Terastation ts-x4. otl cannot join active directory

[chrisloup]

 

 

http://forums.buffalotech.com/t5/Storage/TeraStation-Pro-with-Active-Directory/td-p/12137

I've already followed the checklist.

 

a) terastation2 hostname/computer is created as a pre windows 2000 and set trusted for delegation

b) these specific group policy settings for default domain controller are set

 

Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Enabled

Microsoft network client: Digitally sign communications (always) Disabled
gpupdate /force has been run on the dc itself and on the pc running the terastation webadmin

 

c) datetime + timezone is taken from the ntp server residing on the domain controller itself.

 

d) the domain controller runs a dns server.

 

e) either way by ip address or hostname, both methods do not allow join to domain.

 

f)

netbios over tcpip is set

ip address is static

under dns, there is both a A and PTR record for this machine

dns setting points to the dc/dnsserver.

less than 1000 users

Active Directory Domain Name (NetBIOS Name): mydomaingroup
Active Directory Domain Name (DNS/Realm Name): mydomain.com.sg
Active Directory Domain Controller Name: mydomain-pdc

firmware is 1.30

 

g) I already previously (2 years ago) have joined a terastation 2 pro to the active directory. (in otherwords, server side settings are not likely to be in error.)

 

any more clues? basically, is there a debug log that is more verbose? as well.

also I note that everytime I try to save changes, the trust for delegation at the ad computer entry for the terastation gets turned off

 

 

 ~~~

the strange thing is. I can join as NT domain, but not as active directory.

 

I need to use active directory though.

 

the log file shows

 

May 19 18:09:23 terastation2 TeraStation[4455]: [Web] SMB status was changed
May 19 18:09:23 terastation2 TeraStation[4455]: [Web] Change value : info.domain=ad
May 19 18:09:23 terastation2 TeraStation[4455]: [Web] Change value : info.wg=mydomain-pdc
May 19 18:09:23 terastation2 TeraStation[4455]: [Web] Change value : info.ad_dns=mydomain.com.sg
May 19 18:09:23 terastation2 TeraStation[4455]: [Web] Change value : info.pdc=mydomaingroup
May 19 18:09:23 terastation2 TeraStation[4455]: [Web] Change value : info.wins=10.10.11.1
May 19 18:09:26 terastation2 TeraStation[4455]: [Web] Trying to join domain...
May 19 18:09:42 terastation2 TeraStation[4455]: [Web] Failed to join domain
May 19 18:14:06 terastation2 TeraStation[4455]: [Web] SMB status was changed
May 19 18:14:06 terastation2 TeraStation[4455]: [Web] Change value : info.domain=ad
May 19 18:14:06 terastation2 TeraStation[4455]: [Web] Change value : info.wg=mydomaingroup
May 19 18:14:06 terastation2 TeraStation[4455]: [Web] Change value : info.ad_dns=mydomain
May 19 18:14:06 terastation2 TeraStation[4455]: [Web] Change value : info.pdc=mydomain-pdc
May 19 18:14:06 terastation2 TeraStation[4455]: [Web] Change value : info.wins=10.10.11.1
May 19 18:14:09 terastation2 TeraStation[4455]: [Web] Trying to join domain...
May 19 18:14:23 terastation2 TeraStation[4455]: [Web] Failed to join domain
May 19 18:15:11 terastation2 TeraStation[4455]: [Web] SMB status was changed
May 19 18:15:11 terastation2 TeraStation[4455]: [Web] Change value : info.domain=on
May 19 18:15:11 terastation2 TeraStation[4455]: [Web] Change value : info.wg=mydomaingroup
May 19 18:15:11 terastation2 TeraStation[4455]: [Web] Change value : info.pdc=mydomain-pdc
May 19 18:15:11 terastation2 TeraStation[4455]: [Web] Change value : info.wins=10.10.11.1
May 19 18:15:19 terastation2 TeraStation[4455]: [Web] Trying to join domain...
May 19 18:15:20 terastation2 TeraStation[4455]: [Web] Successed to join domain
May 19 18:16:16 terastation2 TeraStation[4455]: [Web] SMB status was changed
May 19 18:16:16 terastation2 TeraStation[4455]: [Web] Change value : info.domain=ad
May 19 18:16:16 terastation2 TeraStation[4455]: [Web] Change value : info.wg=mydomaingroup
May 19 18:16:16 terastation2 TeraStation[4455]: [Web] Change value : info.ad_dns=mydomain.com.sg
May 19 18:16:16 terastation2 TeraStation[4455]: [Web] Change value : info.pdc=mydomain-pdc
May 19 18:16:16 terastation2 TeraStation[4455]: [Web] Change value : info.wins=10.10.11.1
May 19 18:16:19 terastation2 TeraStation[4455]: [Web] Trying to join domain...
May 19 18:16:22 terastation2 TeraStation[4455]: [Web] Failed to join domain
May 19 18:16:40 terastation2 TeraStation[4455]: [Web] SMB status was changed 

 

 

[Dustrega]

Does your admin/password for joining AD include special characters? (ex. !,@,#,$,etc.)

[chrisloup]

no. there are no special characters.

 

the domain administrator username is administrator

 

[chrisloup]

bumps, is there are more readily knowledgable avenues of technical support if no one here can solve it?

[chrisloup]

tried everything here also no go.

http://74.86.201.210/showthread.php?t=157258

 

my primary dns suffix is in the form xxx.com.sg

 

not sure if thats giving it problems.

[chrisloup]

answered my own question.

 

here's how it looks like.

 

which is plainly weird,

 

the netbios name is not in the "desired" format

 

ideally it should be.
ADDN (Netbios): xxxgroup
ADDN (DNS/Realm name): xxx.com.sg
ADDC Name: xxx-pdc

 

but I found that

ADDN (Netbios): xxx OR ADDN (Netbios): xxx.com.sg works as well for me, I wonder why that is.

 

 

 

 

I am now facing an issue of being able to add ad groups but AD users are invisible.

[TreyH]

Same problem here. Can see groups but not users ....

[chrisloup]

till date I am still having problems with this terastation III

 

I do not have problems with my older terastation2 model TS-HTGL/R5 F/W 1.33

 

