Isilon Troubleshooting Doc

Isilon Troubleshooting Guide

Access Zones


Problem with Adding Active Directory Providers - 1

When we are adding additional Active Directory Providers to the Cluster for providing authentication for other Access Zones, the system will prompt the following error message: “Error #1: Zones are configured to use all authentication providers and only one ADS provider is allowed per zone. Unable to join a second ADS.


Macintosh HD:Users:DanielG:Desktop:Isilon-AD Providers - Error.png


Why the cluster does not allow us to add the 2nd AD Provider even though we will not allocate this 2nd AD Provider on the same Access Zones that already has the AD Provider?


By default, when we configure an Active Directory provider, it is automatically added to the System access zone.  When we add the 1st AD Provider to the cluster for providing the authentication for the 1st access zone, it is also added to the System access zone. At the time when we want to add the 2nd AD Provider to the cluster, the system is also tried to automatically add that 2nd AD Provider to the System access zone. As the cluster only allows 1 AD Provider per access zone, it prevents this addition and prompts the above error message.

In order to have this additional AD provider configuration, we need to change the Authentication Providers setting for System access zone from “Use all authentication providers” to “Manually select authentication providers”.


Macintosh HD:Users:DanielG:Desktop:System access Zone - manual.png




Macintosh HD:Users:DanielG:Desktop:System Access Zone - Authentication Providers settings.png


This setting will allow us to select manually the provider for System access zone. It will also not adding the additional AD providers to the system access zone automatically. Then the cluster will allow us to add additional AD providers for other access zones.


Problem with Adding Active Directory Providers - 2


We are unable adding an AD provider and the cluster prompts us this error message  “Error #1: Failed to get DC for “our.domain.name”: NERR_DCNotFound”.


Macintosh HD:Users:DanielG:Desktop:AD Provider - DC Not Found.png



This error is related to the problem of the cluster for not able resolving the name of the domain controller for that new domain. We need to check the cluster’s DNS configuration. OneFS does not support one DNS server per access zone. It is recommended that all access zones point to a single DNS server. In this multiple access zones environment we can configure a DNS Server with forwarder service that forward other’s domain naming resolutions to its respective DNS Servers.



Unable to create multiple IP Address Pools for multiple SmartConnect zones in the same subnet

By default the cluster does not allow us to create multiple IP address Pools for SmartConnect zones within the same subnet. We have the following options to solve this:

1.     Activate SmartConnect Advanced Licensed.

Without activating additional advanced license, the cluster only support SmartConnect Basic. With SmartConnect Basic, we may only assign one IP address pool per external network subnet.  Multiple pools for a single subnet are available only if we activate a SmartConnect Advanced license.

2.     Create additional subnet and configure the additional SmartConnect zone on this new subnet.

Without the SmartConnect Advanced license, we need to create additional subnet to be utilized by the additional SmartConnect zone.


Comments