+ Post New Thread
Page 30 of 45 FirstFirst ... 2026272829303132333440 ... LastLast
Results 436 to 450 of 664
Hardware Thread, Sun Storage 7110 in Technical; Ok, I can confirm 110% it seems to be a 2008 issue, restarted my 2008 R2 DC and attempted to ...
  1. #436

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303
    Ok, I can confirm 110% it seems to be a 2008 issue, restarted my 2008 R2 DC and attempted to join my SAN to the Domain whilst it was rebooting and it has decided to have a relationship with my 2003 DC, wonder what happens when its back up and I reboot the AD and CIFS service on the san.....

    Before someone says set the join preference to a 2003 DC, Kim already suggested and we tried that and nope it prefers a bit of 2008

    Edit - 2008 R2 DC back up, restarted CIFS and AD on the S7000 and it shows in the AD Screen that its now back in bed with the 2008 R2 and it no longer lets me integrated authenticate my CIFS which it did fine with 2003. So is there any way of hacking the code in these as I fear that this may take a bit of time for Sun to fix in the code (based on the very large amount of stuff all over i've found on the earlier 2008 problems that were present where it was lower the security levels, apply MS request patches etc...) to force it to ALWAYS talk to a 2003 DC?

    2nd Edit: Ok continued poking around seems to get it going.... Turn off 2008 R2 DC (assuming you can so my friend on R2 only your a bit snookered), join to domain with out, when it picks it back up (reboot CIFS and AD a couple of times) you will see when you browse it won't authenticate, go to CIFS settings, ensure compat level is 3, set it to 4 then reboot, browse again > fail, set to 3 reboot, browse again > Fail, set to 2, reboot, Browse again > Success!

    Seems to be VERY tetchy on if it want's to do it so clearly is some bug I think still but mine is now on again and seems to be, touch wood, behaving.

    I have also done the following:
    The mailing lists suggest that the problem might be related to smb signing. On the DC, I opened up the Group Policy Management tool and changed the following:

    Computer Configuration\Policies\Administrative Templates\System\Net
    Logon\Allow Cryptography Algorithms Compatible with Windows NT 4.0 -> Enabled

    I then ran a gpupdate /force.

    Source: http://livingonthecloud.blogspot.com...ver-to-ad.html

    Fine this was part of the original 2008 Fix which isn't needed now as the box should be updated to a release that fixes it, but that seemed to do it, I set that in the Default Domain Policy so everything gets it. I can reboot the SAN now and it seems fine every time and reboot the 2008 and 2003 DCs and it not drop off so seems to be happy for the moment but clearly somethings not quite right........
    Last edited by john; 20th August 2009 at 01:22 AM.

  2. Thanks to john from:

    kmount (20th August 2009)

  3. #437

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,524
    Thank Post
    301
    Thanked 304 Times in 263 Posts
    Rep Power
    83
    Quote Originally Posted by john View Post
    Ok, I can confirm 110% it seems to be a 2008 issue, restarted my 2008 R2 DC and attempted to join my SAN to the Domain whilst it was rebooting and it has decided to have a relationship with my 2003 DC, wonder what happens when its back up and I reboot the AD and CIFS service on the san.....

    Before someone says set the join preference to a 2003 DC, Kim already suggested and we tried that and nope it prefers a bit of 2008

    Edit - 2008 R2 DC back up, restarted CIFS and AD on the S7000 and it shows in the AD Screen that its now back in bed with the 2008 R2 and it no longer lets me integrated authenticate my CIFS which it did fine with 2003. So is there any way of hacking the code in these as I fear that this may take a bit of time for Sun to fix in the code (based on the very large amount of stuff all over i've found on the earlier 2008 problems that were present where it was lower the security levels, apply MS request patches etc...) to force it to ALWAYS talk to a 2003 DC?
    Does your S7000 actually connect to the 2008 R2 domain? Mine doesn't even get that far

    I've tried playing with the various security policies to enable NT4.0 level compatability (Modify Default Security Policies on Windows Server 2008-Based Domain Controllers) but it still doesn't want to work unfortunately. Have to say I'm really hoping that Sun fix this issue quickly!

  4. #438


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,690
    Thank Post
    352
    Thanked 796 Times in 715 Posts
    Rep Power
    347
    Quote Originally Posted by GrumbleDook View Post
    That's it ... crack the whip .. get the minion on the job whilst you get a sun-tan on the beach ;-)
    Minion! I'll give you minion Shep.