~~~

now with a windows server upgrade and windows 7 on the way, the terastation III becomes quite unusable.

 

right now the terastation III is connected to the network via authentication method "NT domain"

right now. if i try to connect to the terastation via a UNC path name on a windows 7 machine

I get a prompt to enter username\password

all domain users are access denied.

apparently i can try to connect via the terastation local user admin, but that gives another error of

 "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. discconect all previous connections to the server or shared resource and try again"

 

using net use, I can see that the computer already has a connection to the $IPC share on the terastationIII . however deleting that share doesn't solve anything.

 

however, I can access the folders via the ip address eg: \\10.10.11.130\backups

but \\terastation2\backups give the above errors.

 

--------examples-------

C:\Users\cl>ping terastation2

Pinging terastation2.insight.com.sg [10.10.11.130] with 32 bytes of data:
Reply from 10.10.11.130: bytes=32 time<1ms TTL=64

 

C:\Users\cl>net use k: \\10.10.11.130\backups
The command completed successfully.

C:\Users\cl>net use L: \\terastation2\backups
Enter the user name for 'terastation2': insightgroup\cl
Enter the password for terastation2:
System error 86 has occurred.

The specified network password is not correct.

C:\Users\cl>net use L: \\terastation2\backups
Enter the user name for 'terastation2': cl
Enter the password for terastation2:
System error 86 has occurred.

The specified network password is not correct.

---------------------------

 

 

 

I've already updated to firmware 1.41 and still nothing, this product is really problematic with all kinds of silly errors and way too verbose error messages.

 

Really, can we have more detailed error messages on why it fails to join, as per the checklists given on many many sites, all my i's are dotted and T's crossed... yet nothing

 

 

 

 

 

 

 

[Jotin]

Which version of windows server are you using? Also you have to change some security settings in windows 7 business and ultimate to get to the shares. Go to control panel, admin tools, local security policy, then go to local policies , security options, then select network manager authentication level and set it to Send LM & NTLM user NTLMv2 Session security if negotiated. 

[tjohnston]

I am having the same problem.  It's driving me nuts.  I've never been able to make this Terastation TSXE4.0TR/L5 join active directory. 

 

We have a network with 3 domain controllers.  Two of them are Windows 2003 servers, and one is a Windows 2008 R2 server. 

 

I can get the TS to join an NT Domain.  I can assign users and groups to shares on this and everything seems to work OK.

 

BUT - All of my Windows 7 machines cannot access these shares.  Whenever I try to connect with a windows 7 client, it prompts me for a username/password.  No combination of valid username/passwords works.  I've tried all of the local security setting changes with no luck.

 

So, here's my situation in a nutshell:

If I can get my Windows 7 machines to connect to this TS when it's part of an NT domain, that will be OK.

 

I would like to be able to get this device to join Active Directory.  This seems to be impossible.

 

Test Conditions:

Firmware version: 1.54

IP Address:  192.168.60.64

Subnet:  255.255.252.0

Netbios Domain: NTSII

Realm: sii.lan

DC: filesrv

Username and password is the domain administrator.  No special punctuation characters in password.

 

Is there a better source of help than this forum?  I see people with essentially the same problem I have, but no confirmed solutions anywhere.

Also, is there any way I can get a better log showing exactly where this is failing when joining AD ?

 

Thanks

 

 

[ckidd]

Hey guys,

 

I have been struggling with this issue since I purchased my Terastation III in early 2010. I have never been able to join the domain even though my Terastation II works just fine. I recently upgraded to firmware 1.54 to see if that would help, it did not.

 

While researching this issue further I found what was affecting my setup. From the Terastation manual,  I have copied below a section on joining an AD Domain. Bullet point #3 explains why my Terastation is unable to properly join. My DNS domain name and Netbios name are not the same. It sounds like your posts describe a similar situation. Just thought I'd pass on that different DNS and Netbios names are not supported by Buffalo. This issue will prevent me from purchasing any Buffalo products in the future.

 

<---begin manaul p.55--->

Restrictions When Administrating in Active Directory Domain

• When you have the TeraStation joined to an Active Directory domain, you must specify the DNS Server which can resolve names for Active Directory domain.

• After building an Active Directory domain, the administrator’s password which is needed to join the Active Directory domain must be changed at least once, or joining the Active Directory domain will fail.

• Active Directory domain’s DNS name and NetBIOS name must be identical.
• If there are more than 5 minutes differences between the TeraStation’s clock and the domain controller’s clock, joining the domain or authenticating domain user or group may fail.