Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I'm not finding a lot of information when I search. Thanks!
netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the " XXXXXX.local" domain.
Enter the user name: XXXXXX
Enter the password:
Error: CIFS server creation procedure failed [ 27] Loaded the preliminary configuration. [ 62] Created a machine account for the Cifs server in the domain [ 62] SID to name translations of Domain Users and Admins completed successfully **[ 23082] FAILURE: Kerberos password set for ** 'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any ** KDC for requested realm [ 23104] Deleted existing account 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos Error: KDC Unreachable.
netapp::vserver cifs>
Regards, Aaron
Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)
Also, is the user being used to add the CIFS server account a member of the domain you're adding the account to?
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis Sent: Thursday, October 24, 2013 5:29 PM To: toasters@teaparty.net Subject: cDOT CIFS setup
Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I'm not finding a lot of information when I search. Thanks!
netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the " XXXXXX.local" domain.
Enter the user name: XXXXXX
Enter the password:
Error: CIFS server creation procedure failed [ 27] Loaded the preliminary configuration. [ 62] Created a machine account for the Cifs server in the domain [ 62] SID to name translations of Domain Users and Admins completed successfully **[ 23082] FAILURE: Kerberos password set for ** 'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any ** KDC for requested realm [ 23104] Deleted existing account 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos Error: KDC Unreachable.
netapp::vserver cifs>
Regards, Aaron
Make sure your time is good, and you can resolve the domain..
On Oct 24, 2013, at 2:38 PM, Parisi, Justin Justin.Parisi@netapp.com wrote:
Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)
Also, is the user being used to add the CIFS server account a member of the domain you’re adding the account to?
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis Sent: Thursday, October 24, 2013 5:29 PM To: toasters@teaparty.net Subject: cDOT CIFS setup
Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I’m not finding a lot of information when I search. Thanks!
netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the " XXXXXX.local" domain.
Enter the user name: XXXXXX
Enter the password:
Error: CIFS server creation procedure failed [ 27] Loaded the preliminary configuration. [ 62] Created a machine account for the Cifs server in the domain [ 62] SID to name translations of Domain Users and Admins completed successfully **[ 23082] FAILURE: Kerberos password set for ** 'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any ** KDC for requested realm [ 23104] Deleted existing account 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos Error: KDC Unreachable.
netapp::vserver cifs>
Regards, Aaron
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
And, note that cDOT LIFS have "protocol" as one of their characteristics. make sure the lif has CIFS as a valid protocol:
vcluster::*> net inte show data01 -inst (network interface show)
Vserver Name: vs0 Logical Interface Name: data01 Role: data Data Protocol: nfs, cifs, fcache
...
"data protocol" is set at LIF creation time, and can't be changed with a "net inte modify..."
-skottie
On 10/24/2013 06:12 PM, Klise, Steve wrote:
Make sure your time is good, and you can resolve the domain..
On Oct 24, 2013, at 2:38 PM, Parisi, Justin <Justin.Parisi@netapp.com mailto:Justin.Parisi@netapp.com> wrote:
Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?) Also, is the user being used to add the CIFS server account a member of the domain you’re adding the account to? *From:*toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net[mailto:toasters-bounces@teaparty.net]*On Behalf Of*Aaron Lewis *Sent:*Thursday, October 24, 2013 5:29 PM *To:*toasters@teaparty.net mailto:toasters@teaparty.net *Subject:*cDOT CIFS setup Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I’m not finding a lot of information when I search. Thanks! netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local" In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the " XXXXXX.local" domain. Enter the user name: XXXXXX Enter the password: Error: CIFS server creation procedure failed [ 27] Loaded the preliminary configuration. [ 62] Created a machine account for the Cifs server in the domain [ 62] SID to name translations of Domain Users and Admins completed successfully **[ 23082] FAILURE: Kerberos password set for ** 'TESTCIFS$@XXXXXX.LOCAL mailto:TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any ** KDC for requested realm [ 23104] Deleted existing account 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local' Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos Error: KDC Unreachable. netapp::vserver cifs> Regards, Aaron _______________________________________________ Toasters mailing list Toasters@teaparty.net mailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Hello Aaron:
A few things to try.
1. Could be a simple typo when typing in the username/password. It is unlikely to be this easy but it could be. 2. You might have a DNS problem. You can use the vserver show command and check to see if you DNS information is correct. 3. Try pinging your active directory server. Use both IP addresses and DNS names.
That would eliminate the easier problems. If that isn't enough, you might need to send more information.
--April
On Thursday, October 24, 2013 9:29 PM, Scott Miller Scott.Miller@dreamworks.com wrote:
And, note that cDOT LIFS have "protocol" as one of their characteristics. make sure the lif has CIFS as a valid protocol:
vcluster::*> net inte show data01 -inst (network interface show)
Vserver Name: vs0 Logical Interface Name: data01 Role: data Data Protocol: nfs, cifs, fcache
...
"data protocol" is set at LIF creation time, and can't be changed with a "net inte modify..."
-skottie
On 10/24/2013 06:12 PM, Klise, Steve wrote:
Make sure your time is good, and you can resolve the domain..