  5. #439


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,690
    Thank Post
    352
    Thanked 796 Times in 715 Posts
    Rep Power
    347
    Quote Originally Posted by john View Post
    Ok, I can confirm 110% it seems to be a 2008 issue, restarted my 2008 R2 DC and attempted to join my SAN to the Domain whilst it was rebooting and it has decided to have a relationship with my 2003 DC, wonder what happens when its back up and I reboot the AD and CIFS service on the san.....

    Before someone says set the join preference to a 2003 DC, Kim already suggested and we tried that and nope it prefers a bit of 2008

    Edit - 2008 R2 DC back up, restarted CIFS and AD on the S7000 and it shows in the AD Screen that its now back in bed with the 2008 R2 and it no longer lets me integrated authenticate my CIFS which it did fine with 2003. So is there any way of hacking the code in these as I fear that this may take a bit of time for Sun to fix in the code (based on the very large amount of stuff all over i've found on the earlier 2008 problems that were present where it was lower the security levels, apply MS request patches etc...) to force it to ALWAYS talk to a 2003 DC?

    2nd Edit: Ok continued poking around seems to get it going.... Turn off 2008 R2 DC (assuming you can so my friend on R2 only your a bit snookered), join to domain with out, when it picks it back up (reboot CIFS and AD a couple of times) you will see when you browse it won't authenticate, go to CIFS settings, ensure compat level is 3, set it to 4 then reboot, browse again > fail, set to 3 reboot, browse again > Fail, set to 2, reboot, Browse again > Success!

    Seems to be VERY tetchy on if it want's to do it so clearly is some bug I think still but mine is now on again and seems to be, touch wood, behaving.

    I have also done the following:
    The mailing lists suggest that the problem might be related to smb signing. On the DC, I opened up the Group Policy Management tool and changed the following:

    Computer Configuration\Policies\Administrative Templates\System\Net
    Logon\Allow Cryptography Algorithms Compatible with Windows NT 4.0 -> Enabled

    I then ran a gpupdate /force.

    Source: Living on the Cloud: Joining an OpenSolaris CIFS server to an AD domain

    Fine this was part of the original 2008 Fix which isn't needed now as the box should be updated to a release that fixes it, but that seemed to do it, I set that in the Default Domain Policy so everything gets it. I can reboot the SAN now and it seems fine every time and reboot the 2008 and 2003 DCs and it not drop off so seems to be happy for the moment but clearly somethings not quite right........
    Good post John, investigating your findings now on a 2008 R2 functional set up to see if we can refine them with KB942564 and the LM Compat levels above.

  6. #440

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303
    Quote Originally Posted by Soulfish View Post
    Does your S7000 actually connect to the 2008 R2 domain? Mine doesn't even get that far

    I've tried playing with the various security policies to enable NT4.0 level compatability (Modify Default Security Policies on Windows Server 2008-Based Domain Controllers) but it still doesn't want to work unfortunately. Have to say I'm really hoping that Sun fix this issue quickly!
    Yes mine "plays fine" when you look at the AD screen it shows it as using my 2008 R2 DC as the AD Server. It will not join the AD at all though on 2008 R2 (and I'm not giving it another go now as its on and working so its not being touched again for fear of locking every user out of everything!!!) Maybe worth trying my later part fix about the CIFS but obviously you won't be able to browse it as its not in domain mode but give it a go and do my steps and see if it then magically allows you to join the R2 Domain?

    After I set the option I list in my Fix post, I set it at the Default Domain Policy so it applies to EVERYTHING, Workstations, Servers, SAN, DCs the lot, and rebooted the DC a few times so maybe you need to do that rather than letting it do its usual refresh

  7. #441

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,524
    Thank Post
    301
    Thanked 304 Times in 263 Posts
    Rep Power
    83
    Quote Originally Posted by john View Post
    Yes mine "plays fine" when you look at the AD screen it shows it as using my 2008 R2 DC as the AD Server. It will not join the AD at all though on 2008 R2 (and I'm not giving it another go now as its on and working so its not being touched again for fear of locking every user out of everything!!!) Maybe worth trying my later part fix about the CIFS but obviously you won't be able to browse it as its not in domain mode but give it a go and do my steps and see if it then magically allows you to join the R2 Domain?

