I recently had to move our SAN equipment over to another network. This of course forced me to destroy the domain I had between my CLARiiON CX4-120 and my Celerra NS-G8 (Gateway). After I re-created the domain on the CLARiiON I went to add the Celerra to the new domain and it tells me of course that it is already apart another domain and that proceeding would pretty much orphan any global domain user accounts. When I saw this I canceled and tried to do it another way but I didn't see anything else where I could remove it from the domain in Unisphere within the Celerra. After looking for help through the documentation to no avail I figured I could just proceed with joining the new domain and accept the warning about it already being in another domain. After all, it said it would remove it and join the new one and this is what I wanted anyway. Well, I did that and it prompted me for credentials to connect. Of course put the local root account with the rights to modify domain attributes on Celerra and it proceeds. Only I noticed that it didn't join the domain but it just allowed me to log on as the root within the same Unisphere instance. It will not accept the new global domain username when I try to log into the Celerra. I have to log with the local accounts. Problem is, it's clear that I screwed it up because it will accept the old domain username and password (that no loger exist) but it just hangs because it's an orphaned account (i know, it warned me this would happen). I can't even go into the Celerra and delete the old domain user account becuase the delete button is grayed out. Does anyone know how I can fix what I did? I haven't been sucessful finding specific documentation on this.
So apprently this is a known issue to where the domain databases do not sync. I have an active SR ticket opened with EMC and so far they haven't been able to figure it out yet. Although just in case someone else can benefit from where I've gotten so far see the primus reports listed below:
Service Workaround for Joining the Celerra to the Storage Domain from the CLI:
The following is a Primus(R) eServer solution:
Solution Class: 3.X Compatibility
Goal ETA emc256359: Celerra: Adding a Celerra to the CLARiiON storage domain (or managing the Celerra) fails, and Celerra domain shows as 'newer version' with status 'unsupported'
Fact EMC Technical Advisory (ETA)
Fact EMC SW: Unisphere Service Manager (USM)
Fact EMC SW: NAS Code 6.0.40-5
Symptom Celerra system in Unisphere shows "Domain" field as "Newer Version."
Symptom Celerra system in Unisphere shows "Status" "Unsupported."
Symptom New installations of Celerra 6.0.40-5 may fail to join the CLARiiON storage domain
Symptom Cannot manage the Celerra within the storage domain using a single user sign-on to the array.
Symptom Logging in to the Control Station using the storage domain admin account may fail with pop-up message:
A Celerra system can only be managed by a version of Unisphere that has a Celerra plug-in of the same version or later. Once 6.0.40-5 is installed on a Celerra, only a corresponding 6.0.40-5 version of the Celerra plug-in can be used. If Unisphere is downloaded from one of the Storage Processors in the array, an older version of the Celerra plug-in will be installed and the 6.0.40-5 Celerra will not be manageable. Currently available versions of the Unisphere Client (including 126.96.36.199.0248 and earlier) also have this issue. Therefore, when a version of Unisphere with an older version of the plug-in is used to try to manage a later version of the Celerra, a message of ·Unsupported· or ·Newer Version· is encountered.
The Unisphere plugin version mismatch issues manifest in the following behaviors:
This issue is currently under investigation, but will most likely require a long-term solution. An off-array fix is in Release 188.8.131.52.0326 of the Unisphere Client application, which is compatible with the 6.0.40-5 Celerra Unisphere plugin. The off-array fix resolves the single user sign-on issue when using the IP address of the array for system management and allows new Celerra 6.0.40-5 installations to join the CLARiiON storage domain.
The solution for off-array is in ·EMC Unisphere Client (Windows) 184.108.40.206.0326· at this location on Powerlink:
Home > Support > Software Downloads and Licensing > Downloads T-Z > Unisphere Server Software
An on-array software solution for the single user sign-on issue and domain-addition issue is now available as part of "CX4 Series FLARE OE Bundle 04.30.000.5.509", and is available at this location on Powerlink:
Home > Support > Software Downloads and Licensing > Downloads C > CLARiiON CX4
Workaround #1 - For Celerra "join" issues to the storage domain:
If you have a 6.0.40-5 system that has been newly installed or upgraded, and cannot get the Celerra to properly join the Storage Domain, please contact your service provider and reference this solution (emc256359) for assistance.
Workaround #2 - For single user sign-on management issue:
If you have a 6.0.40-5 system that is a member of the storage domain, but can no longer be managed with the "single user sign-on" capability when logging into the array IP address, use the following steps to achieve single user sign-on management capability of both the array and the Celerra:
Note 1: The array admin account should have the appropriate privileges applied in order to be able to manage the Celerra system. To verify and set the correct privileges, log into the Control Station using Unisphere, as the Root user, Scope Local. Go to Settings > User Management > Users. Right-click the array administrator account that has been migrated to the Celerra as part of the "Join" process (for example, nasadmin1), select Properties, and ensure that the following Group membership boxes have been checked:
Note 2: If you experience an "Authentication Failed" popup when trying to login as the array administrator to the Celerra Control Station IP Address, with Scope Global, perform the following workaround and then retry the login operation:
# /nas/sbin/cst_setup -reset
See emc257327 for more details regarding the 'Authentication Failed' popup error.
Thanks for the article.
I had the same problem with domain join, this commands are very good.
1. curl -kv "https://.....
2. /nas/sbin/naviseccli -h .....
3. Open master spa with the local installed client.