This post is more than 5 years old
5 Posts
0
875
December 12th, 2013 19:00
Not able to manage some of the CIFS servers via MMC using domain admins privilege
Hi there,
Our Celerra configuarion:
3 primary DM, 1 standby DM, DART code 5.6.51.320
We are currently creating 3 CIFS servers (one on each DM) and added them into the domain successfully.
However, while managing them via MMC, two of the 3 CIFS servers (CIFS server created on DM 3 and DM 4) return an "Access deny" error even if my account is a memeber of the domain admins.
On the other hand, CIFS servers created on DM 2 works fine. I use the exactly same account and can manage it (modify local groups, share permissions)
I saw a red cross on "Local users and groups" in MMC which even deny me from expanding it.
We then follow the steps to troubleshoot:
1. Unjoin the 2 CIFS servers create on DM3 and DM4, and join them again into the AD. Same issue.
2. We suspect there to be some information about these two CIFS servers not deleted throughtly, so we unjoin them again, deleted anything related with them, delete and recreated the CIFS server, even changed the name for the CIFS server and join them again. Same issue.
3. After seeing this, our AD guys thought this to be issue on the DM.
But I did not see anything related to this issue from Celerra side.
Any one has any idea about it?
WahrheitMao
5 Posts
0
December 16th, 2013 18:00
Thanks for your reply, dynamox.
Actually, this is a DR box so I ran the command.
Sadly it did not fix the issue, but point out the way. After ran this command, I kept seeing an error message from server_log saying:
2013-12-16 19:26:55: LDAP: 3:[vdm-name] LdapClient::connect: error message: Sasl protocol violation, (error code 99)
I googled this error message and found something related as below:
The issue was the MTU of the network interface. For some reason MTU=1500 caused the issue, and when I changed it to MTU=900 I was again able to add and/or delete the cifs_server from the domain.
I then followed this instruction and changed MTU to 900 and this time the CIFS server can join the domain with no issue.
dynamox
9 Legend
•
20.4K Posts
1
December 12th, 2013 20:00
i had a similar issue that was resolved with this command
.server_config vdmname -v “lg remove vs=CIFSSERVERNAME forever”
i recommend you get in touch with support before you run this. This command will delete all references including local groups that belong to CIFS server.
Rainer_EMC
4 Operator
•
8.6K Posts
0
December 17th, 2013 03:00
You mean 9000 – NOT 900 – right ?
dynamox
9 Legend
•
20.4K Posts
0
December 17th, 2013 05:00
really, using jumbo frames for CIFS ? Is that by design ?
WahrheitMao
5 Posts
0
December 18th, 2013 23:00
No, it is 900, not 9000.
Actually, my first thought when I saw this solution is exactly the same with Rainer that I thought it is a typo and it should be 9000.
However, when we did the test, set MTU to 9000 did not fix anything. Then we tried 900 and fixed the issue.
Rainer_EMC
4 Operator
•
8.6K Posts
0
December 19th, 2013 02:00
If you indeed need to set MTU to 900 for it to work then your network isn’t setup well
I would at least check if all the hosts in that subnet/VLAN are set to the same MTU – as they should be
christopher_ime
2K Posts
0
December 20th, 2013 09:00
Just a thought, between the Celerra and the DC's is there by chance a VPN tunnel separating them? Sometimes the MTU needs to be reduced from 1500.
christopher_ime
2K Posts
0
December 20th, 2013 10:00
Sorry, reread. Is there a VPN tunnel separating the computer where you are bringing up MMC and the Celerra?