Troubleshooting failed SMB connections from DCs

Hi all, I’m new to this forum and was hoping to pick your collective brains on a strange issue that I am having.

I have a Drobo-FS that was installed back in September, its purpose in life is to act as a dumping ground for our ShadowProtect backups of the servers.

All was working well until the second week in November, when two of the servers started failing to backup. They were no longer able to access any network share on the device! When I manually tried to connect (via IP or DNS name or NetBIOS name) I receive the following error: “The specified network name is no longer available”.

I can ping the device (by DNS name/IP/NB name etc), and one of the servers runs the Drobo Dashboard and is able to find/manage the device (it just cannot map to the shares).

The servers in question are the two domain controllers for this network, one being 2008 Standard and the other 2003. Both are fully updated, and I do not have this problem from any other server, no matter the version.

I have done a TON of troubleshooting and my dead end usually ends up being to work in the Samba configs and/or to check the smb.log. I installed DropBear and SSH’d to the Drobo so I could check the smb.log but it seems to be quite lacking, even when I put the logging from 0 to 3. The configs seem to be pretty customized and I’m not sure what changes I can make without nuking this thing.

Does anybody here have any experience with the Samba server on these things, or perhaps has seen this issue before? I am open to any suggestions, and purposefully am leaving out much of my troubleshooting just to see what ideas pop up.

Help me Drobospace.com, you’re my only hope!

So it sounds like something about being a domain controller (and possibly recent updates) changes the SMB settings so they’re incompatible with the FS.

But IIRC 2k3 and forward, every server is a backup DC, unless it’s not in the domain.

Are the other server instances you tested also part of the same domain?

Can you check to see if there are any phantom shares/mounts left over (NET USE or the newer equivalent that I can’t remember ATM)?

Do you know if the machines are using SMB v1 or SMB v2?

Thanks for the reply. I agree about the something part :slight_smile:

Every Windows server I am working with is part of this same domain.

Nothing was ever technically mounted on the servers, I always use the UNC path for my backup software.

I have tried using both SMB v1 and v2, same results :frowning:

Are the different servers all logged in and accessing the FS with the same credentials?

I’m puzzled…

The FS has a ‘backups’ share, a ‘public’ share and then the ‘doboapps’ share. The ‘backups’ share has a username and password that the servers’ backup software uses to access that folder. All three of those shares are accessible to all other servers/PC, just not to the two DCs in question.

So not even the public share works on the two DCs? Really weird…

Do the DCs have multiple NICs?
Adapter protocol bindings okay?
DCs have a role assigned that allows file sharing?
Normal file-sharing to other PCs works OK for the two DCs?

Sorry for the punchlist, I’m really grasping at straws here.

I appreciate it, I am hoping you think up a straw that I have left unturned so far lol.

They have multiple NICs but only one in use for each.
Protocol bindings all good.
I can access file shares presented by these servers from other PCs/servers
I can access file shares presented by other servers from these servers.

It definitely sounds as though SMB isn’t currently working on the DroboFS. If it isn’t at firmware 2.1.2 already, update it through Dashboard. If the firmware is already at 2.1.2, try manually re-installing the firmware. If the DroboFS still isn’t accessible, please open a support ticket with a diagnostic file attached.

Thanks for the reply, Sky.

The firmware has been at the most recent version every time I troublehooted this issue (I have upgraded it two or three times in the course of all this).

I have already worked with Drobo Support on the matter and, after performing some troubleshooting (changing GPOs for SMB version and security signing/passwords etc) they concluded it must be the Windows servers. Per my request they were gracious enough to send me a replacement unit just to see if the problem went away, but even with a brand new replacement unit (fully updated) this exact problem persisted.

I then shipped back the unit they sent and took a break from the issue. I picked back up on it last week and, after updating the Drobo-FS firmware again, still had no luck.

I called support again and asked if they could get me root access into the box and they directed me to both Drobo Apps and to this forum. My hope was to find the smoking gun within the smb.log files but I am not seeing anything helpful. The logs seem a bit different than Samba running on Ubuntu.

Are you able to provide any insight as to how to best troubleshoot Samba on these guys? I’ve tried troubleshooting the SMB connection with packet captures and nothing stood out (working connects work vs these two servers just seem to stop communicating at some point in the SMB session), but I am not super privy to the working of the protocol.

The best I can describe from the packet captures is that connections from the affected servers stop after SMBtconX (REPLY) from Drobo to Server, vs working connections which progress through the protocol ( SMBntcreateX -> SMBwriteX -> SMBreadX -> SMBtrans -> SMBclose ).

Both working and none working connections make a TCP connection and begin to negotiate an SMB session, but the DCs sadly just stop and throw that error to me.

Wow… it almost sounds like very funky (and specific) firewall or packet-filtering.

Can you SSH into the Drobo FS and ping/FTP the DC’s?

Reminds me a bit of an old issue I had with Symantec Endpoint Protection flagging my large file transfer as DoS attacks and temporarily banning the client.

I’m wondering if there’s something “special” the DCs are looking for to identify the server (of the share) that it’s finding find on other Windows machines, but for whatever reason isn’t finding on the Drobo FS.

Can you try accessing a share on an Ubuntu or other *nix box?

You are right, I used to manage Check Point firewalls and the IPS software on those would sometimes do EXACTLY this type of thing. However, there is no network firewall between them, they’re on the same subnet on the same switch, and I completely uninstalled the Symantec AV from one of them to test if that was causing issue and it did not help.

I can browse to it using dolphin from my 'buntu box, over a VPN, through the woods to the \ip.addr.of.drobo\backups share we go without issue.

I can SSH/Ping/manage via dashboard from those affected Servers. The only anomaly is that SMB sessions terminate prematurely.

Wow… Okay, I’m totally stumped. Will check back in if I come up with any other (crazy or not-so-crazy) ideas.

You mentioned that both the Drobo and the servers are on the same subnet attached to the same switch, but what do the SMB bindings on the server NICs look like? You mentioned that you have multiple NICs in the servers?

I nearly went mad troubleshooting a problem with multi-homed SMB back in my data center days and eventually resolved it by binding SMB to only one NIC per machine per subnet.

See if this helps at all.

Good luck.

BTW- Ah, Check Point FW-1! I used to admin that on Sparc boxes running StoneBeat. Is Check Point still around?

I just hopped onto both servers and, though they do physically have multiple NICs installed, only one is linked and IP’d on each server.

I did notice that both servers are using Local Area Connection 2.

I don’t know much about “SMB bindings” on windows server. I’m not the best windows admin…probably not even fifth best…but here I am trying to pretend sigh.

I googled how to check network bindings and found to hit ALT+N to get to advanced settings. I did this and I unchecked everything for the unused interface. Is this what you were looking for me to do?

Anyhow, I did what I said above and still no luck.

найти работу в луховицах работа в банке сбер народные промыслы вакансии клиент в социальной работе ищу работу в бийске
владимир вахта работа как заработать 20000
завод в мытищах работа вакансии увд саратова вакансии трк столица ижевск стихи переделанные про работу ооо матрица вакансии юрисконсульт по договорной работе

Oh yeah, CP is still quite strong and have come a LONG way since FW-1. They now run their own “SecurePlatform” (SPLAT) Linux OS and it is quite a breeze to operate/manage.