Opened 6 weeks ago
Last modified 6 weeks ago
#193 accepted defect
Power Store presenta el error 0x01300201
| Reported by: | tonin | Owned by: | tonin |
|---|---|---|---|
| Milestone: | SANUCO 4.0 | Component: | POWERSTORE |
| Version: | 2.0 | Severity: | major |
| Keywords: | Cc: | ||
| Origen: | Parent ID: |
Description
Es este:
smb server (no_more_dc) The NAS server pscifs in the domain uco.es can't reach any Domain Controller.
Apareció entre 10 o 12 horas después de haber definido el servidor pscifs.
Child Tickets
Attachments (2)
Change History (5)
comment:1 Changed 6 weeks ago by tonin
- Component changed from UNITY GENERAL to POWERSTORE
- Owner set to tonin
- Status changed from new to accepted
- Version changed from 1.0 to 2.0
comment:2 Changed 6 weeks ago by tonin
comment:3 Changed 6 weeks ago by tonin
Al final parece que el canal seguro entre pscifs y los DC se había invalidado. Es algo raro porque estaba recién creado y normalmente dura 3 meses la password y se renegocia sola. Se puede forzar la renegociación con:
svc_nas_cifssupport --server pscifs --args="-Join -compname pscifs -domain uco.es -admin administrador -option resetserverpasswd"
Tras esto se pasa el chequeo y da esto:
ACL : Checking the number of ACLs per file system. ........................ Pass Connection: Checking the load of SMB TCP connections. ........................... Pass Credential: Checking the validity of credentials. ............................... FAILURE DC : Checking the connectivity and configuration of Domain Controllers. .. Pass DFS : DFS check in svc_nas service script is deprecated. .................. Pass DNS : Checking the DNS configuration and connectivity to DNS servers. ..... Pass EventLog : Checking the configuration of Windows Event Logs. ................... FAILURE GPO : Checking the GPO configuration. ..................................... Pass HomeDir : Checking the configuration of home directory shares. ................ Pass I18N : Checking the I18N mode and the Unicode/UTF8 translation tables. ..... Pass Kerberos : Checking password updates and AES for Kerberos. ..................... FAILURE LDAP : Checking the LDAP configuration. .................................... Pass LocalGrp : Checking the database configuration of local groups. ................ Pass NIS : Checking the connectivity to the NIS servers. ....................... Pass Ntxmap : Checking the ntxmap configuration file. ............................. Pass Secmap : Checking the SECMAP database. ....................................... Pass Security : Checking the SMB security settings. ................................. Pass Server : Checking the SMB file servers configuration. ........................ Pass Share : Checking the network shares database. ............................... Pass SmbList : Checking the range availability of SMB IDs. ......................... FAILURE Threads : Checking for SMB blocked threads. ................................... Pass UnsupOS : Checking for unsupported client network operating systems. .......... Pass UnsupProto: Checking for unsupported client network protocols. .................. Pass VC : Checking the configuration of Virus Checker servers. ................ Pass VDM : Checking the NAS server configuration. .............................. Pass WINS : Checking the connectivity to WINS servers. .......................... Pass
Note: See
TracTickets for help on using
tickets.
Paralelamente no funcionaban el emcopy de unity a powers. No comenzaba a arrancar.
Este comando hace un chequeo completo de cifs:
No se si tiene algo que ver, pero consultando con gemini, le he pasado esta salida de log:
Warning 86171451394: pscifs : There is a Service Principal Name (SPN) mismatch possible for server '${serverName0}', where NTLM authentication was used instead of Kerberos for share mounts. This could result in an increased load on the domain controller and loss of access when the domain controller is not available. Incoming clients connecting to server '${serverName0}' have use the server name '${requestServerName1}'. This mismatch has occurred ${countSinceEvent2} times since the last event logging, and ${totalCount3} times since the last Data Mover reboot. --> Use the svc_nas_cifssupport command from the NAS container with the -setspn option to list the SPNs for the specified server, then use the command to add or delete SPNs until there is no longer a mismatch. If the mismatch is expected, the cifs.spnCheck parameter should be used to disable the mismatch detection and event logging.Me dice gemini que hay una discrepancia entre los SPN que tiene la cabina y active directory. Se puede ver con el comando:
que devolvía:
Como se ve hay solo 4 SPN en AD y 12 en el keytab (que supongo que es en la propia cabina). Esto dice gemini que ocasiona que las consultas se hagan en lugar de usando kerberos, usando NTLM y esa discrepancia puede hacer que falle ... No es que me lo crea mucho, pero bueno.
Su recomendación es añadir a mano los SPN discrepantes. No hace falta añadir en AD todas las combinaciones case sensitive, ya que detecta que es la misma. Yo he añadido estas: