IHAC running ONTAP 9.6p3. They're complaining of CIFS performance, and managing the SVM (adding domain users into local groups, etc) timeout, and users have problems accessing shares. I verified that the time is in sync with the DCs, and the SVM can ping the domain name.
When I performed a dns check, I have 2 different experiences. The DNS server is also a domain controller - 192.168.1x.xx5
That DC hosts 2 different domains:
bad.domain.com (this is the customer's AD domain)
good.domain.com (this looks like an administrative domain that was created in AD)
On the prod SVM (as well as a test SVM), I configured DNS:
::> vserver services dns create -vserver svm1 -domains bad.domain.com -name-servers 192.168.1x.xx5, 100.100.x.xx1
When I check the domain, the test sometimes times out, or responds VERY slowly:
ntap01::*> vserver services dns check -vserver svm1 -instance
Vserver: svm1
Name Server: 192.168.1x.xx5
Name Server Status: up
Status Details: Response time (msec): 3623
Vserver: svm1
Name Server: 100.100.x.xx1
Name Server Status: up
Status Details: Response time (msec): 2743
2 entries were displayed.
But when I change the domain (not the CIFS domain, but the domain that the SVM has configured for DNS settings), the response adequate:
::> vserver services dns modify -vserver svm1 -domainsgood.domain.com
ntap01::*> vserver services dns check -vserver svm1 -instance
Vserver: svm1
Name Server: 192.168.1x.xx5
Name Server Status: up
Status Details:Response time (msec): 15
Vserver: svm1
Name Server: 100.100.x.xx1
Name Server Status: up
Status Details: Response time (msec): 13
2 entries were displayed.
Both domains (good.domain.com and bad.domain.com) are zones on the same DNS server. I can reproduce this problem with the prod SVM that is having CIFS problems. If I create a new nfs-only SVM, I get the same issues even though the test SVM is not part of an AD domin.
The reason I'm putting stock into this test is because vserver cifs check doesn't bode well (the below output is a re-enactment, so some of the responses have been manually modified to simulate the actual response😞
::> vserver cifs check -vserver svm1 -instance
Vserver: svm1
Node: ntap01-01
CIFS NetBIOS Name: SVM1
CIFS Server Status: Running
CIFS Server Site:
Domain Controller Name: bad.domain.com
Domain Controller IP Addr: 192.168.1x.xx5
Connectivity Status: down
Any ideas? My initial thought was bad SRV records or something, but the rest of the computer accounts are OK. There are no other NetApp instances on their AD domain.
Thanks for the help