CX300 SAN - Lost web interface U and P

Do you know if you setup the clariion acces to use LDAP?  if you did not, then reseting domain security wont have any effect on what data is on the LUN's that are assigned to physical hosts.

There is no way to make a new user account with the PPP connection.  That is the last resort methode to get access back if you cant remember any of the accounts that were created. They made it so you had to have physical access to the array to do it.

If your not using LDAP, i would suggest that you destroy domain security and when you try to reconnect to the array, it will want you to initialize it again which will enable you to create a new user.

Is this the only array in the domain?  The SAN domain and not the AD domain?

I never set this up, so I have no idea if it was set up to use LDAP.  I dont see any reference to it in AD, but its not impossible that I am missing it.

Im not sure I follow what you mean about the PPP, as I have physical access to the device.  I ready about attaching my laptop via the monitor port, and creating a PPP connection, and put in 192.168.x.x/setup to get to a management screen.  But they had said that there was a New User button, which I dont see.

It is 2 SAN's, set up as A and B, but are in the same Chassis....

I dont want to destroy its security,as this is a school where I work, and a LOT of small techers software runs directly from the SAN via mapped drives (using their AD security for rights).....

BTW: my mistake, it was not Add User, it was New User, when I PPP's into the SAN.

one last question (no promises though, lol).  will I need to do that on both the SAN's ? i assume so.......?

How would I knwo which one is the master node?

I did a table below which represents the back of the SAN, which must be twoinside that enclosure, as there are two monitoring serial connectors

Make sense?

thanks so much,

j

Also,  if your worried about what destroying the Domain security will do,  you can always verify it with Support.

I just posted becuase i have done this hundreds of times.  you would be amazed at how many customers have forgotten thier passwords when you arrive onsite to perform maintenance services....

The it is not set up in LDAP, I have a username, password and then a dropdown for local for global, and I have tried all manner of Admin acocunts without sucess.

I understand from what you are saying, that it will nto affect the data. I get that.  But resetting the Domain security, wont that delete/erase/remove the AD permissions that is assigned to the data (data and folders)?

Quote

Destroying the Domain Security on the SAN, will only destroy any  usernames and password for the SAN, and wont touch anything in AD?

Yes

Quote

Whats the Master Node you mention, That entry on the setup page only  applies to domain info that was configured on that array.  that means  user accounts, master node"  ?

Every domain has a master.  if you only have one array (cx300) then that guy is the domain master.  he keeps a copy of the domain info.  lets say you buy another cx300.  you can add it to the existing domain and any user accounts you created before will also work on this new cx300.  but only one of them can be the master node.  It is like that first AD domain controller you setup in a windows domain.  it keeps all the FASMO roles for the domain.

Glad to help.

Make sure you mark your post answered when your done.

THanks

If it was setup with LDAP, then that would allow you to login with AD accounts.   Most likely in a small environment it was setup normally with the accounts created on the array itself.

I dont ever remember there ever being a "new user" button on the setup page but i could be wrong.  Where are you getting that reference from?  Once you destroy the security and the next time you go to login thru internet explorer, it will ask you if you want to initialize security.  Select yes and then it will prompt you to add a new user.   THen you can login with that account and make more accounts thru the GUI.

what it boils down to is that you dont have access to manage your SAN and the only way you will get that back is to destroy Domain Security from the setup page.  Like i stated earlier, it will not affect your data at all.  it just resets(deleted) all the user accounts that have ever been created on that array.

quote

"It is 2 SAN's, set up as A and B, but are in the same Chassis"  i think your talking about the 2 Storage processors in the CX300 array.  On these forums, most people will refer to a SAN as a complete solution (array's and switches).

Your getting the array domain and your windows domain confused.

That entry on the setup page only applies to domain info that was configured on that array.  that means user accounts, master node.

It has no effect on your Windows domain secuity.  it doesnt have the ability to change any Active directory user acounnts and its permissions to include share folders.

I understand the reluctance of making changes in an enviroment you are not familiar with.  Thats why i suggest you call support and confirm with them.

Hope this helps

Just so I understand.

Destroying the Domain Security on the SAN, will only destroy any usernames and password for the SAN, and wont touch anything in AD?

Whats the Master Node you mention, That entry on the setup page only applies to domain info that was configured on that array.  that means user accounts, master node" ?

I will use the live chat feature on this site,a nd see what they say about it.

Thank you soooo much, it is really, really appreciated, God bless,

j

It was actually documentation on this site (EMC documentation) that stated click on the new User button.  I believe they are thinking about the initial setup, if done via the serial port.

Im going to have the chat session tomorrow (i do trust you, i always double check) when im feeling a little fresher.

Thanks again for going to al lthis trouble explaining and helping me.

Very much appreciated.

God bless, and have a happy day,

j

BTW: i marked this post as answered.

Sorry kenn,

another question.

(i dint think i shoudl make a new post, so hopfully you see this).

When I break the Domain Security on this device, will that have any affect on the service thats on the Windows 2003 server thats connected to it? meaning, will it change the password for the service?

also, i cant find the software anywhere in my stack of software for the SAN.

what do I need to run on the server for it to "see and touch" the SAN?  like above, I see a service running that appears to be the software/service that has something to do with the SAN, and my thinking is that it is needed for it to show the SAN as a logical drive on the server.

thanks again for you assistance,

j

Quote

When I break the Domain Security on this device, will that have any affect on the service thats on the Windows 2003 server thats connected to it? meaning, will it change the password for the service?

I dont know of any "service" that runs on the windows host that would effect the array management connectivity.  What is the name of the service you are seeing?

Quote

also, i cant find the software anywhere in my stack of software for the SAN

What software are you looking for?  Any disks that you would find for your CX300 would be quite old and outdated.  You can get all the software you need from powerlink depending on your login permissions.

Quote

what do I need to run on the server for it to "see and touch" the SAN?  like above, I see a service running that appears to be the software/service that has something to do with the SAN, and my thinking is that it is needed for it to show the SAN as a logical drive on the server.

The only thing you need on a server to be able to login and manage the array would be Java 1.14 or higher and Internet Explorer.   If you donthave the minimum version of Java installed when you try to connect,  you will get a screen that tells you so.

If that same host is attached to the array (by fiber or iSCSI) and gets data from it,  then normally you would have PowerPath, Navisphere agent, and Navisphere CLI installed.

The CX300 is the array, there are two Storage Processors in the array - that the picture that you drew Storage Processor A (SPA) is on the right and Storage Processor B (SPB) is on the left - looking at the back. Each SP is identical.

To access the array, you open IE and in the URL type in the IP address for either SPA or SPB - these are called the SP Management Ports - one for each SP. You need a username and password to log into the array. If you point your browser to the IP_address_SPA/setup - you get into the setup page - you also need the username/password to access this page.

On the CX300 there is also a serial port that is used by service to access the array directly. You connect a laptop using the serial cable and establish a PPTP connection to the SP. This port does not require a username/password as the assumption is that if you have physical access to the array, you can make changes using the serial port. Once you have the connection, you open IE and point to 1921.168.1.1/set (this is the address for both SPA and SPB) - no username/password required.

The domain security is used by the array to control access to the array. If you can get to the serial port access you should be able to add a new user or destroy the domain security.

There is no username/passwords required for a host to connect over fibre channel. If you want to run commands from the host to the array, some commands (naviSECcli) require that you use the array's username/password before the array will execute the command.

glen

Hi,

I apologize for the time it has taken to get back into this topic, I have been out for a while, and am now back.

The only things I see when I get into the serial connection, and do IE to the array is:

IP address

Hostname

Subnet Mask

Gateway

Peer IP Address

Management Port

Priviledged user configuration Feature is enabled.  You may give another user privileged access to the agent.

The following button will take you to a confirmation page for restarting the Management Server.

Change Update parameters for Agen Connumications.

Reset the Domain Node ID.  This feature corrects rare configuration Problems. Do not use it unless directed to do so by CLARiiON Technical Support.

Turn automatic Discovery of Servers on/off

Reset All Domain Information and restart the Management Server.

So, and i right in thinking that I do the very last option? Reset All Domain Information?   it is odd that I dont have the New User button, i imagine that i dont see it, because this has already been set up.

Once I do that option to the SAN(A), what happens next?  do I have to go back in via serial, and then Add New User? so that I can then get to it via regular IE (as in not connected via serial)?  do I need to do anything to SAN(B)?

Do I need to do anything on my new server so that it sees the SAN, or do I just get into the SAN so that I can assign resources to the new server?

BTW: the services I see on the server that is conencted to the SAn are:

mr2kserv

Navisphere Agent

Although I only see the first serice on the other server that is connected to the SAN, so it is kinda weird.

I look forward to your reply, and thanks again for being so patient with me (the newbee and all).

J