    After I set the option I list in my Fix post, I set it at the Default Domain Policy so it applies to EVERYTHING, Workstations, Servers, SAN, DCs the lot, and rebooted the DC a few times so maybe you need to do that rather than letting it do its usual refresh
    I'll give that a try in a bit. I've always got the fallback of just setting up some 2008 R2 file servers to serve files off the SAN that way - one of the benefits of virtualisation

  8. #442

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,524
    Thank Post
    301
    Thanked 304 Times in 263 Posts
    Rep Power
    83
    Well I've got the CIFS shares connecting over NFS on a Windows file server and then being shared out that way for now. Just hope that there's a fix so I can do the sharing without the file server in the middle

  9. #443
    sjl
    sjl is offline
    sjl's Avatar
    Join Date
    Apr 2009
    Location
    Liverpool
    Posts
    62
    Thank Post
    17
    Thanked 20 Times in 15 Posts
    Rep Power
    14
    We have our 5 virtualised (VMWARE) admin servers running on our two X4140’s and 7110 now and all seems to be well – so far after 2 weeks live anyhow.

    SIMS runs really well virtualised – I was a bit worried about that initially. The benefits of snapshots have already helped us roll back a mistake on the RIS server in a matter of minutes! Also separating out the services has really helped being able to reboot a server and not lose every network service.

    The sun kit is great (this is the first time I’ve used it) – the service processor is excellent for remote management - The analytics on the 7110 are superb too, Thanks to Andy from cutter for his help with the sun kit.

    This has been a really useful thread – thanks for the help and info received.

  10. 3 Thanks to sjl:

    Duke (11th September 2009), Hebdenlad (11th September 2009), linescanner (11th September 2009)

  11. #444
    Hebdenlad's Avatar
    Join Date
    Apr 2009
    Location
    Hebden Bridge
    Posts
    194
    Thank Post
    243
    Thanked 84 Times in 42 Posts
    Rep Power
    27
    Glad you like it. FYI, 2009.Q£ will have user quotas(plus a whole load of other stuff) in it if this is any use for you...

    Regards,

    Phil

  12. Thanks to Hebdenlad from:

    sjl (14th September 2009)

  13. #445
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    Quote Originally Posted by sjl View Post
    We have our 5 virtualised (VMWARE) admin servers running on our two X4140’s and 7110 now and all seems to be well – so far after 2 weeks live anyhow.
    This is really good to hear as we'll be doing something very similar next summer! Would you mind posting the odd update if you run into any major issues over the next few months? From what I've heard it all sounds good though.

    Update from me too - 300GB of shared resources are live on our 7410 with no issues. The flash accelerators and analytics are really great. New Year 7 intake on the SAN as well and the storage is functioning fine, we're just running into a couple of issues with mapped folder redirection (XP bug).

    Cheers,
    Chris

  14. Thanks to Duke from:

    sjl (14th September 2009)

  15. #446
    sjl
    sjl is offline
    sjl's Avatar
    Join Date
    Apr 2009
    Location
    Liverpool
    Posts
    62
    Thank Post
    17
    Thanked 20 Times in 15 Posts
    Rep Power
    14
    Quote Originally Posted by Duke View Post
    This is really good to hear as we'll be doing something very similar next summer! Would you mind posting the odd update if you run into any major issues over the next few months? From what I've heard it all sounds good though.

    Cheers,
    Chris
    Yep I'll keep posting any issues etc. As we installed our kit we have documented everything in depth for our Disaster recovery plan. Once we tidy that up I’ll post it along with schematics - obviously with sensitive information omitted but someone may find it useful.

  16. Thanks to sjl from:

    Duke (14th September 2009)

  17. #447
    linescanner's Avatar
    Join Date
    Oct 2006
    Location
    East Anglia
    Posts
    297
    Thank Post
    51
    Thanked 71 Times in 48 Posts
    Rep Power
    28
    Quote Originally Posted by sjl View Post
    Yep I'll keep posting any issues etc. As we installed our kit we have documented everything in depth for our Disaster recovery plan. Once we tidy that up I’ll post it along with schematics - obviously with sensitive information omitted but someone may find it useful.
    Do not forget to post it on our forums also

  18. #448
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,017
    Thank Post
    300
    Thanked 174 Times in 160 Posts
    Rep Power
    57
    I thought I might as well re-use this thread rather than making a new one, hope someone can help...

