| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||||
Solution Type Problem Resolution Sure Solution 1581516.1 : Sun Storage 7000 Unified Storage System: Appliance fails to join Active Directory with inconsistent Jumbo Frame or MTU
In this Document
Created from <SR 3-7724749171> Applies to:Sun ZFS Storage 7320 - Version All Versions to All Versions [Release All Releases]Sun ZFS Storage 7420 - Version All Versions to All Versions [Release All Releases] Sun ZFS Storage 7120 - Version All Versions to All Versions [Release All Releases] Sun Storage 7110 Unified Storage System - Version All Versions to All Versions [Release All Releases] Sun Storage 7210 Unified Storage System - Version All Versions to All Versions [Release All Releases] 7000 Appliance OS (Fishworks) SymptomsOracle ZFS Storage Appliance fails to join Active Directory domain. NTP server is already configured and time is in sync with the Active Directory Domain Controller, but the Appliance still does not join Active Directory. To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - Disk Storage ZFS Storage Appliance Community
Looking at the Support bundle we can see the following messages : akd.ak.txt : Tue Aug 27 04:24:32 2013: failed to import AD changes (error 97)
Tue Aug 27 04:26:43 2013: failed to import AD changes (error 97) Tue Aug 27 04:29:20 2013: failed to import AD changes (error 97) debug.sys : Aug 27 04:24:32 pop-zfs smbd[13145]: [ID 702911 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Cannot contact any KDC for requested realm)
Aug 27 04:24:32 pop-zfs smbd[13145]: [ID 702911 daemon.notice] Machine password update failed Aug 27 04:24:32 pop-zfs smbd[13145]: [ID 702911 daemon.error] unable to join EXCHTRANS.MS.TEST.UQ.EDU.AU (UNSUCCESSFUL) system.sys: Aug 22 04:24:05 pop-zfs smbd[10239]: [ID 702911 daemon.error] smbns_ksetpwd: KPASSWD protocol exchange failed (Cannot contact any KDC for requested realm)
Aug 22 04:24:05 pop-zfs smbd[10239]: [ID 702911 daemon.error] unable to join EXCHTRANS.MS.TEST.UQ.EDU.AU (UNSUCCESSFUL)
+==========================================
| 6) Network and routing information +========================================== lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 igb0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 172.23.63.22 netmask ffffff00 broadcast 172.23.63.255 ether 0:21:28:c0:8d:d4 aggr1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 9000 index 3 inet 172.24.1.71 netmask ffffffc0 broadcast 172.24.1.127 ether 90:e2:ba:32:7b:18 lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1 inet6 ::1/128
CauseIf the KPASSWD request is transmitted in a jumbo frame, the domain controller (or other network devices) that don't support jumbo frames will drop the frames, the domain join operation is then expected to fail due to the lack of response from the Domain Controller that is running the KPASSWD service. If the MTU is configured over 1500 bytes on the appliance, while all the network devices involved cannot handle jumbo frames, our KPASSWD request will get dropped. The domain join operation will fail because jumbo frames were enabled on one part of the network (i.e. on the appliance) and not elsewhere on the network.
SolutionCheck for the network entities involved and verify the MTU size. Verify the MTU on Datalink and Interface, and if needed change the MTU size to make it consistent across the network. If the MTU settings are proper and consistent but the issue is still seen, then please follow the reference section (below) for further troubleshooting. References<NOTE:1402248.1> - Sun Storage 7000 Unified Storage System: system log messages for Active Directory issues<NOTE:1402313.1> - Sun Storage 7000 Unified Storage System: ZFS Storage Appliance unable to join/reconnect to Active Directory Domain after upgrade to 2011.1 <NOTE:1402353.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues <NOTE:1402154.1> - Sun Storage 7000 Unified Storage System: Configuring the ZFSSA for Active Directory <NOTE:1402208.1> - Sun Storage 7000 Unified Storage System: Configuring the ZFSSA for Active Directory with NTLMv2 / Windows Server 2008 Attachments This solution has no attachment |
||||||||||||||||||
|
||||||||||||||||||