NetApp F3020存储域用户访问异常修复全过程

报警信息：

今日同事反应，域账号访问CIFS共享报错，经查看日志报错信息如下所示：

Mon Dec  7 07:53:12 CST 

[cifs.trace.GSSinfo:info]

: AUTH: notice- CIFS - Cannot authenticate with server.Mon Dec  7 07:53:12 CST 

[cifs.trace.GSSinfo:info]

: AUTH: notice- User or Service not found in Kerberos database.Mon Dec  7 07:53:12 CST 

[cifs.server.infoMsg:info]

: CIFS: Warning for server \\DC2: Connection terminated.Mon Dec  7 07:53:12 CST 

[cifs.trace.GSSinfo:info]

: AUTH: notice- CIFS - Cannot authenticate with server.Mon Dec  7 07:53:12 CST 

[cifs.trace.GSSinfo:info]

: AUTH: notice- User or Service not found in Kerberos database.Mon Dec  7 07:53:12 CST 

[cifs.server.infoMsg:info]

: CIFS: Warning for server \\DC1: Connection terminated.Mon Dec  7 07:53:17 CST 

[nbt.nbss.socketError:error]

: NBT: Cannot connect to server 192.168.1.1 over NBSS socket for port 139. Unexpected reply type received: 112. Error 0x16: Invalid argument.Mon Dec  7 07:53:17 CST 

[auth.trace.authenticateUser.loginRejected:info]

: AUTH: Login attempt by user rejected by the domain controller with error 0xc000005e: No Trusted Logon Servers Available - STATUS_NO_LOGON_SERVERS.Mon Dec  7 07:53:48 CST 

[auth.trace.authenticateUser.loginAccepted:info]

: AUTH: Login by NULL user from 192.168.11.16 accepted.Mon Dec  7 07:53:48 CST 

[auth.trace.authenticateUser.loginTraceIP:info]

: AUTH: Login attempt by user lidongni of domain lidongni.com from client machine IT-001 (192.168.11.96).

Cifs domaininfo查看，显示各PDC连接状态均为Broken(坏掉)且没有连接到任何DC：

原因分析：

系前一天域控制器升级至Windows2008模式造成；

解决方法：

显然需要升级存储的操作系统版本才能够支持，怎么样升级了？是否有可升级版本？经查询是可以升级的，只是不知道是否支持Windows2008域模式；

相关链接：

https://kb.netapp.com/index?page=content&id=3011909&pmv=print&impressions=false

FAS3020目前我们使用的版本为7.0.1R即最低版本，它直接的最高版本系统为7.3.7P3：

wpsD5CC.tmp[4] 为了确认7.3.7P3是否支持Windows2008模式，我查看了关于Netapp的官方文档说明：

打开NetAPP WEB管理平台，可以看到对应的链接地址：

wpsD5DD.tmp[4]

http://mysupport.netapp.com/documentation/productsatoz/index.html

wpsD5ED.tmp[4]

http://mysupport.netapp.com/documentation/productlibrary/index.html?productID=30094

wpsD5FE.tmp[4]

因为域服务器的配置与文件权限、共享访问有关系，所以域控制器对应的文件如下图所示：

wpsD60F.tmp[4]

【之所以写得这么细，是希望给读者一个思路】支持Windows2008域控制器OK！

wpsD610.tmp[4]

开始升级：

FAS3020 支持的更新文件类型，通过不同版本操作系统更新文件类型不同，Windows的更新文件为.exe，UNIX为.tar，也可以通过网络进行引导修复.e：

wpsD620.tmp[4]

系统更新可以通过cifs或http等方式进行，我这里设置一个简单的HTTP服务器，确保用户端可以正常访问HTTP目录中的文件：

wpsD631.tmp[4]

F3020> software install http://192.168.1.52/737P3_setup_i.exe

software: copying to /etc/software/737P3_setup_i.exe

software: 100% file read from location.

software: /etc/software/737P3_setup_i.exe has been copied.

software: installing software, this could take a few minutes...

software: installation completed.

Please type download to load the new software and reboot subsequently for changes to take effect.

F3020> Mon Dec  7 14:40:13 CST [rc:info]: software: installation completed.

F3020> download

download: You can cancel this operation by hitting Ctrl-C in the next 6 seconds.

download: Depending on system load, it may take many minutes

download: to complete this operation.  Until it finishes, you will

download: not be able to use the console.

Mon Dec  7 14:40:30 CST [download.request:notice]: Operator requested download initiated

download: Downloading boot device

download: Could not verify file checksum.

download: Failed to complete download instruction at line number 6 of download

download: script file /etc/boot/x86_elf/kernel_256.cmds.

F3020> Mon Dec  7 14:40:31 CST [download.requestDoneError:error]: Operator requested download failed.

    由于我们没有NETAPP的官方账号，让朋友帮忙下载了一个，结果是：737P3_setup_i.exe，而我们存储支持的是737P3_setup_e.exe,故在进行更新boot引导的时候出现错误警告checksum失败，因无法从NETAPP官网下载对应的系统版本，故从IBM官网下载了最新版本软件（google是万能的）；

下载地址：

http://delivery04.dhe.ibm.com/sar/CMA/NAA/059d3/1/

更新操作：

wpsD632.tmp[4]

更新系统版本成功，重新下载boot引导也OK；

wpsD642.tmp[4]

查看域服务器连接正常：

F3020> cifs domaininfo

NetBios Domain:           lidongni

Windows 2003 Domain Name: lidongni.com

Type:                     Windows 2003

Filer AD Site:            default-first-site-name

Not currently connected to any DCs

Preferred Addresses:

                          None

Favored Addresses:

                          None

Other Addresses:

                          None

Connected AD LDAP Server: \\dc2.lidongni.com

Preferred Addresses:

                          192.168.1.1

                           dc2.lidongni.com

Favored Addresses:

                          192.168.1.2

                           dc1.lidongni.com

重新CIFS共享服务协议，访问共享正常，查看对应日志信息，通过域账号可以正常访问！

F3020> cifs restart

CIFS local server is running.

F3020> Mon Dec  7 17:42:22 CST [nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server.

F3020>

F3020> Mon Dec  7 17:42:29 CST [auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user lidongni of domain lidongnifrom client machine 192.168.1.99.

Mon Dec  7 17:42:30 CST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \\DC2.

Mon Dec  7 17:42:30 CST [auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: User from 192.168.1.99 authenticated by DC.

Mon Dec  7 17:42:30 CST [auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user lidongni to Unix user lidongni.

Mon Dec  7 17:42:30 CST [auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user lidongni to Unix user pcuser.

Mon Dec  7 17:42:30 CST [auth.trace.authenticateUser.loginAccepted:info]: AUTH: Login by lidongni from 192.168.1.99 accepted.

F3020> cifs terminate

CIFS local server is shutting down...

CIFS local server has shut down...

至此FAS3020修复完成！

©著作权归作者所有：来自51CTO博客作者levinbin的原创作品，谢绝转载，否则将追究法律责任

存储netappfas3020【杂记】