EMC Celerra NAS Device Issue

We are currently in the pilot phase of a migration and we seem to be having some issues around the NAS head devices which are EMC Celerra.  The users are not able to access their file share post migration getting an access denied message.  We are currently using QMMAD 8.8 and migrating SIDHistory.  We have not processed the NAS heads yet we were hoping to use SIDHistory.  Has anyone seen any issues that we should be aware of with the EMC Celerra devices.

Thanks,

Ray

Parents
  • Does the destination domain have 2012 domain controllers?

    If so you could be having an issue with some of the enhancements in 2012, specifically the SID compression functionality. See the interoperability notes in the “KDC Resource SID Compression” section of the below:

    blogs.technet.com/.../maxtokensize-and-windows-8-and-windows-server-2012.aspx

    Essentially 2012 will try to compress the SID’s in the token, including the Domain(s) SIDs, and then only the RID(s) into the token to work around token bloat and the max token size issues that may have been seen in previous versions. I believe many of the NAS vendors have not yet updated their underlying authentication mechanisms to accommodate for this. The article details how you can disable this.

    You may want to open a ticket with EMC to confirm, however I would suspect this may be the issue you are seeing.

Reply
  • Does the destination domain have 2012 domain controllers?

    If so you could be having an issue with some of the enhancements in 2012, specifically the SID compression functionality. See the interoperability notes in the “KDC Resource SID Compression” section of the below:

    blogs.technet.com/.../maxtokensize-and-windows-8-and-windows-server-2012.aspx

    Essentially 2012 will try to compress the SID’s in the token, including the Domain(s) SIDs, and then only the RID(s) into the token to work around token bloat and the max token size issues that may have been seen in previous versions. I believe many of the NAS vendors have not yet updated their underlying authentication mechanisms to accommodate for this. The article details how you can disable this.

    You may want to open a ticket with EMC to confirm, however I would suspect this may be the issue you are seeing.

Children
No Data