blog.virtualtacit.com

For those Celerra based CIFS servers that receive “Unable to join CIFS Server to Active Directory / Domain Controller” during domain additions, or any of the following, a simple fix exists..

• server_x:201:2119:E: server_cifs server_x -Join compname=mycifsserver domain=mydomain.com admin=administrator: failed to complete command
• LDAP: 3:  Ldap bind: LDAP server is down
  LDAP: 3:  LdapClient::connect: error message: Server down, (error code 81)
  SMB: 3:  DomainJoin::findServer: Unable to contact any domain controller in domain mydomain.com
  ADMIN: 3:  Command failed:  domjoin compname=mycifsserver domain=mydomain.com admin=administrator password=********************** init

Beyond the normal fat fingering of a password and incorrect domain or DNS settings the above commonly is revealed when the DC you are pointing to has NIC teaming or Load Balancing enabled. What follows is a brief example noted in EMC Primus #emc150780….

“In the example below, there are two NIC’s in the team on the DC: the team “leader”, which has a MAC address ending in 5c, and another team member which has a MAC address ending in 5b.

1. The Data Mover gets the IP of the DC from the DNS server. That IP resolves to the MAC address of the primary, or leader in the NIC team, which is 5c.
2. The Data Mover sends the SYN to the DC.
3. The NIC team “leader” and the teaming software will then assign a different NIC, 5b, in the team to respond with a SYN,ACK to the Data Mover.
4. The Data Mover then replies to the SYN,ACK with an ACK.
5. The Data Mover replies with the ACK back to the same MAC address, 5b, that it received the SYN,ACK from. See the example below.

Data Mover (SYN)                                     –>               Domain Controller (5c MAC address obtained from DNS)
Domain Controller (’5b’) (SYN,ACK)        –>               Data Mover
Data Mover (ACK)                                    –>               Domain Controller (5b)

Here are the retransmits in the tcpdump. The Data Mover doesn’t get a response from this point onwards from the Domain Controller:

Data Mover (ACK)                                    –>               Domain Controller (5b) Retransmit
Data Mover (ACK)                                    –>               Domain Controller (5b) Retransmit
Data Mover (ACK)                                    –>               Domain Controller (5b) Retransmit
Data Mover (FIN,ACK)                             –>               Domain Controller (5b)

The Data Mover finally gives up waiting for a response and sends the FIN,ACK to end the conversation to the Domain Controller.

The reason this has happened is because MAC address 5b is receiving packets from the Data Mover and does not know what to do with them. As far as the Domain Controller is concerned, the Data Mover should be talking to MAC address 5c. MAC address 5b ignores the packets received from the Data Mover.”

To rectify such a problem, simply run the following command on the data mover where the CIFS server exists..no reboot required.

server_param server_2 -facility ip -modify reflect -value 0