    (I've emailed Cutter support but figured I'd post here too)

    I’ve got a CIFS share which contains student’s userspaces (i.e. lots of subfolders with their usernames). Permissions are set for the individual student users by the program that creates the folders and accounts, no problems there.

    Staff need read-only permissions on these folders, which I set by doing ‘Read Data/List Directory (r)’ and ‘Execute File/Traverse Directory (x)’ with inheritance on the root directory ACL of the share. This has just been properly tested for the first time and staff can’t open student’s files.

    They can access the share, browse through folders, but when they try to open a file Word tells them they do not have permission. Looking at the file ALC in Windows, staff have ‘Special Permissions’ (unsurprising since it’s a Solaris box which sets them) and running effective permissions gives them traverse folder / execute file and list folder / read data.

    Question 1: What needs to be set on the S7000 to give them read permissions?
    Question 2: How do I do this now there is data in the share? Last time I tried it, adding permissions to a share didn’t affect any data that already existed in the share. I am convinced this behaviour is incorrect as it defeats the purpose of being able to modify an ACL on the S7000 once the share is in use. Windows defaults to inheriting any changed permissions down through the folder tree, and with Linux you can do it with chown -R.

    Separate question: When browsing the shares I noticed that it looks like all my share permissions (not the root directory permissions) have been reset to everyone:allowed rather than how I configured them. The only thing I've changed recently was upgrading to Q2.5.0. Has anyone else experienced this? It would be a bit of a major problem if I'd used share level ACL for security!

    Many thanks in advance for any help anyone can provide!
    Chris
    Last edited by Duke; 1st October 2009 at 02:41 PM.

  19. #449

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,611
    Thank Post
    1,496
    Thanked 1,051 Times in 920 Posts
    Rep Power
    303
    Hi Chris, I set my shares up on the SAN as everyone full control them re-set them all in Windows by doing \\SAN then right click on the share and set them manually.

    I have on my student areas a group for staff and gave them special permisisons for read and execute everything from that folder down inc sub folders and files and it seemed to work fine on my testing, staff don't know they have this access, I put it in place so it was there for if needed was my idea rather than having to re-tweak them. I would screenshot but awaiting my box to come back up from the Q3.1.0 software which has the fix in for my crashing problem

    Haven't noticed the share permissions on mine but will check in the morning for you....

  20. Thanks to john from:

    Duke (2nd October 2009)

  21. #450
    apaton's Avatar
    Join Date
    Jun 2009
    Location
    Kings Norton
    Posts
    283
    Thank Post
    54
    Thanked 106 Times in 87 Posts
    Rep Power
    36
    FYI Excellent document on Windows Integration and S7000 from Sun

    BigAdmin Feature Article: Microsoft Windows Integration on the Sun Storage 7000 Unified Storage System
    • 1 Overview
    • 2 Scope
    • 3 Prerequisites
      • 3.1 Operating System Prerequisites
      • 3.2 Storage System Prerequisites

    • 4 Sun Storage 7000 Unified Storage System Configuration Best Practices
      • 4.1 System Configuration

    • 5 Implementation Procedures
      • 5.1 System Configuration
      • 5.2 Services Configuration
      • 5.3 Share Configuration
      • 5.4 Share Management From Windows Server 2003 R2
      • 5.5 Publishing Shares to Active Directory
      • 5.6 Data Migration
      • 5.7 DFS Target
      • 5.8 Snapshot
      • 5.9 Analytics

    • 6 Quick Troubleshooting

  22. Thanks to apaton from:

    Duke (2nd October 2009)

SHARE:
+ Post New Thread

Similar Threads

  1. Sun Java Virtual machine
    By wesleyw in forum How do you do....it?
    Replies: 1
    Last Post: 18th May 2009, 02:58 PM
  2. Sun VirtualBox 2.1
    By tmcd35 in forum Thin Client and Virtual Machines
    Replies: 2
    Last Post: 19th December 2008, 12:05 PM
  3. Sun Ray
    By dan400007 in forum Thin Client and Virtual Machines
    Replies: 16
    Last Post: 21st November 2007, 10:43 AM
  4. Sun Ray?
    By localzuk in forum Thin Client and Virtual Machines
    Replies: 18
    Last Post: 18th April 2007, 10:33 PM
  5. Sun Solaris
    By StewartKnight in forum *nix
    Replies: 7
    Last Post: 18th November 2005, 11:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •