only some? i.e. Like one cluster partner affected without the other. Are your DC's experiencing any issues? i.e. Are the Domain Controller services and dependent services all up and running? Can you connect to a share on your domain controllers directly when this happens? Good luck, Aaron ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Lai, Derek Sent: Friday, 27 January 2006 10:14 AM To: markallen(a)micron.com; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Are the times synced up between filer and the domain controllers? Kerberos is very time sensitive. Derek ________________________________ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of markallen(a)micron.com Sent: Thursday, January 26, 2006 2:13 PM To: toasters(a)mathworks.com Subject: CIFS PDC Issues Today I had several filers at different OS levels stop serving data via CIFS with the following errors. I had to stop and restart CIFS to get CIFS working properly. The filer acted as if its kerberos ticket wasn't valid with any of the domain controllers. Has anyone seen this before? Cifs domain info command: Not currently connected to any DCs Preferred Addresses: None Favored Addresses: ip WNTNABO2 PDCBROKEN ip WNTNABO1 PDCBROKEN Other Addresses: ip WNTNABO4 PDCBROKEN ip WNTNACRUBO1 PDCBROKEN /etc/messages output: Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server \\WNTNANI <file:///\\WNTNANI> : Connection terminated. Thu Jan 26 15:04:07 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:04:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:04:39 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:05:11 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for . Thu Jan 26 15:05:43 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:07:01 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:09:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Any insight into this would really help me out. I have a case open with Netapp as well. -Mark ************** IMPORTANT MESSAGE ************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ***************************************************************

1 0

RE: CIFS PDC Issues
by Hill, Aaron 27 Jan '06

27 Jan '06

Yeah, we saw something like this a few times with Win2k AD DC's periodically last year. The issue was intermittent and could affect 1 filer in a cluster even though they had the same settings. Deep analysis was done involving packet traces, Microsoft/NetApp escalation concalls and stubbornly attempting to reproduce the issue in a lab without success. The root cause was never fully determined and the only fix we had was reactive ..... cifs resetdc to re-establish the authenticated pipe with the DC's. Essentially, anyone with an existing CIFS session established was ok. They could operate as per normal. It was clients attempting new connections that were met with the "Access is denied" message. Do you know if ALL sessions were affected, existing AND new? Our problem may have been a little different to you in that we had a defined prefdc list of 5 DC's. It seemed that if 1 DC "authentication pipe" shutdown with the filer, the filer was not smart enough to move onto the next one in the list. This is essentially because the only way a DC was tested as being "available" was by a ping test. Something they call DCPING as part of the Filer AD site awareness. NetApp did release a fix in 6.5.6 (or maybe a slightly earlier P release) that made the DC test a little smarter. I believe it now uses the ability to establish a pipe as an available DC criteria. We haven't had any reported incidents in the past few months, so it may have helped. It is hard to say due to the intermittent nature. I will try and track down our original case number if it helps. Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. -----> This is very similar to the error we would see just before connections dropped for the clients. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server <file://WNTNANI/> \\WNTNANI: Connection terminated ----> This happens regularly and isn't anything to be concerned about. EXCEPT apparently when it follows the previous message and no sessions are attempted to be established with other DC's. The other messages look familiar, but I can't be sure. What does your "testdc" return? Does this affect all filers or only some? i.e. Like one cluster partner affected without the other. Are your DC's experiencing any issues? i.e. Are the Domain Controller services and dependent services all up and running? Can you connect to a share on your domain controllers directly when this happens? Good luck, Aaron _____ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Lai, Derek Sent: Friday, 27 January 2006 10:14 AM To: markallen(a)micron.com; toasters(a)mathworks.com Subject: RE: CIFS PDC Issues Are the times synced up between filer and the domain controllers? Kerberos is very time sensitive. Derek _____ From: owner-toasters(a)mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of markallen(a)micron.com Sent: Thursday, January 26, 2006 2:13 PM To: toasters(a)mathworks.com Subject: CIFS PDC Issues Today I had several filers at different OS levels stop serving data via CIFS with the following errors. I had to stop and restart CIFS to get CIFS working properly. The filer acted as if its kerberos ticket wasn't valid with any of the domain controllers. Has anyone seen this before? Cifs domain info command: Not currently connected to any DCs Preferred Addresses: None Favored Addresses: ip WNTNABO2 PDCBROKEN ip WNTNABO1 PDCBROKEN Other Addresses: ip WNTNABO4 PDCBROKEN ip WNTNACRUBO1 PDCBROKEN /etc/messages output: Thu Jan 26 15:03:35 MST [cifs.trace.GSS:error]: AUTH: Unable to acquire filer credentials: (0x96c73a44) KRB5 error code 68. Thu Jan 26 15:03:35 MST [cifs.server.infoMsg:info]: CIFS: Warning for server <file://\\WNTNANI> \\WNTNANI: Connection terminated. Thu Jan 26 15:04:07 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:04:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:04:39 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:05:11 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for . Thu Jan 26 15:05:43 MST [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for Thu Jan 26 15:07:01 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Thu Jan 26 15:09:32 MST [sshd_0:info]: Did not receive identification string from x.x.x.x Any insight into this would really help me out. I have a case open with Netapp as well. -Mark ************** IMPORTANT MESSAGE ************** This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ***************************************************************

1 0

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

toasters January 2006