Error Message Is Sasl Protocol Violation
19, 2013May 8, 2014 by Tomek Recently I had an issue with EMC VNX. I have a cifs_server on Data Mover and when I tried to add the NetBIOS Name to the Domain I was facing the issue: Brief Description: DomainJoin::connect:: Unable to connect to the LDAP service on Domain Controller ‘domain_controller.mydomain.net' (@IP) for compname ‘compname'. Result code is ‘Sasl protocol violation'. Error message is Sasl protocol violation. Full Description: DomainJoin::connect:: Unable to connect to the LDAP service on Domain Controller ‘domain_controller.mydomain.nett' (@IP) for compname ‘compname'. Result code is ‘Sasl protocol violation'. Error message is Sasl protocol violation. Recommended Action: Refer to your Customer Service Knowledgebase. Contact your Customer Service. Message ID: 13157007706 That was a message shown in EMC Unisphere. My first idea was: go to CLI i try from command line [nasadmin@VNX ~]$ server_cifs vdm-name -Join compname=vnxname,domain=mydomain.net,admin=useradmin vdm-name : Enter Password:************ Error 13157007706: vdm-name : DomainJoin::connect:: Unable to connect to the LDAP service on Domain Controller ‘dc.mydomain.net' (@IP) for compname ‘vnxname'. Result code is ‘Sasl protocol violation'. Error message is Sasl protocol violation. OK, let's try the logs: [nasadmin@VNX ~]$ server_log vdm-name 2013-11-07 19:26:35: KERBEROS: 4:[vdm-name] WARNING: no response from KDC ip1 2013-11-07 19:26:40: KERBEROS: 4:[vdm-name] WARNING: no response from KDC ip1 2013-11-07 19:26:45: KERBEROS: 4:[vdm-name] WARNING: no response from KDC ip3 2013-11-07 19:26:50: KERBEROS: 4:[vdm-name] WARNING: no response from KDC ip4 2013-11-07 19:26:55: KERBEROS: 4:[vdm-name] WARNING: no response from KDC ip5 2013-11-07 19:26:55: LDAP: 3:[vdm-name] LDAP authentication: GSS initate security context for target: ldap/
of our Celerra CIFS Server environment last week and I was not able to get the CIFS servers to join the replica of the domain controller on the DR network. I would get the error ‘Sasl protocol violation' on every attempt to join the domain. We have two interfaces configured on the data mover, one connects to production and one connects to the DR private network. The default route on the Celerra points to the DR network and we have static routes configured for http://www.storagefreak.net/2013/11/domain-join-and-sasl-protocol-violation each of our remote sites in production to allow replication traffic to pass through. Everything on the network side checked out, I could ping DC's and DNS servers, and NTP was configured to a DR network time server and was working. I was able to ping the DNS Server and the domain controller: [nasadmin@datamover1 ~]$ server_ping server_2 10.12.0.5 server_2 https://thesanguy.com/2012/06/21/cant-join-cifs-server-to-domain-sasl-protocol-violation/ : 10.12.0.5 is alive, time= 0 ms [nasadmin@datamover1 ~]$ server_ping server_2 10.12.18.5 server_2 : 10.12.18.5 is alive, time= 3 ms When I tried to join the CIFS Server to the domain I would get this error: [nasadmin@datamover1 ~]$ server_cifs prod_vdm_01 -Join compname=fileserver01,domain=company.net,admin=myadminaccount -option reuse prod_vdm_01 : Enter Password:********* Error 13157007706: prod_vdm_01 : DomainJoin::connect:: Unable to connect to the LDAP service on Domain Controller ‘domaincontroller.company.net' (@10.12.0.5) for compname ‘fileserver01'. Result code is ‘Sasl protocol violation'. Error message is Sasl protocol violation. I also saw this error messages during earlier tests: Error 13157007708: prod_vdm_01 : DomainJoin::setAccountPassword:: Unable to set account password on Domain Controller ‘domaincontroller.company.net' for compname ‘fileserver01'. Kerberos gssError is ‘Miscellaneous failure. Cannot contact any KDC for requested realm. ‘. Error message is d0000,-1765328228. I noticed these error messages in the server log: 2012-06-21 07:03:00: KERBEROS: 3: acquire_accept_cred: Failed to get keytab entry for principal host/fileserver01.company.net@COMPANY.NET - error No principal in keytab matches desired name (39756033) 2012-06-21 07:03:00: SMB: 3: SSXAK=LOGON_FAILURE Client=x.x.x.x origin=510 stat=0x0,39756033 2012-06-21 07:03:42: KERBEROS: 5: Warning: send_as_request: Realm COMPANY.NET - KDC X.X.X
(file based) data that resides on our Celerra for a while now. There are many options available, but before looking into a specific solution I was asked to generate a report that showed exactly how much of the data https://thesanguy.com/tag/celerra/page/2/ has been accessed by users for the last 60 days and for the last 12 months. As I don’t have permissions to the shared folders from my workstation I started looking into ways to run the report directly from the Celerra control station. The method I used will also work on VNX File. After a little bit of digging I discovered that you can access all of the file systems from the control station by navigating to error message /nas/quota/slot_