适用于 AWS 的 Cloud Volumes Service 常见问题和资源
适用场景
Cloud Volumes Service for AWS
问题解答
CIFS/SMB
问题: " 创建 Active Directory" 和 "Active Directory" 表单中使用的 "Netbios" 字段是什么?
问题解答 :此值是将在 Active Directory 中为 CIFS 服务器创建的 CIFS 服务器计算机帐户名称。不应预配置此计算机帐户名称。
问:为什么无法访问 ~snapshot/.snapshot 目录?
问题解答 :支持通过先前版本访问快照。如果先前版本选项卡不可用 / 不起作用,请向 NetApp 支持部门创建案例。
问题:如果指定了 SMB 协议以及 Active Directory 设置,但出现以下错误之一,则 " 创建新卷 " 将失败
错误 1 :原因: SecD 错误:无服务器可用
故障:无法联系 DNS 以发现域 * 控制器
(sample ERROR 1) Error when creating - Failed to create the Active Directory machine account "LODDEMO". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 0 ms] Trying to create machine account 'LODDEMO' in 'DEMO.NETAPP.COM' for Vserver 'svm_98c264ad9f1c4c41b76ffd3d05c4f106_9b5e3359' [ 2009] Failed to connect to 192.168.0.253 for DNS via Source Address 192.168.0.190: Operation timed out **[ 4019] FAILURE: Unable to contact DNS to discover domain ** controllers. [ 4019] Unable to connect to any (0) domain controllers. [ 4019] 'NisDomain' configuration not available [ 4019] NIS configuration not found for Vserver 4 [ 6029] Failed to connect to 192.168.0.253 for DNS via Source Address 192.168.0.190: Operation timed out [ 6029] Unable to contact DNS to discover domain controllers. [ 8039] Failed to connect to 192.168.0.253 for DNS via Source Address 192.168.0.190: Operation timed out [ 8039] Unable to contact DNS to discover domain controllers. [ 10049] Failed to connect to 192.168.0.253 for DNS via Source Address 192.168.0.190: Operation timed out [ 10049] Unable to contact DNS to discover domain controllers. [ 10049] No servers available for MS_LDAP_AD, vserver: 4, domain: DEMO.NETAPP.COM. .
解决方案 1 :可能会阻止 DNS 端口 53 ( TCP 或 UDP )。验证是否可从 DNS 服务器和云卷 IP 访问这些端口。
错误 2 :原因: SecD 错误:无服务器可用
故障:主机名查找失败,并显示错误: hostname NOR.SVMNAME provided , or not known
(示例错误 2 )
Error when creating - Failed to create the Active Directory machine account "LODDEMO". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 0 ms] Trying to create machine account 'LODDEMO' in 'DEMO.NETAPP.COM' for Vserver 'svm_98c264ad9f1c4c41b76ffd3d05c4f106_9b5e3359' [ 8] Entry for host-name: dc2.demo.netapp.com not found in any of the available sources **[ 9] FAILURE: Hostname lookup failed with error: hostname nor ** servname provided, or not known [ 14] Hostname found in Name Service Negative Cache [ 14] Hostname lookup failed with error: hostname nor servname provided, or not known [ 14] No servers found in DNS lookup for _ldap._tcp.DEMO.NETAPP.COM. [ 14] No servers available for MS_LDAP_AD, vserver: 4, domain: DEMO.NETAPP.COM. [ 14] Cannot find any domain controllers; verify the domain name and the node's DNS configuration [ 14] Unable to connect to any (0) domain controllers. [ 14] 'NisDomain' configuration not available [ 14] NIS configuration not found for Vserver 4 [ 20] Hostname found in Name Service Negative Cache [ 20] Hostname lookup failed with error: hostname nor servname provided, or not known [ 20] No servers found in DNS lookup for _ldap._tcp.dc._msdcs.DEMO.NETAPP.COM. [ 23] Hostname found in Name Service Negative Cache [ 23] Hostname lookup failed with error: hostname nor servname provided, or not known [ 23] No servers found in DNS lookup for _ldap._tcp.DEMO.NETAPP.COM. [ 26] Hostname found in Name Service Negative Cache [ 26] Hostname lookup failed with error: hostname nor servname provided, or not known [ 26] No servers found in DNS lookup for _kerberos._tcp.DEMO.NETAPP.COM. [ 26] No servers available for MS_LDAP_AD, vserver: 4, domain: DEMO.NETAPP.COM. .解决方案 2 :验证 DNS 服务器上是否存在 Kerberos 和 LDAP 的 DNS srv (服务位置)记录。
错误 3 :原因: Kerberos 错误: KDC 无法访问
无法联系所请求域的任何 KDC * ( KRB5_KC_UNREACH )
(错误示例 3 )
Error when creating - Failed to create the Active Directory machine account "LODDEMO". Reason: Kerberos Error: KDC Unreachable Details: Error: Machine account creation procedure failed [ 98] Loaded the preliminary configuration. [ 4149] TCP connection to ip 192.168.0.253, port 88 via interface 192.168.0.190 failed: Operation timed out. **[ 24233] FAILURE: Could not authenticate as ** 'administrator@DEMO.NETAPP.COM': Cannot contact any KDC ** for requested realm (KRB5_KDC_UNREACH) .
