Sun ZFS Storage 7420
 
Sun Storage 7110 Unified Storage System
 
Sun Storage 7210 Unified Storage System
 
Oracle ZFS Storage ZS5-4
 
Sun Storage 7410 Unified Storage System
 
Sun ZFS Storage 7120
 
Sun Storage 7310 Unified Storage System
 
Sun ZFS Storage 7320
 

PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: 7xxx NAS
 
_Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
 

In this Document

Goal

Solution

smbd[1938]  error  unable to join my.domain.com (UNSUCCESSFUL)

LOGON_FAILURE:

Kerberos error xxxxxxxxxx or KPASSWD protocol exchange failed () (Cannot contact any KDC for requested realm):

Workstation trust account update failed: The name is in use

ldal_sasl_interactive_bind_s failed (Local error):

References

Created from <SR 3-3740498461>

Applies to:

Goal

This document details system log messages that may be found in the ZFS Storage Appliance system log after a failure to join an Active Directory domain, and potential solutions.

Solution

The system log can be found in the BUI under

In the case of a failure to join an Active Directory domain, this log message is almost always seen:

smbd[1938]  error  unable to join my.domain.com (UNSUCCESSFUL)

Preceding this message, there should be a more specific message indicating the cause of the failure. Note the smbd[###], as the smbd service is the one that will be issuing the messages. The following are commonly logged causes and solutions:

LOGON_FAILURE:

An incorrect password for the administrative account, or the account may have been locked out due to failed attempts to join. Check this at the Domain Controller, or by using another admin account.

DNS query for _ldap._tcp.dc._msdcs failed: Unknown host:

Failed lookup for server DNS records. See <Document:1402003.1>. Also double check that the domain name is correct.

Kerberos error xxxxxxxxxx or KPASSWD protocol exchange failed () (Cannot contact any KDC for requested realm):

A problem with jumbo frame configuration, usually a mismatch between switch/server/appliance, or a firewall blocking TCP port 464 between the appliance and the server. Specifically, it means part of the Kerberos ticket negotiation never made it back to the ZFSSA.

Workstation trust account update failed: The name is in use

A problem with the ZFSSA computer account. Most commonly, this is seen on a clustered system when the hostnames are identical through the first 15 characters. As NetBIOS names are limited to 15 significant characters, these are seen as duplicates. This could also be seen across multiple systems with a similar naming convention.

<strong>Clock skew too great:</strong>

The system time between the appliance and the selected Active Directory server do not match. Check NTP settings and/or manually set the time. For large differences, temporarily disable NTP on the appliance, manually set the time, then re-enable NTP. This is necessary because of a limit on the amount of time skew that NTP is permitted to correct. See <Document:1402154.1> for details on setting up NTP and syncing server time.

ldal_sasl_interactive_bind_s failed (Local error):

Usually a Kerberos error of some sort. Check DNS settings as above, especially forward and reverse records for the ZFSSA. Also this could be due to insufficient permissions on the administrative account used. See <Document:1402173.1>.

Back to <Document 1402353.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues.

References

This solution has no attachment