Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

excessive1

11 Posts

3034

May 18th, 2018 08:00

AD provider offline after adding SPNs

Today something strange happened to our cluster connection with the AD server.

Was doing some tests and at the end ultimately had to re-join the AD. Obviously, we lost all the SPNs and SMB clients are unable to access the samba shares now.

Adding manually the records causes the cluster to drop connection with AD:

EMC-1# isi_for_array -s 'isi auth status |grep -i activedirectory'

EMC-1: lsa-activedirectory-provider:WWFX.CO.UK ad.wwfx.co.uk  offline

EMC-2: lsa-activedirectory-provider:WWFX.CO.UK ad.wwfx.co.uk  offline

EMC-3: lsa-activedirectory-provider:WWFX.CO.UK ad.wwfx.co.uk  offline

EMC-4: lsa-activedirectory-provider:WWFX.CO.UK ad.wwfx.co.uk  online

EMC-5: lsa-activedirectory-provider:WWFX.CO.UK ad.wwfx.co.uk  online

Rejoining the cluster to AD works for a while, even though it keep flapping between Online and Offline. Adding SPNs ultimately breaks it.

Also, 4 out of the 5 nodes are having the orange light.

crklosterman

450 Posts

May 18th, 2018 09:00

Open a support ticket, as SEV1 if it's currently not working, or SEV2, if you have it working again for the moment.  Sev-1 SRs are reserved for DU/DL conditions.  And if the users can't get to the data, then it's data unavailable, or DU.  The community forums aren't the right place for an issue like this, unless it's a dev / lab cluster, and even then I'd still suggest the support route.

~Chris

excessive1

11 Posts

May 19th, 2018 13:00

Hi there.

After playing for a bit today I managed to get it working for 30 min and after that it went down again, so I'm pretty sure its not issue with the cluster itself.

Is there any way to check the logs of OneFS about that? I'm thinking it could be some kind of networking issue.

Cheers

crklosterman

450 Posts

May 22nd, 2018 05:00

well it's auth related, so I'd suggest looking in the lsass logs, but you may need to turn them up to debug to get the desired output.  Again, I'd suggest opening a support ticket.

excessive1

11 Posts

May 22nd, 2018 05:00

We already have S1 SR and yesterday we had 4 hour session with Isilon support.

Turns out that node1 of our five-node cluster was offline against AD. After a lot of debugging and restarting processes node1 came back online, but node4 is offline now. At least the cluster is usable at this moment.

1.5GB of logs were uploaded and we are waiting for more info about the case and how it will be resolved.

THanks!

Was this post helpful?

View All

0 events found

No Events found!

Top