Hardware Thread, Sun Storage 7110 in Technical; Ok, I can confirm 110% it seems to be a 2008 issue, restarted my 2008 R2 DC and attempted to ...
20th August 2009, 12:47 AM #436
Ok, I can confirm 110% it seems to be a 2008 issue, restarted my 2008 R2 DC and attempted to join my SAN to the Domain whilst it was rebooting and it has decided to have a relationship with my 2003 DC, wonder what happens when its back up and I reboot the AD and CIFS service on the san.....
Before someone says set the join preference to a 2003 DC, Kim already suggested and we tried that and nope it prefers a bit of 2008
Edit - 2008 R2 DC back up, restarted CIFS and AD on the S7000 and it shows in the AD Screen that its now back in bed with the 2008 R2 and it no longer lets me integrated authenticate my CIFS which it did fine with 2003. So is there any way of hacking the code in these as I fear that this may take a bit of time for Sun to fix in the code (based on the very large amount of stuff all over i've found on the earlier 2008 problems that were present where it was lower the security levels, apply MS request patches etc...) to force it to ALWAYS talk to a 2003 DC?
2nd Edit: Ok continued poking around seems to get it going.... Turn off 2008 R2 DC (assuming you can so my friend on R2 only your a bit snookered), join to domain with out, when it picks it back up (reboot CIFS and AD a couple of times) you will see when you browse it won't authenticate, go to CIFS settings, ensure compat level is 3, set it to 4 then reboot, browse again > fail, set to 3 reboot, browse again > Fail, set to 2, reboot, Browse again > Success!
Seems to be VERY tetchy on if it want's to do it so clearly is some bug I think still but mine is now on again and seems to be, touch wood, behaving.
I have also done the following:
The mailing lists suggest that the problem might be related to smb signing. On the DC, I opened up the Group Policy Management tool and changed the following:
Computer Configuration\Policies\Administrative Templates\System\Net
Logon\Allow Cryptography Algorithms Compatible with Windows NT 4.0 -> Enabled
I then ran a gpupdate /force.
Fine this was part of the original 2008 Fix which isn't needed now as the box should be updated to a release that fixes it, but that seemed to do it, I set that in the Default Domain Policy so everything gets it. I can reboot the SAN now and it seems fine every time and reboot the 2008 and 2003 DCs and it not drop off so seems to be happy for the moment but clearly somethings not quite right........
Last edited by john; 20th August 2009 at 01:22 AM.
Thanks to john from:
kmount (20th August 2009)
20th August 2009, 01:17 AM #437
Does your S7000 actually connect to the 2008 R2 domain? Mine doesn't even get that far
Originally Posted by john
I've tried playing with the various security policies to enable NT4.0 level compatability (Modify Default Security Policies on Windows Server 2008-Based Domain Controllers) but it still doesn't want to work unfortunately. Have to say I'm really hoping that Sun fix this issue quickly!
20th August 2009, 10:14 AM #438
Minion! I'll give you minion Shep.
Originally Posted by GrumbleDook
20th August 2009, 11:24 AM #439
Good post John, investigating your findings now on a 2008 R2 functional set up to see if we can refine them with KB942564 and the LM Compat levels above.
Originally Posted by john
20th August 2009, 04:08 PM #440
Yes mine "plays fine" when you look at the AD screen it shows it as using my 2008 R2 DC as the AD Server. It will not join the AD at all though on 2008 R2 (and I'm not giving it another go now as its on and working so its not being touched again for fear of locking every user out of everything!!!) Maybe worth trying my later part fix about the CIFS but obviously you won't be able to browse it as its not in domain mode but give it a go and do my steps and see if it then magically allows you to join the R2 Domain?
Originally Posted by Soulfish
After I set the option I list in my Fix post, I set it at the Default Domain Policy so it applies to EVERYTHING, Workstations, Servers, SAN, DCs the lot, and rebooted the DC a few times so maybe you need to do that rather than letting it do its usual refresh
20th August 2009, 07:47 PM #441
I'll give that a try in a bit. I've always got the fallback of just setting up some 2008 R2 file servers to serve files off the SAN that way - one of the benefits of virtualisation
Originally Posted by john
20th August 2009, 11:02 PM #442
Well I've got the CIFS shares connecting over NFS on a Windows file server and then being shared out that way for now. Just hope that there's a fix so I can do the sharing without the file server in the middle
10th September 2009, 07:28 PM #443
We have our 5 virtualised (VMWARE) admin servers running on our two X4140’s and 7110 now and all seems to be well – so far after 2 weeks live anyhow.
SIMS runs really well virtualised – I was a bit worried about that initially. The benefits of snapshots have already helped us roll back a mistake on the RIS server in a matter of minutes! Also separating out the services has really helped being able to reboot a server and not lose every network service.
The sun kit is great (this is the first time I’ve used it) – the service processor is excellent for remote management - The analytics on the 7110 are superb too, Thanks to Andy from cutter for his help with the sun kit.
This has been a really useful thread – thanks for the help and info received.
