NSS 4000 keeps dropping connections

Unanswered Question
Sep 17th, 2009
User Badges:

I have a nss 400 in place at a customers. The firmware is current. i t usually works fine, except that it drops connection and users can't get to the folders. They get a message that drive:x is not available and a semaphore timeout has occurred. the obnly way to get them back in is to reboot the nss 4000. The box is wired to a CE520 using etherchannel on two married ports.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Alejandro Gallego Thu, 09/17/2009 - 17:29
User Badges:
  • Cisco Employee,

Barry just a few questions for you,

is the NSS joined to an ADS domain?

do you have VLANs or is the the NSS on a separate network?

from your post sounds like you have mapped drives, did you map them via IP address or hostname?

clindoan Fri, 09/18/2009 - 16:56
User Badges:

Is your CE520 is a true switch that supporting 803.2ad ? I don't understand much about the CE520 switch setup to work with 802.3ad from the NSS. The NSS4000 when configured for 802.3ad, it supported to be load balancing to get better perfomance.  This setup will need the switch to setup properly so the data can transfer on both connection.

When you said, it maried two ports from the CE520, are they setup as bonding or redundance ? This also needs to verify.  Another way to make it works or varify is set the both ports on switch to trunk and change the NSS network setup to use normal / default setting.

Are you using Vista PC to access to NSS? If you are, there may be a security setup you need to check by lower or disable it to see it can keep the connection.

Hope that helps.  The attachment was help me with the setup but not why the connection was drop.

Barry Hunsinger Fri, 10/02/2009 - 10:46
User Badges:

the ce520 is setup using Cisco's Etherchannel and yes, it is in bonding mode.. It is supposed to be 802.3ad compliant. The nss4000 is setup for load balancing. I am going on-site Monday to change this configuration to "failover only" on the nss4000 and use two non-etherchannel ports on the ce520. I will see if this works better. They are using mapped drives on xp pc's, some were mapped using ipaddress and some using the device name.

Barry Hunsinger Wed, 10/07/2009 - 09:45
User Badges:

I went onsite on Monday and changed the configuration to "failover only". The problem seems to be related more to user connection counts. There are only 14 users in the entire company, but thwy have drives mapped to different shares on the nss 4000. The users could have as many as three mapped drives per user, so I think the nss is counting them seperately. I had a user that could not connect yesterday, and when I cut some users that were not present it started working. Shouldn't the system count users once and not multiple times?

clindoan Wed, 10/07/2009 - 10:16
User Badges:

Hi Barry,

   The NSS4000 unit is supported up to 16 concurrent users at a time.  Each user is based from the PC counts (connection),  not by the number of shares  accessing to the NAS.  There is another setup, in Shares => Propertie=> Advanced - Higher CIFS allocation, that allowed or rearrange the internal resources to supported much more concurrent connection. I am recommending this customer to change from Standard to Advanced setup to take advantage of this feature.

Answer: The system is count by connection. If a user account is using on multiple PC, it will counted as multiple connections. Some examples below:

Example: user1=barry; user2=cisco

1. PC1=> Barry made a CIFS connection (Count=1)

2. PC2=> Barry made a CIFS connection (Count=2)

Windows CIFS map drive method won't allowed  two accounts to map CIFS connection on same PC, therefore, in order for  "cisco"  to made a connection on PC1, Barry MUST disconnected first. In this scenario only 2 connections counted.

Example 2:

1. PC1=> Barry made a CIFS connection (Count=1)

2. PC2=> Barry made a CIFS connection (Count=2)

1. PC3=> Cisco made a CIFS connection (Count=3)

2. PC4=> Cisco made a CIFS connection (Count=4)

And so on....FTP is only allowed 2 connections maximum regardless number of PC counts.

Solution: Change from Standard ==> Advanced setup will resolved this problem. I don't remember the exactly maximum count for this setup (Advanced),  my notes indicated it goes up to 24 CIFS connections which is much better than the Standard setup.

Hope that helps.

Barry Hunsinger Wed, 10/21/2009 - 09:45
User Badges:

I tried all the above solutions. They are still having issues. I have attached today's log file for cifs shares. there are a lot of errors in it. they are only using cifs to connect and map drives.This is the current connection screen. there are 7 more users, but most can't connect.

allisonacer-allison7eb (
allisonacer-allison7eb (
barbaralenovo-barbara (
barbaralenovo-barbara (
donnaacer-b1908a895c (
donnaacer-b1908a895c (
franibmxp1-cron (
franibmxp1-cron (
franibmxp1-cron (
justinaibm-mike-new (
kathyacer-kmsb5b97eb (
maureenacer-7fd9a64054 (
seematimberline-srvr (
seematimberline-srvr (
Alejandro Gallego Wed, 10/21/2009 - 13:33
User Badges:
  • Cisco Employee,

Thank you for the error log that helps.

You have errors when creating users and also when the NSS needs to write to memory. Can you post a screenshot of User/Options settings under "Access > Options".

It seems to me that ID ranges are not correct. It also seems like the firware has been modifed to allow SSH. If that is the case the reason for all of these errors is becasuse the root password has been changed.

Barry Hunsinger Wed, 10/21/2009 - 14:24
User Badges:

I have never been into the command line on this box. I only use the admin login and that password has not changed in at least a year. I will also attach a new error log, I deleted the one today because it was a total of 47 MB. I have not added users in a while. I deleted and re-added a user last week to try and solve a connection problem. The firmaware is the one i installed from the Cisco website, unmodified. 

User/Group Settings
Local Users and Groups ID Range to
NIS Domain Users and Groups ID Range to
Windows Domain Users and Groups ID Range to
Home Directory LocationRAIDA - DATA
NFS Export Path/mnt/RAIDA/DATA/.autohome
Alejandro Gallego Wed, 10/21/2009 - 14:42
User Badges:
  • Cisco Employee,

Sorry if I came accross accusitory, is just that the logs are showing that the NSS is not able to write to /etc/conf. Also the users are not being bound to UIDs. Since the firmware has not been modified the only thing I would suggest is to default the unit and reload the firmware. If you decide to do this make sure that you install the firmware twice; back to back. This will ensure all of the old code is deleted.

Again the problem is with UIDs and SID binding. In otherwords the user names are not being found on the unit and the unit is not able to access the password data base.

If you need more assistance please do not hesitate to call me at our Small Business Support Center.  1.866.606.1866

Oct 21 14:27:02 NAS0018f8054d19 smbd[23004]:   ibmxp1-cron ( connect to service fran initially as user fran (uid=1004, gid=1002) (pid 23004)
Oct 21 14:27:02 NAS0018f8054d19 winbindd[20733]: [2009/10/21 14:27:02, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
Oct 21 14:27:02 NAS0018f8054d19 winbindd[20733]:   idmap uid range missing or invalid
Oct 21 14:27:02 NAS0018f8054d19 winbindd[20733]:   idmap will be unable to map foreign SIDs
Oct 21 14:27:02 NAS0018f8054d19 winbindd[20733]: [2009/10/21 14:27:02, 0] nsswitch/idmap.c:idmap_alloc_init(750)
Oct 21 14:27:02 NAS0018f8054d19 winbindd[20733]:   ERROR: Initialization failed for alloc backend, deferred!

Oct 21 14:28:41 NAS0018f8054d19 smbd[25824]:   hpzbpaula ( connect to service paula initially as user paula (uid=1003, gid=1002) (pid 25824)
Oct 21 14:28:42 NAS0018f8054d19 smbd[25824]: [2009/10/21 14:28:42, 1] smbd/service.c:make_connection_snum(1034)
Oct 21 14:28:42 NAS0018f8054d19 smbd[25824]:   hpzbpaula ( connect to service cmsi initially as user paula (uid=1003, gid=1002) (pid 25824)
Oct 21 14:29:12 NAS0018f8054d19 winbindd[20733]: [2009/10/21 14:29:12, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
Oct 21 14:29:12 NAS0018f8054d19 winbindd[20733]:   idmap uid range missing or invalid
Oct 21 14:29:12 NAS0018f8054d19 winbindd[20733]:   idmap will be unable to map foreign SIDs

Barry Hunsinger Wed, 10/21/2009 - 14:51
User Badges:
didn't take it as an accusation, I was just surprised that this happened. this  problem has been going on for a long time. when i flashed the firmware i only  did it once, because it was a long time ago. I will update the firmware again  and reboot and then update a second time to see if that correct it. If i default  the unit will I lose the partitions ad shares?

Alejandro Gallego Wed, 10/21/2009 - 15:19
User Badges:
  • Cisco Employee,

No you will not. You will all other settings but RAID configuration, volumes and shares will remain. After default it will ask you if you want to run through first time set up wizzard, you will choose "Cancel" to not enter the Wizard. If you do go through the wizzard you will loose all of your data.

Barry Hunsinger Thu, 10/22/2009 - 10:31
User Badges:

when I choose reset ALL configuration will I still have the user home directories?

Alejandro Gallego Thu, 10/22/2009 - 13:01
User Badges:
  • Cisco Employee,

Yes you will. As long as you create the EXACT same users or if you are on a Domain the same users are imported. All information that is written to the disks will remain even after a factory default.

The only time you will loose data is if you have a hardware failure or if you delete a Volume or RAID (shares included).


This Discussion