解决方案 3 : Kerberos 端口 88 ( TCP )可能会被阻止。验证是否可从 KDC 服务器和云卷 IP 访问这些端口。
错误 4 :原因: LDAP 错误:无法联系 LDAP 服务器
失败:无法建立连接( LDAP ( Active ** 目录)
(错误示例 4 )
Error when creating - Failed to create the Active Directory machine account "LODDEMO". Reason: LDAP Error: Cannot contact the LDAP server Details: Error: Machine account creation procedure failed [ 8159] Loaded the preliminary configuration. [ 8164] Successfully connected to ip 192.168.0.253, port 88 using TCP [ 10202] TCP connection to ip 192.168.0.253, port 389 via interface 192.168.0.190 failed: Operation timed out. [ 10204] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com (Error: Can't contact LDAP server) **[ 10204] FAILURE: Unable to make a connection (LDAP (Active ** Directory):DEMO.NETAPP.COM), result: 7642 .
解决方案 4 : LDAP 端口 389 ( TCP 或 UDP )可能会被阻止。验证是否可从 LDAP 服务器和云卷 IP 访问这些端口。
错误5:原因:SecD错误:无可用服务器
无法连接到LSA服务(错误:result_error_SPINCLIENT_socket_receive错误)
(示例错误 5 )
Error when creating - Failed to create the Active Directory machine account "LODDEMO". Reason: SecD Error: no server available Details: Error: Machine account creation procedure failed [ 78] Loaded the preliminary configuration. [ 154] Created a machine account in the domain [ 168] Successfully connected to ip 192.168.0.253, port 445 using TCP [ 175] Unable to connect to LSA service on dc1.demo.netapp.com (Error: RESULT_ERROR_SPINCLIENT_SOCKET_RECEIVE_ERROR) [ 175] No servers available for MS_LSA, vserver: 4, domain: demo.netapp.com. **[ 175] FAILURE: Unable to make a connection ** (LSA:DEMO.NETAPP.COM), result: 6940 [ 175] Could not find Windows SID 'S-1-5-21-296924722-389102597-4211195190-512' [ 183] Deleted existing account 'CN=LODDEMO,CN=Computers,DC=demo,DC=netapp,DC=com'
解决方案 5 :验证是否已在域控制器上启用 SMB2 协议版本。
错误6:原因:SecD错误:无服务器可用
故障:无法进行身份验证、因为*帐户*密码与Active *目录中存储的密码不匹配(krb5kdc_ERR_PREAUTH_FAILED)
(错误示例 6 )
Error when creating - Failed to create the Active Directory machine account "LODDEMO". Reason: Kerberos Error: Pre-authentication information was invalid Details: Error: Machine account creation procedure failed [ 28] Loaded the preliminary configuration. [ 30] Successfully connected to ip 192.168.0.253, port 88 using TCP **[ 35] FAILURE: Could not authenticate as ** 'administrator@DEMO.NETAPP.COM': CIFS server account ** password does not match password stored in Active ** Directory (KRB5KDC_ERR_PREAUTH_FAILED) .
