Administrator
Was it working before? Was there any changes made to the network? Any other errors showing in the Event Viewer?
Can you with another Domain Admin account? Can you restore from your past configuration that you saved from the GUI located in Maint. Misc then select a last known good date to restore the settings.cnf file that you saved in the past so that you can restore the configuration with your ADS settings and reboot.
Newbie
I switched this server over from an iSCSI server to a NAS so it never has been a domain member before. No changes in the network and I don't see anything in the event viewer regarding this issue. I tried my domain admin account and it failed with the same error as the domain administrator account. Restoring is not an option since this server was never a domain machine since it was an iSCSI VMware datastore before this. I really do appreciate the suggestions. Thank you.Originally Posted by To-M
Administrator
Are you on the latest build up70? Make sure in the DNS settings to point the ADS IP in the DSS V7. IF timing is ok not over 5 min then ok. Are you in the same network, you most likely are but checking.
See if you can ping by name on both directions.
Newbie
Yes sir, I am on version 7.0 update 70. The DNS and NTP settings on the NAS are pointed to our domain controller and the time looks to be identical between the two. Both the NAS and DC are on the same network/subnet and I can ping both directions using the FQDN. Question: I have tried all authentication methods and options with no luck. Our current domain function level is 2012 and I assume I should be using Windows ADS with IDMAP backend RID. Is this correct? Thank you!
Administrator
Yes use RID!!! So now test with PDC option, what your doing here is just to see if you can import the Users and Groups with entering the IP of the ADS server and the Admin and Password. IF that does not work something else is blocking it (Firewall, some type of virus protection bla bla bla.... but--->) can you directly connect the DSS V7 to the ADS on another empty NIC port? Using PDC can help trouble shot closer to the issue but not all the times.
Newbie
Unable to get PDC to work either. Temporarily disabled the firewall on the DC and still receive the error: "Database is empty or connection error!". When I reset and go back to Workgroup (internal LDAP) I get NO errors until I try PDC or ADS again. I can see a successful security audit in the event viewer on the DC with the name of the NAS and domain administrator account information. Other than those entries there is nothing obvious in the event viewer whether informational, warning, or error. Went through the best practice analyzer on the domain controller and everything looks to be registered and functioning properly. I have no issues with my other DSS v7 NAS which is running update 66 and it is able to see all the domain users and authenticate properly with AD. The problem NAS was updated to 7.0 update 70 this morning in hopes it would fix this issue.
Administrator
With PDC not working possibly the boot media but not sure without looking into the logs from support that you can submit. If the DSS version up66 works then I would use that as the up70 does not have that much of updates other then drivers. Now I had a case where the end user reboot the Windows server and this somehow allowed the ADS to authenticate. I know that is hard to do due to production times but just a thought.
Reply With Quote
