Skip to main content
Start a Conversation

Solved!

Go to Solution

LPRH IT Manager

1 Rookie

 • 

2 Posts

397

December 13th, 2023 04:07

Unity 480 - Domain Controller servers configured for the SMB server *** are not reachable

We just finished migrating our domain controllers from Windows Server 2012 R2 to Windows Server 2022. Immediately after the last 2012 R2 domain controller was demoted we started getting the following error on our Unity NAS devices.

Domain Controller servers configured for the SMB server *** are not reachable

Domain controller servers configured for the SMB server are not reachable. Check network connectivity. Ensure that at least one domain controller is running and the storage system can access it.

This alert is not followed by any other notification that it's working again. So, it appears that the SMB Server just cannot communicate with the Server 2022 domain controllers. Has anyone else experienced this?

LPRH IT Manager

1 Rookie

 • 

2 Posts

December 15th, 2023 06:10

We figured out and resolved the issue. Hopefully this helps someone else. The basic issue is that the SMB server on the Unity 480 was unable to reach the Netlogon and SYSVOL shares on any domain controllers. The root issue is that the  SMB server was unable to use SMB encryption for these shares, but the domain controllers were set to disallow unencrypted SMB access. We had to do two things on our domain controllers to make them a little less secure so that the Unity 480 SMB server could access those shares.

First, we ran this command on the domain controllers because we had previously set this to $true. By default in Server 2022 it's set to $false, but we wanted the servers to be as secure as possible. So, this part may not affect most organizations.

Set-SmbServerConfiguration -RejectUnencryptedAccess $false

The second thing we had to do was create a GPO and apply it to the Domain Controllers OK. We called the GPO "SECURITY - Windows UNC Hardening", but you can call it anything you want.
Set it to have the following values.
Computer Configuration\Policies\Administrative Templates\Network\Network Provider\Hardened UNC Paths
\\*\NETLOGON  RequireMutualAuthentication=1, RequireIntegrity=1, RequirePrivacy=0
\\*\SYSVOL  RequireMutualAuthentication=1, RequireIntegrity=1, RequirePrivacy=0

Finally, we ran gpupdate /force on each of the domain controllers. The Unity immediately reported in the Logs that the first domain controller was now accessible and it reported that also for the second one we fixed. Your logs will look something like this if you were affected by this issue and then resolved it using these steps.
12/14/2023, 10:36:00 PM
13:10380009
SPA
Audit
For the NAS server vnas1lprh in the domain *****, the DC ***11*** works properly.
12/14/2023, 10:36:00 PM
13:10380009
SPA
Audit
For the NAS server vnas1lprh in the domain *****, the DC ***11*** works properly.
12/14/2023, 10:36:00 PM
13:10380009
SPA
Audit
For the NAS server vnas1lprh in the domain *****, the DC ***11*** works properly.
12/14/2023, 10:14:29 PM
14:60519
SPA
User
System ***** is operating normally
12/14/2023, 10:14:29 PM
14:60388
SPA
User
NAS server ***** is operating normally
12/14/2023, 10:14:23 PM
13:10380009
SPA
Audit
For the NAS server ***** in the domain *****, the DC ***24*** works properly.
12/14/2023, 10:14:23 PM
13:10380009
SPA
Audit
For the NAS server vnas1lprh in the domain ***, the DC ***24*** works properly.
12/14/2023, 10:14:23 PM
13:10380009
SPA
Audit
For the NAS server vnas1lprh in the domain ***.local, the DC ***24*** works properly.
12/14/2023, 10:11:32 PM
13:10380006
SPA
Audit
The NAS server ***** in the domain ***.local can't reach any Domain Controller.
12/14/2023, 10:05:31 PM
13:10380006
SPA
Audit
The NAS server ****** in the domain ***.local can't reach any Domain Controller.
12/14/2023, 10:00:30 PM
13:10380006
SPA
Audit
The NAS server ***** in the domain ***.local can't reach any Domain Controller.

Was this post helpful?

View All

No Events found!

Top