Troubleshoot Remote File System Configuration Issues for Secure Network Analytics Appliances.

Introduction

This document describes how to troubleshoot remote file system configuration issues for SNA (Secure Network Analytics) version 7.5.2 onwards.

Remote File System Configuration

Remote file system configuration is essential for creation of database backup in DDS (Distributed Database system) environment. It uses CIFS (Common Internet File Share) protocol also known as SMB (Server Message Block).

When SNA appliance initiates test connection with configured remote file system it performs series of steps before announcing "File sharing appears to be properly configured" message.

Successful SMB Test

• The client initiates a connection to the server (remote file directory) using TCP/IP over port 445.
• The CIFS protocol utilises NetBIOS for name resolution and session establishment when using port 139 or directly over TCP when using port 445.
• The client and server negotiate the protocol version to use. This ensures compatibility between the client and server.
• The server responds with a list of supported protocol dialects, and the client selects the most appropriate one.
• The client sends a session setup request, which includes authentication credentials.
• Authentication is performed using mechanisms ntlmv2.
• Upon successful authentication, the server establishes a session and assigns a unique session ID to the client.
• The client sends a tree connect request to access a specific shared resource.
• The server validates the request and provides a tree ID, which the client uses for subsequent operations on the resource.
• The client can now perform operations such as reading, writing, or modifying files on the shared resource.
• CIFS supports features like file locking and concurrent access to ensure data integrity.
• Once the client has completed its operations, it sends a log off request to terminate the session.
• The server releases the session ID and associated resources.

Procedure

A very common issue encounter while configuring remote file system for SNA devices is "Failed to mount" error.

To better understand what caused the issue, please proceed as follows:

Initiate Packet Capture

• Log in to SNA appliance CLI using sysadmin credentials. 
• Navigate to Advanced > Packet Capture
• Enter remote share IP address under Host IP Address, 445 as Port Filter, Minimum 60 sec, 100 as duration and packet respectively

Packet Capture from CLI

Configure and Test Remote File System

• Log in to SNA appliance UI and navigate to Configuration > Remote File System

Remote Share Configurations

• Click Apply and Test.

Download and Review Packet capture

• Wait for packet capture to stop or manually interrupt using CTRL-C.
• Navigate to SNA appliance UI > Support > Browse Files > tcpdump.

Common Error

Open the packet capture and apply filter ip.addr==ip_address_of_SNA && ip.addr==ip_address_of_remote_storage && tcp.port==445.

Packet Capture Filter

TCP Port 445 Block

No response for  multiple SYN packet initiated by SNA appliance along with TCP retransmission attempts towards remote file server IP address.

Port Block

Solution: Allow TCP/445 port communication between SNA appliance and Remote File Share directory/location from firewall.

Service Not Running

SNA device initiated SYN packet over TCP port 445 however SMB server respond with RST,ACK.

SMB service Not Running

Solution: Initialise SMB File Share on respective server

SMB Version 1/2/3 Disabled

TCP handshake completes successfully however SMB negotiation fails due to SMB version being disabled.

SMB Versions Disabled

Solution: Enable the appropriate SMB version on respective server.

Wrong Password for SMB Share

TCP handshake completes successfully along with SMB negotiation.

STATUS_LOGIN_FAILURE response from SMB File share server.

Solution: Enter correct password of login user.

Permission Issue

TCP handshake completes successfully along with SMB negotiation.

Login to File Share server succeeds successfully.

STATUS_BAD_NETWORK_NAME response from SMB file share server. 

Solution: Assign read/write permission to login user. 

Ungracefully Terminated Session

Database backup operation can be interrupted if remote file directory/location storage runs out.

SMB session is a loop of Close Request and Close Response.

Ungraceful SMB Session Teardown

Solution: Restart the SNA appliance.

If Further assistance is required investigating the issue , we encourage to create TAC case athttps://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html