Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

lucbus

9 Posts

7129

January 24th, 2018 05:00

Error 0x6702173 trying to join AD domain

We are currently evaluating the unity and training on it using the community unityVSA.

I was able to setup an NFS nas and now I'm trying to setup the CIFS one. Everytime it was failing using the gui so to be able to try multiple different syntax I'm now using command line it is a lot faster.

The nas is created and now I'm trying to create the cifs server and every time we are getting the same errror. 0x6702173

Our AD domain is corp.transcontinental.ca and there is a container name Computers or an ou name New-Computers at the top level in which the account has right to add servers in them. Just in case there was a permission problem we have also tested with a Domain Admin account.

Here is the syntax we have used :

uemcli -d 172.25.3.8 /net/nas/cifs create -server nas_6 -netbiosName idsunivsmb01 -username svc_netapp_ad -passwd xxxx -orgUnit "OU=New-Computers,DC=corp,DC=transcontinental,DC=ca" -domain corp.transcontinental.ca

uemcli -d 172.25.3.8 /net/nas/cifs create -server nas_6 -netbiosName idsunivsmb01 -username svc_netapp_ad -passwd xxxx -orgUnit "CN=Computers,DC=corp,DC=transcontinental,DC=ca" -domain corp.transcontinental.ca

For all the test the result is :

Storage system address: 172.25.3.8

Storage system port: 443

HTTPS connection

Operation failed. Error code: 0x6702173

The system encountered an unexpected error. Search for the error code on the support website or product forums, or contact your service provider, if available. (Error Code:0x6702173)

Job ID = N-85

Currently it is hard to troubleshoot because we don't know which DC server was pick by the Unity we have a lot...

here is some questions now ::

  1. Is there some detailled/debug log on the Unity so I can see was is happening in the AD communication?
  2. Is there a way to test the DNS resolution in a NAS server to make sure it picks a valid DC?
  3. Is there a way to force a specific DC server?
  4. Is it possible to do a packet capture on the Unity and to transfer it to a server so we can analyze it?

Thanks for helping

Rainer_EMC

8.6K Posts

January 26th, 2018 08:00

there are trace files for development and support - so they are not simple to read

do a grep for DomainJoin in the log dir at EMC C4Core and you might find it

of course you need to be on the same SP so you might have to do a ssh peer

Rainer_EMC

8.6K Posts

January 26th, 2018 02:00

Hi,

svc_cifssupport can help you troubleshoot - see the Unity service commands manual

you first need to enable SSH from GUI then you can login via ssh and the service account to execute service commands

svc_tcpdump can take network traces

just be very careful NOT to fill up the file system - see the knowledgebase on support.emc.com for instructions

Does your password by any chance contain a double quote " ?

There was a bug about that resulting in the same error code

Which Unity version are you using ?

lucbus

9 Posts

January 26th, 2018 03:00

Hello,

I tried the svc_cifssupport but it looks like it won't let me Join a domain since I have not setup the CIFS yet in the NAS :

10:56:05 service@VIRT1802869N9N-spa spa:~> svc_cifssupport idsunivsmb01 -Join -compname idsunivsmb01 -domain corp.transcontinental.ca -admin svc_netapp_ad -ou "OU=New-Computers"

idsunivsmb01 : Enter Password for svc_netapp_ad:

Error 13157007675: idsunivsmb01 :  DomainJoin: compname idsunivsmb01 does not exists in CIFS configuration.

The password does not have " in it and I have tried it also with a different account which does not have special character in it with the same error. I tried also with an invalid password and still the same error.

The version is : UnityVSA-4.2.1.9535982

Thanks

Rainer_EMC

8.6K Posts

January 26th, 2018 06:00

some other possible causes:

OU specified to join is not following the correct syntax - just try leaving the OU field blank

Administrator doesnt have Privilegs to join to that OU

lucbus

9 Posts

January 26th, 2018 07:00

The problem is the default OU is invalid since Computers is a container not a OU.

For the account this is the account that we are using to join the netapp SVM in the domain and we never had issue. Just in case I have asked a windows admin to use his domain admin account with still the same error.

lucbus

9 Posts

January 26th, 2018 10:00

Thanks with these logs I was able to find that the -orgUnit was refused because I was using uppercase. I changed it to lowercase and now it is working.

Now I know where to look for when I have cryptic error message ;-)

Rainer_EMC

8.6K Posts

January 29th, 2018 02:00

please let us know once you found out what the problem was

as far as DNS testing goes - currently there is no NAS server level nslookup/dig (unless you are dev/support)

you can try uemcli /net/util ping

Rainer_EMC

8.6K Posts

January 29th, 2018 08:00

thanks for the feedback

yes it can be quite confusing what is case sensitive or not or just case preserving :-)

good to know it wasnt a bug

View More

View All

No Events found!

Top