what DART version are you running ? I remember you had to be at specific version to support Windows 2008/ Windows 7

Hi,

The DART version is  5.5.28-1

But the similar problem also happen in Windows 2003 Domain Controller...I have to upgrade the DART version...

any method to check what authentication of my Celerra NS700G is currently using? pls advise..thx..

The Celerra should support NTLM and NTLMv2, but this is not a configuration or setting on the DM.   Please refer to Primus emc94062.

Windows 2008 domain needs to run in Windows 2003 compatibility mode if NTLM is used for authentication, or a DC change can be made:

Computer Configuration>Administrative Templates>System>Netlogon>Allow cryptography algorithms compatible with Windows NT 4.0

You may want to review your environments GPO configuration regarding NTLM.

Let me know if this helps.

Sebby Robles

eServices Support

EMC Celerra Support

Hi Sebby,

Per my first post,

I have reffered to http://support.microsoft.com/kb/942564

which already implemented  "allow cryptography algorithms compatible with Windows NT 4. in Default Domain Controller policy..

But the error is still .."'\\nas is not accessible"....even though I newly add Windows 2003 Domain Controller and Windows 2008 Domain Controller...

Any log in NAS I can check which can provide further information..

Hi

I found one more error in Windows 2003 domain controllers..

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/nas.abc.com 
The target name used was cifs/nas.abc.com 
This indicates that the password used to encrypt the kerberos service ticket is different than
that on the target server. Commonly, this is due to identically named  machine accounts
in the target realm (ABC.COM), and the client realm.   Please contact your system administrator.

is this the CIFS server have problem which require to re-join the Windows Domain ?

where can I find the related log in the NAS gateway?  thx.

server_log ?

Hi,

As I don't familiar the linux command,

Can you help to provide more specific command  which I can run from the CLI to reteieve the log for authenticaion error?

Thanks.

laiihk wrote: The DART version is  5.5.28-1

do you realize that 5.5.28.1 was released in April 2007 whereas Windows 2008 was 2008 (2008R2 2009) ?

try running any other OS for 3.5 year without updates (but updating the clients and domain controllers) ....

According to the Support Matrix on eLab Windows 2008R2 clients require at least a 5.6 based DART release.

I would suggest to upgrade.

Rainer

Hi Rainer,

thanks for your info, I awared after the problem happen..

So that I have demoted the Windows 2008 DC....

but for your update, even add a new Windows 2003 Domain Controllers in the same Domain, it has the same problem.. the newly added Domain Contoller cannot access the CIFS server...

is this useful to "resetting the password on the CIFS server"?? (any impact to end user?)

because I really the Celerra is my customer...I want to minimize the customer change....

Thanks..

you can view the Celerra log using server_log server_2

When in doubt I would suggest to open a service request with customer service

Hi Rainer,

I just have one very useful informaiton find out...I can use the Windows 2003 DC to access one of the CIFS server...(just know) >..

When I run "Checking the user authentication method", 

server_cifs server_2

it returned

CIFS Server NASBACKUP[ABC] RC=3
Full computer name=nasbackup.ABC.com realm=ABC.COM
Comment='EMC-SNAS:T5.5.28.1'
if=172_25_12_237 l=172.25.12.237 b=172.25.12.255 mac=8:0:1b:42:54:53
  FQDN=nasbackup.abc.com (Updated to DNS)
Password change interval: 0 minutes
Last password change: Sat Apr 26 13:07:26 2008 GMT
Password versions: 2

CIFS Server TFNAS[ABC] RC=9
Full computer name=TFNAS.ABC.com realm=ABC.COM
Comment='EMC-SNAS:T5.5.28.1'
if=172_25_12_231 l=172.25.12.231 b=172.25.12.255 mac=8:0:1b:42:54:53
  FQDN=TFNAS.ABC.com (Updated to DNS)
Password change interval: 0 minutes
Last password change: Sat Apr 26 13:07:15 2008 GMT
Password versions: 3, 2

What is the Password versions representating ?

Because I just find I can use the Windows 2003 DC to access NASBACKUP (PASSOWRD VERSION:2)

while I cannot access the TFNAS (Password version: 3, 2)

pls advise...thx..

To check the DM log, you can try the following:   server_log server_2 -a -s

If nothing stands out, I would recommend opening a case with support.  Traces may be needed.

Thanks.

Sebby Robles

eServices Support

EMC Celerra Support

Dont know – sorry I am not support

If you need a guaranteed answer you need to open a service request with EMC customer service or through live chat

Rainer

Hi,

You should take a look to primus emc208924. It will explain password versions and maybe give you a hint to resolve your problem.

Hope this help !