I've bee trying for a while to get my FMC to talk to remote storage so I can place my backups and reports there. For some reason my FMC refuses to talk to any remote storage device I have. NFS, SMB (haven't tried SSH), neither work. I keep getting an error:
All passwords and usernames that I've tried are getting the error... Am I missing some kind of formatting here? I use domain\username format or username@domain format. I've also just used the username.
Can someone please shed some light on me here?
A TCP reset from the target host generally means it's not accepting connections on that port or protocol or else it restricts them to certain addresses (e.g. in Windows firewall).
You could try to mount the share as a network drive from another Windows PC as a test.
My working server is running Windows Server 2016 (all the latest updates applied) with Windows Firewall disabled.
Here's a screenshot of a Wireshark capture when it's working. As you can see in the decode, it's SMB2. SMB1 is insecure and deprecated and should NOT be enabled.
Thanks for your input here. SMB2 appears to be working fine when I mount the share from other PC's. It's only the FMC that is having trouble. Right now the FMC is only at v6.2.3. I plan on moving up to 220.127.116.11 soon. I wasn't able to connect to remote storage when it was at 6.2.2 either.
I already disabled SMB1, I just had it open for that last test. I also have the Windows firewall disabled.
Any other thoughts? I checked the access list in the FMC but that only seems to be for management access to the FMC using ports 22,443, and 161.
There was one resolved SMB bug in 18.104.22.168 and a couple in 22.214.171.124 and 126.96.36.199. None of them should affect the basic operations though.
Given that the Windows server is sending a TCP reset, I strongly suspect a domain policy on the Windows side. I'm not enough of a server admin to point you to the right setting though. You may find an event in the Event Viewer on the Windows server that shines more light on the issue.
Hi @Marvin Rhoads ,
I ended up raising a ticket with TAC. The engineer is saying that the FMC only supports SMB1. Does this sound right to you? He's recommending NFS or SSH since SMB isn't working. Like you said, these are basic functions. I already tried with SMB1 and that wouldn't connect either. It's got to be something else that I'm overlooking.
I don't usually contradict the TAC, but given that I have a packet capture showing SMB2 working between FMC and Windows Server 2016 I would say they are mistaken in this case.
If you can easily deploy a Windows Server 2016 instance in ESXi that's not joined to your domain, you might test with that. There are so many variables in an AD-joined Windows server that it's nearly impossible to guess which one might be preventing the successful mount.