Video Screencast Help

Adding a Network Appliance filer to Symantec Data Insight considerations

Created: 11 Mar 2013 • Updated: 12 Mar 2013 | 4 comments
Language Translations
RodP's picture
+2 2 Votes
Login to vote

Prior to scanning the objects that reside upon a  Network Appliance (NetApp)  filer it must be added into the Symantec Data Insight (SDI) configuration. There are several considerations when performing the steps to add the NetApp filer.

Assumptions:

The instructions contained apply to version 3.0.1 and may change in the future.

The user must be able to mount a non-administrative share (Contains $) to pass the Scanner credentials test and we will discuss options if or when it fails.

The Administrator is using the console via a supported browser and has access with a pointing device.

The Administrator is moderately familiar with the application and terminology used within descriptions.

The Application interface contains regions where a description applies for example:

The tab Settings 

The left column is resizable but always present.

The current selection window has a title and choices for action.

 

We will discuss specifically the steps required to add a filer and introduce the issue of the Scanner credentials failing due to a lack of permissions for the chosen user to mount the first non-administrative share encountered as the user in the selected credentials with a complete unexpired password. The error encountered is typically an error 87 or error 1326.

 

Ensure you have a valid credential for the filer or add one to the SDI application.
Valid credentials can be configured in Active Directory Domain, On the Collector node or local to the NetApp filer but must be granted access on the NetApp filer to function. (See the Symantec Data Insight Administrator's Guide shipped with the product installation media on page 67)

 

Adding credentials to the selections available within the SDI application:

After having created the appropriate permission and granting the required access rights to the filer to allow the user to function, according to the requirements stated in the  Symantec Data Insight Administrator's Guide shipped with the product installation media on page 67, add the user credentials in to the application using the console.

Click settings from the tabs at the top of the console

The on the left panel select the Saved Credentials option under the Inventory

 

On the working window select the + Create saved credentials button

In the pop-up window enter the valid user and password data completing the information required to create a saved credential

 

After saving the new credential will be available for use

This must be completed prior to the use of the credential within the application at later configuration stages.

Note: Please ensure this user's password never expires and is not subsequently changed or there will be a failure to connect using the application to the configured devices and the credential will have to be modified using the  button.

To create a new filer the Admin adds a filer by clicking on the settings tab and choosing filers from the left panel

Hover over the + Add New Filer button and click the drop-down arrow

and select the correct filer from the drop-down

Then fill in the appropriate details for name resolution to the host from the SDI Collector Server.

Choose which Collector and which Indexer using the drop-down arrow and click to test the credentials

Successful test indicates the user and password are valid for this device.

Note: For Net App filers - HTTP port 80 (optional), standard RPC ports 139 and 445, and 2049 (TCP,UDP) and 111 (TCP,UDP) for NFS

Scroll down and test the scanner credentials

Clicking the Save button should result in a a new filer as the test is only cosmetic to see if you have access to mount a share with this user.

The SDI scans should proceed as expected unless there are other issues for access in the environment.

Note: If you experience an issue saving repeating the process without testing the scan credentials should allow the Admin to save the Filer.

 

Symantec Technical Support services should be consulted for any scan failures or issues that alert in the console after proper configuration.

Comments 4 CommentsJump to latest comment

blackjet's picture

Hi I have added new Netapps in DI console and provide shared and local admin privilege to my credential , still i am facing below issue.

Its failing test credential , with same credential i am able to scan other Netapps.

Please help , i have attached the screenshot.

 

 

 

 

DI issue.JPG
-1
Login to vote
RodP's picture

Blackjet, I am glad to hear you are using the product and am here to assist you so that you may do it successfully. Since the Error message itself lists mitigation steps I will proceed assuming those are already corrected or true and you need additional assistance.

The log quoted should hopefully point you to the missing capability of the role assigned for the user you have created. I see it appears to be a domain user so the useradmin command is different from user add in that you need to use domainuser add like so:

 

domainuser add <user_name> [options]
                    delete [options]
                    list [options]
                    load <filename>

when you have that user you need to use the role flag to add the roles containing the capabilities needed as listing in the Admin Guide.

From the message it appears you are missing the capability for login:

netappCaplogin.jpg

See the Symantec Data Insight Administrator's Guide shipped with the product installation media starting on page 67)

Usage:
    useradmin
            
              role  add <role_name> [options]
                    modify <role_name> [options]
                    delete <role_name> [options]
                    list [options]
       

Alternatively you could add the user to a group that already contains the appropriate capabilities like Administrators, Backup Operators, etc.

Usage:
    useradmin
              group add <group_name> [options]
                    modify <group_name> [options]
                    delete <group_name> [options]
                    list [options]
           

Filer> useradmin domainuser add haldomain\NetApp -g "Administrators"
SID = S-#-#-##-1<snip>
Domain User <haldomain\NetApp> successfully added to Administrators.

REF: pg 76

Ensure the user is added using

useradmin domainuser list -g Administrators

A list with the SIDs of the configured domain users appears. To resolve the
SIDs, run the following command:
cifs lookup SID

As well if that is completed you  potentially need to open the firewall:

Note: For Net App filers - HTTP port 80 (optional), standard RPC ports 139 and 445, and 2049 (TCP,UDP) and 111 (TCP,UDP) for NFS

 

To test you can simply use the NetApp console to test your user. It should work there and then it will not throw the message.

http://<FQDN of Filer>/na_admin/ and login with your user in the popup box

Additionally you should have created a policy in the filer to validate check with:

fpolicy show matpol
 

Please let us know if you continue to have issues after rectifying the connection and we can offer other assistance.

If you would rather have personalized attention please start a Symantec Support case where we can assist in debugging your NetApp logs and correcting your configuration of Symantec DataInsight (SDI) to function  as expected.

Rod

Note: FQDN = Fully Qualified Domain Name

_________________________________________________________________________________________________________________________

If you find the information useful and valid for your issue please vote it up and use it as a resolution to improve our co

-1
Login to vote
blackjet's picture

Thanks RodP for your helpfull suggestion.

I have already added in local admin and shared group privilege in Netapps.

I have raised a ticket with support to resolve the issue.

 

Thanks

Blackjet

 

-1
Login to vote
RodP's picture

Thanks Blackjet, that only leaves the firewall or issues with connection as this is the test button for the Filer administrator credentials vs Scanner credentials. You are in good hands with the Symantec Support team.
After they have provided a satisfactory resolution to you, lease post it back to the thread so we can close it out and assist others in our community.

 

Rod

_________________________________________________________________________________________________________________________

If you find the information useful and valid for your issue please vote it up and use it as a resolution to improve our co

-1
Login to vote