× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

AD and occasional lockout on shares

chriswe5t
Aspirant

AD and occasional lockout on shares

Hello

Long-time user and fan of ReadyNAS, but I'm wondering if the creeks are coming in a bit. I hope someone here can point me in the right direction.

Problem-
I have my ReadyNAS 314 (OS 6.2.4) working in my Windows 2012 R2 Domain. I have 22 users who access 4 shares each (including their 'home' folders). Randomly, every 4-7 weeks, we will come in the morning and ReadyNAS will refuse any ADS connections.

The mapping of any network drives from Windows ( e.g. NET USE Q: \\MyNAS\SALES ) simply hangs in the DOS login script. Occasionally it will even ask for a username in the dos box, which will let me login with user \DOMAIN\dave then his passsword

Checklist-
1- My ReadyNAS DNS points to the Domain Controller
2- My ReadyNAS is set to get it's time from same server.
3- I do not cache ADS accounts locally after the bug 6.2.x gave me all sorts of daily problems. Been more reliable since .4, but not 100%
4- The ADS server is set to automatically apply Windows Updates and reboot overnight. The lock-out events do not correspond to the Domain server rebooting itself.
5- When things are locked, I generally have to reboot the NAS (sometimes twice) and it flushes itself out.

During ADS lock I can log in the Admin fine using the hostname address (https://mynas/admin). it's quick responsive, etc. So I assume it's registering the device name correctly in DNS, but is simply isn't accessing the domain security structure.

Thoughts?
I have read that creating a DNS record on the server for the ReadyNAS may help, assuming there is some sort of flushing / decaying of records . Is this a good idea?
I did wonder if I could do a scheduled power down and up on a Sunday night, just to see if this keeps things fresh?
I know I'm getting close to recommended 25 connections on the 314, but surely this would happen a lot of the time and presumably wouldn't be a problem first thing in the morning before anybody has logged in yet. Is there a way to display number of sessions that are active / dormant in SSH?

It works absolutely great for 99% of the time. Of course, the day I'm out the office meeting a client is the day it invariably goes wrong.

Any pointers or suggestions would be appreciated.
Kind regards,
Chris
Message 1 of 5

Accepted Solutions
chriswe5t
Aspirant

Re: AD and occasional lockout on shares

JUST AN UPDATE FOR ANYONE INTERESTED 🙂

 

I was performing some minor maintenance on the domain which basically entailed shutting down the backup secondary AD server.

I noticed that during this downtime the READYNAS locked me out of the shares despite the primary AD server still up and running. [As a reminder the Readynas was pointing to both primary for AD Sync and Time Sync and the secondary not even reference in the NAS admin]

 

From a server I typed in NET TIME and then I realised the the domain time was pulling from the secondary and not the primary DC.

 

As as short-term remedy (trial) I've pointrf the READYNAS to the secondary AD for both sync and time. So far it's held well and I think I might have stumbled across the answer.

I am by no-means an ADS guru but I need to understand how ADS roles differ and how a time drift can occur.

 

During a lock-out I'd even got the point of watching READYNAS time and Windows time and it seemed to be exactly the same. So not entirely sure how this might be the fix, but I suggest it an avenue to look at if anyone else is in a similar boat.

 

Cheers

Chris

 

View solution in original post

Message 2 of 5

All Replies
chriswe5t
Aspirant

Re: AD and occasional lockout on shares

JUST AN UPDATE FOR ANYONE INTERESTED 🙂

 

I was performing some minor maintenance on the domain which basically entailed shutting down the backup secondary AD server.

I noticed that during this downtime the READYNAS locked me out of the shares despite the primary AD server still up and running. [As a reminder the Readynas was pointing to both primary for AD Sync and Time Sync and the secondary not even reference in the NAS admin]

 

From a server I typed in NET TIME and then I realised the the domain time was pulling from the secondary and not the primary DC.

 

As as short-term remedy (trial) I've pointrf the READYNAS to the secondary AD for both sync and time. So far it's held well and I think I might have stumbled across the answer.

I am by no-means an ADS guru but I need to understand how ADS roles differ and how a time drift can occur.

 

During a lock-out I'd even got the point of watching READYNAS time and Windows time and it seemed to be exactly the same. So not entirely sure how this might be the fix, but I suggest it an avenue to look at if anyone else is in a similar boat.

 

Cheers

Chris

 

Message 2 of 5
mdgm-ntgr
NETGEAR Employee Retired

Re: AD and occasional lockout on shares

Yes, the time being out of sync is a common cause of AD issues. Checking the time is in sync is one of the first things to check if you are locked out from the shares on an AD joined NAS.

Message 3 of 5
chriswe5t
Aspirant

Re: AD and occasional lockout on shares

Just to add that i visually checked the time of the NAS to the domain many times. It seemed to be accurate to the second. However, the proof is in the pudding as is sometimes said and maybe even a slither of a drift in my case was able to knock it out.

Weirdly never been a problem with any other device or service I have in this network. Ah well.... 😉
Message 4 of 5
BrianL2
NETGEAR Employee Retired

Re: AD and occasional lockout on shares

Hi chriswe5t,

 

Hopefully it won't lock up again using your backup or secondary AD server. It seems that the you have isolated the issue. Please continue to monitor it.

 

Kind regards,

 

BrianL

NETGEAR Community

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 5253 views
  • 0 kudos
  • 3 in conversation
Announcements