3 Thanks to sjl:
Duke (11th September 2009), Hebdenlad (11th September 2009), linescanner (11th September 2009)
11th September 2009, 05:53 AM #444
Glad you like it. FYI, 2009.Q£ will have user quotas(plus a whole load of other stuff) in it if this is any use for you...
Thanks to Hebdenlad from:
sjl (14th September 2009)
11th September 2009, 08:41 AM #445
This is really good to hear as we'll be doing something very similar next summer! Would you mind posting the odd update if you run into any major issues over the next few months? From what I've heard it all sounds good though.
Originally Posted by sjl
Update from me too - 300GB of shared resources are live on our 7410 with no issues. The flash accelerators and analytics are really great. New Year 7 intake on the SAN as well and the storage is functioning fine, we're just running into a couple of issues with mapped folder redirection (XP bug).
Thanks to Duke from:
sjl (14th September 2009)
14th September 2009, 02:24 PM #446
Yep I'll keep posting any issues etc. As we installed our kit we have documented everything in depth for our Disaster recovery plan. Once we tidy that up I’ll post it along with schematics - obviously with sensitive information omitted but someone may find it useful.
Originally Posted by Duke
Thanks to sjl from:
Duke (14th September 2009)
14th September 2009, 03:17 PM #447
Do not forget to post it on our forums also
Originally Posted by sjl
1st October 2009, 02:36 PM #448
I thought I might as well re-use this thread rather than making a new one, hope someone can help...
(I've emailed Cutter support but figured I'd post here too)
I’ve got a CIFS share which contains student’s userspaces (i.e. lots of subfolders with their usernames). Permissions are set for the individual student users by the program that creates the folders and accounts, no problems there.
Staff need read-only permissions on these folders, which I set by doing ‘Read Data/List Directory (r)’ and ‘Execute File/Traverse Directory (x)’ with inheritance on the root directory ACL of the share. This has just been properly tested for the first time and staff can’t open student’s files.
They can access the share, browse through folders, but when they try to open a file Word tells them they do not have permission. Looking at the file ALC in Windows, staff have ‘Special Permissions’ (unsurprising since it’s a Solaris box which sets them) and running effective permissions gives them traverse folder / execute file and list folder / read data.
Question 1: What needs to be set on the S7000 to give them read permissions?
Question 2: How do I do this now there is data in the share? Last time I tried it, adding permissions to a share didn’t affect any data that already existed in the share. I am convinced this behaviour is incorrect as it defeats the purpose of being able to modify an ACL on the S7000 once the share is in use. Windows defaults to inheriting any changed permissions down through the folder tree, and with Linux you can do it with chown -R.
Separate question: When browsing the shares I noticed that it looks like all my share permissions (not the root directory permissions) have been reset to everyone:allowed rather than how I configured them. The only thing I've changed recently was upgrading to Q2.5.0. Has anyone else experienced this? It would be a bit of a major problem if I'd used share level ACL for security!
Many thanks in advance for any help anyone can provide!
Last edited by Duke; 1st October 2009 at 02:41 PM.
1st October 2009, 08:51 PM #449
Hi Chris, I set my shares up on the SAN as everyone full control them re-set them all in Windows by doing \\SAN then right click on the share and set them manually.
I have on my student areas a group for staff and gave them special permisisons for read and execute everything from that folder down inc sub folders and files and it seemed to work fine on my testing, staff don't know they have this access, I put it in place so it was there for if needed was my idea rather than having to re-tweak them. I would screenshot but awaiting my box to come back up from the Q3.1.0 software which has the fix in for my crashing problem
Haven't noticed the share permissions on mine but will check in the morning for you....
2nd October 2009, 11:36 AM #450
FYI Excellent document on Windows Integration and S7000 from Sun
BigAdmin Feature Article: Microsoft Windows Integration on the Sun Storage 7000 Unified Storage System
- 1 Overview
- 2 Scope
- 3 Prerequisites
- 3.1 Operating System Prerequisites
- 3.2 Storage System Prerequisites
- 4 Sun Storage 7000 Unified Storage System Configuration Best Practices
- 5 Implementation Procedures
- 5.1 System Configuration
- 5.2 Services Configuration
- 5.3 Share Configuration
- 5.4 Share Management From Windows Server 2003 R2
- 5.5 Publishing Shares to Active Directory
- 5.6 Data Migration
- 5.7 DFS Target
- 5.8 Snapshot
- 5.9 Analytics
- 6 Quick Troubleshooting
By wesleyw in forum How do you do....it?
Last Post: 18th May 2009, 02:58 PM
By tmcd35 in forum Thin Client and Virtual Machines
Last Post: 19th December 2008, 12:05 PM
By dan400007 in forum Thin Client and Virtual Machines
Last Post: 21st November 2007, 10:43 AM
By localzuk in forum Thin Client and Virtual Machines
Last Post: 18th April 2007, 10:33 PM
By StewartKnight in forum *nix
Last Post: 18th November 2005, 11:33 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread