Unsolved
This post is more than 5 years old
1 Rookie
•
28 Posts
0
5529
Clients autheticating on nodes 2 & 3 get error message "A device attached to the system is not functioning"
I have a 3 node Isilon cluster running OneFS 7.1.1.8 with three access zones plus the system zone and joined to three untrusted AD domains. When users try to authenticate to their shares, the clients that authenticate on node 1 are able to access their shares but those that are load balanced to nodes 2 & 3 cannot authenticate. They get an error message "A device attached to the system is not functioning" and are unable to connect to the shares. As a workaround, I have suspended nodes 2 & 3 in each sc zone and users are able to access shares without issue.
If I SSH to each node and type "isi auth status", nodes 2 & 3 do not have ADS provider info, only local providers.
Lee_exelatech
1 Rookie
1 Rookie
•
28 Posts
0
February 2nd, 2017 16:00
This is the status page if logged into nodes 2 or 3
Lee_exelatech
1 Rookie
1 Rookie
•
28 Posts
1
February 28th, 2017 07:00
Finally found the fix !
I could not find anything in the cluster configuration that was different from other clusters I have running in multiple zones and untrusted domains so I turned my attentions to the network configuration. We have both GigE interfaces on each node aggregated with ext-1 and ext-2 configured as members of an LACP port channel on the Cisco switch. We compared the configurations of each port channel and found the only difference between node 1 port channel and nodes 2 & 3 port channels was the frame size or MTU. Node 1 port channel was set for jumbo frames with an MTU of 9000. Nodes 2 & 3 port channels were at the default 1500. We changed the MTU on nodes 2 & 3 port channels to 9000 and they began participating in all domains.
All three nodes are now participating in the smartconnect load balancing and can now authenticate domain users to their shares in each zone.
Thanks to Peter, Phil and Alan for all your support while I fought this issue. This is one for the books !
Hardus
5 Posts
0
April 27th, 2017 07:00
mine was a little different. "isi auth ads list" showed provider name but no status or site. Modified provider and added domain controller and it started working "isi auth ads modify --provider-name=** --domain-controller=**"