On Oct 24, 2013, at 2:38 PM, Parisi, Justin <Justin.Parisi@netapp.com mailto:Justin.Parisi@netapp.com> wrote:
Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?) Also, is the user being used to add the CIFS server account a member of the domain you’re adding the account to? *From:*toasters-bounces@teaparty.net mailto:toasters-bounces@teaparty.net[mailto:toasters-bounces@teaparty.net]*On Behalf Of*Aaron Lewis *Sent:*Thursday, October 24, 2013 5:29 PM *To:*toasters@teaparty.net mailto:toasters@teaparty.net *Subject:*cDOT CIFS setup Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I’m not finding a lot of information when I search. Thanks! netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local" In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the " XXXXXX.local" domain. Enter the user name: XXXXXX Enter the password: Error: CIFS server creation procedure failed [ 27] Loaded the preliminary configuration. [ 62] Created a machine account for the Cifs server in the domain [ 62] SID to name translations of Domain Users and Admins completed successfully **[ 23082] FAILURE: Kerberos password set for ** 'TESTCIFS$@XXXXXX.LOCAL mailto:TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any ** KDC for requested realm [ 23104] Deleted existing account 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local' Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos Error: KDC Unreachable. netapp::vserver cifs> Regards, Aaron _______________________________________________ Toasters mailing list Toasters@teaparty.net mailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
_______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
It wasn't on cDOT but I think it still applies and I had the same error when adding a Filer to a domain with an RODC, you don't have RODCs do you?
347303 Creation of CIFS server may fail if the storage system ends up contacting Windows 2008R2 RODC first.
463398 Feature request: add support for LDAP referrals
If the Filer attempts to contact an RODC first it gets an LDAP referral which it doesn't understand and you get that error.
-- View this message in context: http://network-appliance-toasters.10978.n7.nabble.com/cDOT-CIFS-setup-tp2533... Sent from the Network Appliance - Toasters mailing list archive at Nabble.com.
Thanks. It was an MTU mismatch. Ping was working which is what threw me off.
Aaron Lewis
M: 503-957-7014
IVOXY Consulting the data availability people
www.ivoxy.comhttp://www.ivoxy.com/
* Learn more about our training classes: http://www.ivoxy.com/training
From: <Parisi>, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> Date: Thursday, October 24, 2013 at 2:38 PM To: Aaron Lewis <aaron@ivoxy.commailto:aaron@ivoxy.com>, "toasters@teaparty.netmailto:toasters@teaparty.net" <toasters@teaparty.netmailto:toasters@teaparty.net> Subject: RE: cDOT CIFS setup
Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)
Also, is the user being used to add the CIFS server account a member of the domain you’re adding the account to?
From: toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis Sent: Thursday, October 24, 2013 5:29 PM To: toasters@teaparty.netmailto:toasters@teaparty.net Subject: cDOT CIFS setup
Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I’m not finding a lot of information when I search. Thanks!
netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the " XXXXXX.local" domain.
Enter the user name: XXXXXX
Enter the password:
Error: CIFS server creation procedure failed [ 27] Loaded the preliminary configuration. [ 62] Created a machine account for the Cifs server in the domain [ 62] SID to name translations of Domain Users and Admins completed successfully **[ 23082] FAILURE: Kerberos password set for ** 'TESTCIFS$@XXXXXX.LOCALmailto:'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any ** KDC for requested realm [ 23104] Deleted existing account 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos Error: KDC Unreachable.
netapp::vserver cifs>
Regards, Aaron
When you ping to check MTU you have to use the right packet size and set the do not fragment flag. For example: ping -s 8972 -d 192.168.42.91
Without -d, it will work, except the packets are being broken up to get there.
Not sure if that's really what you're trying to do, but it is probably the most common mistake in setting up and testing jumbo frames configs.
Share and enjoy!
Peter
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis Sent: Friday, October 25, 2013 10:29 AM To: Parisi, Justin; toasters@teaparty.net Subject: Re: cDOT CIFS setup
Thanks. It was an MTU mismatch. Ping was working which is what threw me off.
Aaron Lewis
M: 503-957-7014
IVOXY Consulting the data availability people
www.ivoxy.comhttp://www.ivoxy.com/
* Learn more about our training classes: http://www.ivoxy.com/training
From: <Parisi>, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> Date: Thursday, October 24, 2013 at 2:38 PM To: Aaron Lewis <aaron@ivoxy.commailto:aaron@ivoxy.com>, "toasters@teaparty.netmailto:toasters@teaparty.net" <toasters@teaparty.netmailto:toasters@teaparty.net> Subject: RE: cDOT CIFS setup
Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)
Also, is the user being used to add the CIFS server account a member of the domain you're adding the account to?
From: toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis Sent: Thursday, October 24, 2013 5:29 PM To: toasters@teaparty.netmailto:toasters@teaparty.net Subject: cDOT CIFS setup
Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I'm not finding a lot of information when I search. Thanks!
netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers" container within the " XXXXXX.local" domain.
Enter the user name: XXXXXX
Enter the password:
Error: CIFS server creation procedure failed [ 27] Loaded the preliminary configuration. [ 62] Created a machine account for the Cifs server in the domain [ 62] SID to name translations of Domain Users and Admins completed successfully **[ 23082] FAILURE: Kerberos password set for ** 'TESTCIFS$@XXXXXX.LOCALmailto:'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any ** KDC for requested realm [ 23104] Deleted existing account 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos Error: KDC Unreachable.
netapp::vserver cifs>
Regards, Aaron
-
Aaron Lewis -
April Jenner -
Klise, Steve -
Learmonth, Peter -
Martin -
Parisi, Justin -
Scott Miller