Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-75-1009917.1
Update Date:2010-12-20
Keywords:

Solution Type  Troubleshooting Sure

Solution  1009917.1 :   Sun StorageTek[TM] 5000 series NAS: Troubleshooting problems joining a Windows or Active Directory Domain  


Related Items
  • Sun Storage 5210 NAS Appliance
  •  
  • Sun Storage 5220 NAS Appliance
  •  
  • Sun Storage 5310 NAS Appliance
  •  
  • Sun Storage 5320 NAS Gateway/Cluster System
  •  
  • Sun Storage 5320 NAS Appliance
  •  
  • Sun Storage 5310 NAS Gateway System
  •  
Related Categories
  • GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
  •  

PreviouslyPublishedAs
213595


Description
Description

Symptoms:
  • "cannot join Windows domain"
  • "access denied"
  • "cannot see the NAS"
  • "locate failed".

Purpose/Scope:

This document provides a procedure to resolve problems integrating the NAS into a Windows Domain or Active Directory environment. The NAS must successfully join the domain to provide authentication services for Windows domains..





Steps to Follow
Please validate that each troubleshooting step below is true for your environment. The steps will provide instructions or a link to a document, for validating the step and taking corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Please do not skip a step.

Step 1 - Technical Instruction <Document: 1009920.1> Verify Active Directory and DNS configuration settings. These settings should be configured for virtually all Windows networking environments. Skip this step if the domain controllers are running an operating system older than Windows 2000 Server, or if the Domain has been specifically configured not to use Active Directory.

Step 2 - Technical Instruction <Document: 1008222.1> Verify Domain and CIFS settings. In order for the NAS to provide pass-through authentication and other Windows networking services, a computer account must be created and joined to the Domain. This is the step where the process is completed. If any configuration changes are made due to subsequent troubleshooting steps, this step should be repeated.

Step 3 - Ensure that the user account provided has sufficient privileges to create a computer account and join it to the domain. It is also possible to create the computer account in advance (i.e. prestaging), which would require only permission to join the account to the domain. See Technical Solution <Document: 1017781.1> for details on this procedure.

Step 4 - Technical Solution <Document: 1012839.1> Check the NAS System Log This must be done as soon as possible after the attempt to join the domain, as log space is limited. If you are not installing into an Active Directory environment, as described in step #1, also see <Document: 1009958.1> for additional log messages and diagnostic information specific to the NetBIOS only environment.

Step 5 - Technical Solution <Document: 1004157.1> Verify DNS Server-side Settings. With Active Directory, DNS is used instead of NetBIOS to locate Domain Controllers. Certain DNS records are required to locate key Kerberos and domain resources, and they must be entered correctly. This step is only required if the Active Directory settings in step 1 are configured.

Step 6 - Technical Solution <Document: 1004156.1> Check if NetBIOS is enabled on the customer and make any necessary configuration changes. NetBIOS (and therefore browsing and WINS) is no longer a requirement as of OS version 4.21M1.

Step 7 - Technical Solution <Document: 1009923.1> Check that the NIC roles are set correctly. Domain data interface(s) should be configured to use the "primary" role, any interfaces used exclusively for backup or maintenance should be configured to use the "independent" role, and any interfaces used for replication should be configured to use the "mirror" role.

Step 8 - Verify that authenticated IPC is configured correctly and functional. Technical Solution <Document: 1012840.1>

Step 9 - Collect the NAS extractor and diagnostic Technical Solution <Document: 1005474.1> to prepare for a support case or escalation. The diagnostic collection should be done as soon as possible after the attempt to join the domain.

Step 10 - Technical Solution <Document: 1004130.1> Collect a network trace.  Follow the instructions to set up a trace, set the filter to capture only traffic between the NAS and Domain Controller(s). Start the trace, repeat the attempt to join the domain, then stop the trace.

Step 11 - At this point, if you not been able to resolve the issue with the troubleshooting steps above, further troubleshooting is required. Contact Sun Support and be prepared to provide the data collected in the above steps.




Product
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5320
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5220 NAS Appliance
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5320 NAS Gateway
Sun StorageTek 5320 NAS Cluster

Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:

storage-nas-domain@sun.com

Normalized, ads, join, domain, cifs, NAS, Audited
Previously Published As
89144

Change History
Date: 2010-03-19
Action: Currency check
Updater: Brian Jackson
Comment: Currency check and update as per instruction from Will Harper, NAS CL


Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback