Synology and Active Directory - "no logon servers available"
When you receive the 'No logon servers available' it means that your DC controlling Active Directory cannot be found. Make sure that your DC is visible on the Network and that you reboot both the DC and the Synology box. The DC needs to be rebooted before the Synology reboots, otherwise it won't refresh on the network to see the change that appears.
If this fails, check your physical connections and obviously issue a ping and see if it gets to it. If that fails, check the security across the shares and also check the credentials you are using to access the shares.
The problem you do when you restart your DCs is you are not permitting the refresh to occur and thus the backup won't see it until it is last in the restart chain, so to speak. Usually you wouldn't reboot the DC unless absolutely necessary.
Related videos on Youtube
07 : 17
23 : 49
05 : 40
18 : 21
11 : 43
Comments
-
Nathan C almost 2 years
I have a Synology Diskstation DS412+ here configured for Active Directory authentication on the shared folders. I have a shared folder that our backup software writes backups to (so, CIFS).
This all works fine on a normal day-to-day basis. The backup software uses a dedicated user account and everything just works.
However, on a monthly basis I patch and restart our domain controllers. Only one at a time is rebooted to maintain Active Directory and not cause interruptions. As a side-effect of all this, when the backup software accesses the folder next, it gets the error
There are no logon servers available to service the logon requestand fails. When I access the UNC path, I also get the same message. When I reboot the NAS, service returns to normal.My question is, how do I fix it so this error doesn't occur to begin with? Rebooting is not the best solution as it causes downtime in our cluster services which we're working on moving more on to.
Edit: even stranger, my admin session (which is using my AD user) works fine.
-
charlesbridge almost 10 yearsCheck the time on the NAS at the next occurrence, could be the clocks fall out of sync after the reboot and kerberos is failing.
-
charlesbridge almost 10 yearsMaybe.... if the NAS is using NTP and the DCs are using default NT5DS? It could cause that issue. Won't hurt to keep an eye on it.
-
Rhys Evans almost 10 yearsSilly and simple questions and yet .. but are the DNS settings on the Synology pointing to the DC? Has the DC got a static IP?
-
Nathan C almost 10 years@Aceth Yes and yes. It can contact the DC as I'm able to update user/group lists via AD before rebooting...just authentication doesn't work it seems.
-
Rhys Evans almost 10 yearsvery strange! Try installing Wireshark on the DC to see what's going on perhaps
-
sardean almost 10 yearsIs the Synology fully patched? I believe I saw an issue like this on an early release of the DSM 5.
-
Nathan C almost 10 years@dean Yep. It wants 5.0-4493 Update 3, but otherwise up-to-date. Curiously it didn't happen when the PDC rebooted unexpectedly last week...
-
ericx almost 10 yearsAre you overwhelming your domain controller's license count? Programs like Symantec Backup use 2 connections simultaneously and it's surprisingly easy to exceed your seat-count especially if everyone's backup runs at roughly the same time. -
HopelessN00b almost 10 years@ericx Um... what?
-
ericx almost 10 yearsYour ActiveDirectory server is running off a Microsoft Windows Server of some flavor, yes? Microsoft has upper limits on the number of connections allowed to that machine. That count is maintained in, I think, two ways. One is an absolute count, the second is a count of simultaneous connections. This is the primary difference between (for example) XP and Server 2003. XP only allows 5? (I forget) and basic 2003 allows 25. This varies on the server side according to how many CAL you have purchased. If you exceed that number, the authentication will be blocked.
-
Nathan C almost 10 years@ericx Last I checked, AD doesn't require CALs. It's not the problem.
-
ericx almost 10 years@NathanC Believe me, I wouldn't touch Windows AD unless a lot of money was on the table; but doesn't the licensing depend on the version of the server? Of course, I guess it's the Synology that is actually keeping count? Isn't it still the case that if enough work stations are awake and logged in, that the server will refuse? Isn't it work a look at the active count?
-
Nathan C almost 10 years@ericx AD does not depend on licensing. All you need is a Windows Server license for whatever flavor you want, and that's it. You can have 10 or 10000 machines talking to AD...it doesn't care.
-
Giovanni Tirloni almost 10 yearsIt really depends on how Synology is implementing the AD protocols. When you reboot your DC, all Windows desktops work just fine, right? I bet they do. Synology is probably not using the correct DNS server or ignoring all the hidden AD-specific DNS entries to find secondary DCs and use those. My guess it's stuck using the single DC it found. So many 3rd-party application/devices do this that it's always my first guess. Wireshark the DNS requests Synology is making and you'll be sure.
-
-
Nathan C almost 10 yearsTell Microsoft to make less buggy software that doesn't need to be updated every month and the DC will never be rebooted, hah.
-
Proxy almost 10 yearsIndeed, but as you stated, when you reboot the NAS it works, so the logon server is available only when it is ahead of the NAS in the restart chain. If you are being forced into restarting your DC every month, and you absolutely have to, then as far as I am aware, there is no workaround by Microsoft for this, as this is an issue since Windows Server 2003. Ultimately, I hope I gave a suitable answer to your question. :)