解决方案 6 :验证 Active Directory 配置中指定的帐户密码是否正确。
错误7:原因:LDAP错误:用户访问权限不足
失败:无法创建帐户发生LDAP限制违规、这可能表示提供的用户没有足够的权限在指定的组织单位中添加帐户
(sample ERROR 7)
Error: Machine account creation procedure failed [ 33] Loaded the preliminary configuration. [ 36] Successfully connected to ip 10.216.29.40, port 88 using TCP [ 43] Requested service not found in Active Directory (KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN) [ 43] Failed to initiate Kerberos authentication. Trying NTLM. [ 45] Successfully connected to ip 10.216.29.40, port 389 using TCP **[ 89] FAILURE: Could not create account ** 'cn=DOCTORDOOM,CN=Computers,dc=INTERNALDOMAINA,dc=LOCAL': ** an LDAP constraint violation occurred, which may indicate ** the supplied user has insufficient privilege to add an ** account in the specified organizational unit Error: command failed: Failed to create the Active Directory machine account "DOCTORDOOM". Reason: LDAP Error: The user has insufficient access rights.
错误8:原因:LDAP错误:需要强身份验证
失败:无法建立连接(LDAP (Active *目录)
(sample ERROR 8)
Error when creating - Failed to create the Active Directory machine account "LODDEMO". Reason: LDAP Error: Strong authentication is required Details: Error: Machine account creation procedure failed [ 31] Loaded the preliminary configuration. [ 34] Successfully connected to ip 192.168.0.253, port 88 using TCP [ 40] Successfully connected to ip 192.168.0.253, port 389 using TCP [ 45] Unable to connect to LDAP (Active Directory) service on dc1.demo.netapp.com (Error: Strong(er) authentication required) **[ 45] FAILURE: Unable to make a connection (LDAP (Active ** Directory):DEMO.NETAPP.COM), result: 7609 .
解决方案 8 :禁用 LDAP 服务器签名要求
NFS
问题:适用于 NFS 的 Microsoft 客户端是否可用于 Cloud Volumes ?
问题解答 :适用于 NFS 的 Microsoft 客户端与云卷不兼容
同步
问题: Cloud Volumes Service 同步是否支持每个区域使用数据代理?
问题解答 :目前,所有区域仅允许一个数据代理。如果不同地区需要多个代理,请使用 Cloud Sync 独立界面
问题:传输时出现访问被拒绝
问题解答 :使用以下检查清单协助解决问题
- 确认数据代理可同时访问源和目标
- 如果将 CIFS 用于传输协议,请确保源 / 目标上的共享 ACL 允许所选用户传输数据
- 如果使用 NFS 作为传输协议,请确保导出策略允许使用 root 或超级用户访问权限挂载数据代理的 IP
- 通过从数据代理手动挂载导出来测试对两端的访问,并尝试向目标执行测试写入
- 如果将卷指定为 " 双协议 " ,并使用 NTFS 安全模式和 NFS 作为传输协议
- 请考虑操作 NT DACL 还是 UNIX 模式位是权限管理的首选方法
- 如果需要管理 UNIX 模式位,请将卷更改为 "UNIX" 安全模式
- 如果要使用 NT DACL ,则需要为 root 用户映射到 <NTDOMAIN>\root
- 这需要在 CVS 卷所加入的 AD 域中创建 <NTDOMAIN>\root
- 请考虑操作 NT DACL 还是 UNIX 模式位是权限管理的首选方法
性能
问题: Cloud Volumes Service 卷应具有哪些最大带宽?
问题解答 :Cloud Volumes Service 卷的最大带宽与分配给卷的服务级别以及卷的已分配容量有关。服务级别和已分配容量的成本比较图表 显示给定服务级别和已分配容量的最大带宽。
其他
问:为什么无论分配大小如何,我的卷都显示为 100TB ?
问题解答 :所有卷均创建为 100 TB 精简配置卷,并将显示给客户端。这些卷不会反映在图形用户界面中设置的 " 分配 " 大小。
问题:如果在 Cloud Volumes 中覆盖或删除文件,我有哪些还原选项?
问题解答 :确保在配置卷时已设置快照策略。Cloud Volumes 中唯一本机可用的数据备份副本是通过快照中的这些时间点参考。
按照 AWS 文档了解如何从 Snapshot 副本还原数据。
问题: CVS 中每个卷允许的最大文件数(索引节点)是多少?
问:卷克隆失败的原因是 ‘无法为卷 <volume> 设置卷属性 "files" … 原因:新计数必须大于当前分配的计数 <number>
问题解答 :如果某个卷当前分配的文件数超过克隆卷分配大小所分配的文件数,则在尝试克隆该卷时会发生此问题描述 。
例如:
如果卷当前有 9 , 000 万个文件,并使用 3 TiB 的目标分配大小进行克隆,则克隆将失败。这是因为 A 3 TiB 卷的最大文件数为 8000 万个,比要克隆的源卷少 1000 万个。