Are you on the latest build up70? Make sure in the DNS settings to point the ADS IP in the DSS V7. IF timing is ok not over 5 min then ok. Are you in the same network, you most likely are but checking.
See if you can ping by name on both directions.
Yes sir, I am on version 7.0 update 70. The DNS and NTP settings on the NAS are pointed to our domain controller and the time looks to be identical between the two. Both the NAS and DC are on the same network/subnet and I can ping both directions using the FQDN. Question: I have tried all authentication methods and options with no luck. Our current domain function level is 2012 and I assume I should be using Windows ADS with IDMAP backend RID. Is this correct? Thank you!
Yes use RID!!! So now test with PDC option, what your doing here is just to see if you can import the Users and Groups with entering the IP of the ADS server and the Admin and Password. IF that does not work something else is blocking it (Firewall, some type of virus protection bla bla bla.... but--->) can you directly connect the DSS V7 to the ADS on another empty NIC port? Using PDC can help trouble shot closer to the issue but not all the times.
Unable to get PDC to work either. Temporarily disabled the firewall on the DC and still receive the error: "Database is empty or connection error!". When I reset and go back to Workgroup (internal LDAP) I get NO errors until I try PDC or ADS again. I can see a successful security audit in the event viewer on the DC with the name of the NAS and domain administrator account information. Other than those entries there is nothing obvious in the event viewer whether informational, warning, or error. Went through the best practice analyzer on the domain controller and everything looks to be registered and functioning properly. I have no issues with my other DSS v7 NAS which is running update 66 and it is able to see all the domain users and authenticate properly with AD. The problem NAS was updated to 7.0 update 70 this morning in hopes it would fix this issue.
With PDC not working possibly the boot media but not sure without looking into the logs from support that you can submit. If the DSS version up66 works then I would use that as the up70 does not have that much of updates other then drivers. Now I had a case where the end user reboot the Windows server and this somehow allowed the ADS to authenticate. I know that is hard to do due to production times but just a thought.
Unfortunately we don't have paid support on this server right now. We do have three domain controllers though and I have tried using all three to get this NAS on the domain. I downloaded the logs and was looking at the domain-ap.log file and noticed this.
--- joining domain (NT)-----------
Failed to join domain: Invalid configuration ("realm" set to '', should be 'xxxxxxxxxxx.net') and configuration modification was not requested
net rpc join -S DC01 -U administrator%****
I replaced my domain name with x's but it was correct in the log. Curious why the "set to" is blank and why the "should be" configuration modification was not requested.
Administrator
Reply With Quote
