Windows Server 2008 (not R2) Service Pack 3
-
Thursday, December 16, 2010 10:42 AM
We have recently encountered an issue with being unable to add some OnTap vFilers back into a domain after an office move. The domain consists of fifty or so Windows Server 2008 SP2 DCs and one Windows Server 2000 DC (the forest & domain are both at the 2000 functional level still).
The vFilers are running the latest version of OnTap and it seems the issue we have is a known problem according to MS KB article 968140 for which there is a hotfix download. I've now been told to hold off on the hotfix as they have a workaround (using the Windows Server 2000 DC) and that the fix will be in Windows Server 2008 Service Pack #3. I wasn't aware that SP3 was on the horizon for Windows Server 2008 (not R2), can anyone shed any light on this?
Answers
-
Friday, December 17, 2010 12:58 PM
From feedback I heard (Or didn't hear) I don't think it is that soon. I guess soon is a relative term though.
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergsPlease no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer by Bruce-LiuMicrosoft Contingent Staff, Moderator Monday, December 27, 2010 2:00 PM
All Replies
-
Thursday, December 16, 2010 1:04 PM
I haven't heard anything and maybe someone else has , so I have posed this question to some folks within Microsoft, I'll let you know the response.
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergsPlease no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights. -
Thursday, December 16, 2010 4:46 PM As luck would have it this is documented at: https://kb.netapp.com/support/index?page=content&id=2013577. You will need to use your NOW credentials to access the article.
Mark Arnold, Exchange MVP.- Proposed As Answer by pbbergsMVP Thursday, December 16, 2010 4:51 PM
-
Thursday, December 16, 2010 4:49 PM
Thanks Mark
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergsPlease no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights. -
Thursday, December 16, 2010 5:09 PMUnfortunately my Netapp id doesn't allow me access to that document :-(
-
Friday, December 17, 2010 12:14 AM
Cifs setup may fail with "Argument list too long" when joining a Windows Server 2008 Domain
KB ID: 2013577 Version: 1.0 Published date: 09/10/2009
Categories: Troubleshooting , Data ONTAP 7G , CORE Available To: OEM , External , Internal Owner: Peter AbromitisSymptoms
When joining a NetApp Storage Controller to a Windows Server 2008 Domain, cifs setup may fail with the following error:
Thu Feb 19 22:33:36 EST [ cifs.trace.GSS :error]: AUTH : Could not set filer password in domain: ( 0x7 ) Argument list too long.
A packet trace taken during cifs setup will show the Windows Server 2008 Domain Controller respond to the KPASSWD request with a KRB Error:
KRB5KDC _ERR_S_PRINCIPAL_UNKNOWN
Cause
This failure will occur if the krbtgt account has been authoritatively restored or if an authoritative subtree restore of the Users container or the entire domain has been performed.
Solution
This is a known issue with Windows Server 2008 Domains if the krbtgt account has been authoritatively restored. This issue will be fixed in Windows Server 2008 SP3.
Workaround:
If the domain is not Windows 2008 Native and Windows 2000 or Windows 2003 Domain Controllers are available, use prefdc to set the Storage Controller to a Windows 2000/2003 Domain Controller and re-run cifs setup.
Also see the following Microsoft Hotfix: http://support.microsoft.com/kb/968140/
To verify if the krbtgt account has been authoritatively restored, you can utilize repadmin on the Windows 2008 Server using a command similar to the following:
Example:
-- Your Domain Controller is named DC1
-- Your Domain is named Domain.comFrom a command prompt on the Windows 2008 Server run the following command:
C:\ repadmin.exe /showobjmeta DC1 cn=krbtgt,cn=users,dc=domain,dc=com
Truncated output of the command will look something like the following:
41 entries.
Loc.USN Originating DC Org.USN Org.Time/Date Ver Attribute
======= ============ === ======== ============= === =========
92248340 fb36d148-19fd-43f0-8876-91a027863f79 155898 2009-11-18 12:56:34 100001 objectClass
92248339 77dba4f6-3870-4eb5-b46a
-4f1fb1ee0be6 92248339 2009-11-18 12:59:51 4 cn
92248340 fb36d148-19fd-43f0-8876-91a027863f79 155898 2009-11-18 12:56:34 100001 description
92248340 fb36d148-19fd-43f0-8876-91a027863f79 155898 2009-11-18 12:56:34 100001 instanceType
9027 4855f23c-744c-488d-852c-9c170dd3359c 108176481 2007-04-15 18:10:11 1 whenCreatedNote : If the Version number on the attributes are greater than 100,000, it strongly suggests that the account was authoritatively restored.
NetApp Case Number
2000535882, 2000701132Former KB ID
kb47163
Mark Arnold, Exchange MVP.- Proposed As Answer by Mike KlineMVP Friday, December 17, 2010 2:35 AM
-
Friday, December 17, 2010 12:16 AMNot sure why you haven't got access to it. All NOW accounts should be able to access that and in any case you should have been pointed at it when you raised your case with NetApp support. Anyway, it's there for you now.
Mark Arnold, Exchange MVP. -
Friday, December 17, 2010 10:26 AM
Thanks for the information. One of our other support guys who looks after the vFilers has got access to that information. However, my original query wasn't about the hotfix, rather the fact that I was being told to wait until Service Pack 3 for Windows Server 2008 is released as this will include the fix. I wasn't aware that SP3 for Windows Server 2008 is being released and was looking for information as to whether it is something that's going to happen in the near future.
I believe the thinking is that if SP3 is going to be released soon then they will apply the hotfix to one DC and use that as a workaround for the vFiler problem in the interim, and then install SP3 when it's released. However, if SP3 is some way off or isn't going to happen at all, then the plan would be to apply the hotfix more widely.
-
Friday, December 17, 2010 12:58 PM
From feedback I heard (Or didn't hear) I don't think it is that soon. I guess soon is a relative term though.
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergsPlease no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer by Bruce-LiuMicrosoft Contingent Staff, Moderator Monday, December 27, 2010 2:00 PM
.png){kind=spacer}
