Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running time

All questions pertaining to Windows Active Directory Service can go here
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://myds.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
GMD
I'm New!
I'm New!
Posts: 4
Joined: Wed Mar 08, 2017 7:16 am

Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running time

Postby GMD » Wed Mar 08, 2017 8:25 am

Already created “Synology Support Ticket: #1022038”

We have various problems with the connection to Active Directory after the update to DSM 6.1-15047.
Now we updated our DS1515+ to DSM 6.1-15047 Update 1...
Problems persists...

We observed missing AD Groups some time after 1-5h running time, after a reboot.
It is very curios, after a reboot the DS1515+ seems to work normal for a while.

The displayed groups are correctly for a while.
But after a while the AD groups and users changes to UNIX Groups and UNIX Users.

See:
Image

This causes errors with our software that uses the network shared folders.

Maybe the problem is not new, I found this. It is similar.
https://forum.synology.com/enu/viewtopic.php?t=42557

Synology please fix the problem ASAP.
DS1515+ is a certified product for Windows Server 2012r2.
This essential function seems be broken since the update.
We use the DS1515+ in our company and it disturbs now the production processes.


I have tried clearing the SMB cache, re-joining the domain, verifying the AD server.
The "Domain Status Check" mostly pass all steps on join the AD, and some tests fails on later following checks.
Rodeus
I'm New!
I'm New!
Posts: 2
Joined: Wed Mar 08, 2017 10:23 pm

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby Rodeus » Wed Mar 08, 2017 11:58 pm

Hi,
Thanks google for indexing this post within 2 hours of it's creation...

Ok so we have the same kind of error, our User Share's can no longer be written by our AD Users.
SBS2011 Standard, using a DS1812+ (DSM 6.1-15047 Update 1)

Public share still can be written, but when there are AD Groups or Ad Users involved the restriction is always not able to write.
Image

We have a Main User folder, (that users can traverse) and then each user has it's own personal folder (created by the AD properties, at the account creation)
Then the script map's our user shares and voila. But since the update, it's no longer working.

We have attempted to reset rights, change owner, create new group, new user, ... No way to write in these user folders.
Even Domain Admin can't

Synology Support please act fast this is a major bug for your corporate users !!
We manage about 17 NAS although our client locations... Thankfully have only updated one site.

Thanks,
MD
Rodeus
I'm New!
I'm New!
Posts: 2
Joined: Wed Mar 08, 2017 10:23 pm

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby Rodeus » Fri Mar 17, 2017 5:13 pm

Since there seems to be no reply or solution for this problem, I did opened a Synology support ticket #1030715
vfr800
I'm New!
I'm New!
Posts: 1
Joined: Mon Mar 20, 2017 9:19 pm

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby vfr800 » Mon Mar 20, 2017 9:41 pm

Hi

I'm having similar issues with 6.1. "No data" is listed under domain users/groups when I try to add a domain permission to a share.

Liam
orttauq
I'm New!
I'm New!
Posts: 5
Joined: Thu Sep 19, 2013 6:49 pm

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby orttauq » Mon Mar 20, 2017 10:39 pm

We are having this issue too and it is impacting operations now. Our backup applications can't authenticate to write files. We tried to create and use local user accounts to get around this but they fail too with "failed to load user data"

Control Panel | Domain/LDAP page gives a time out error after 4-5 hours after a reboot
Control Panel | User page gives "failed to load user data"

We are lucky at this point the our local admin account still works as well as our iSCSI LUN connections.
orttauq
I'm New!
I'm New!
Posts: 5
Joined: Thu Sep 19, 2013 6:49 pm

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby orttauq » Tue Mar 21, 2017 12:25 am

Opened case with Synology Support re: this issue. Also talked to Support and got no real long term solution other than "reboot it"
chriskel
I'm New!
I'm New!
Posts: 1
Joined: Fri Mar 24, 2017 3:55 am

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby chriskel » Fri Mar 24, 2017 4:01 am

Just updated to the latest version along with Update 1 and now have AD connections as well. Adding new AD users to directories is no longer possible and those assigned writes via AD can no longer access their directories. Can we get some help here? :oops: :oops:
User avatar
jjb2
Enlightened
Enlightened
Posts: 415
Joined: Fri Feb 21, 2014 1:19 pm

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby jjb2 » Fri Mar 24, 2017 12:49 pm

I believe update 2 released the other day has fixes for AD issues listed in its release notes. You might want to search the forums for the link and check it. Of course it could create other problems if you apply it but if you are so inclined and are desperate for a fix it's something to consider.
RS810+ RS810RP+ RS812+ RS812RP+ RS814+ RS814RP+ RS815+ RS815RP+ RS2212+ RS2212RP+ RS2416+ RS2416+ RS3614XS RS3614RPXS RS3617XS, | DSM4 DSM5, DSM6 | Raid 1, Raid 5, Raid 6, Raid 10, Raid 50 | CMS, HA, HYPER Backup, iScsi, Mail Server, Mail Station, SSD, VPN, Web Hosting | Petabytes of storage with 2TB, 3TB, 4TB, 5TB, 6TB, 8TB, 10TB disks | RT1900ac, RT2600ac
GMD
I'm New!
I'm New!
Posts: 4
Joined: Wed Mar 08, 2017 7:16 am

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby GMD » Mon Mar 27, 2017 7:36 am

Version: 6.1-15047-2 NOT FIXES our actual problems.
The same problem after the weekend....

"SMB-Cache löschen" / "Flusch SMB Cache" from the SMB settings menu fixes the Users and Groups for a while again...

My older DS215J is connected to the same AD and working without any problems!

See:
Image

and

Image
GMD
I'm New!
I'm New!
Posts: 4
Joined: Wed Mar 08, 2017 7:16 am

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby GMD » Mon Mar 27, 2017 7:46 am

jjb2 wrote:I believe update 2 released the other day has fixes for AD issues listed in its release notes. You might want to search the forums for the link and check it. Of course it could create other problems if you apply it but if you are so inclined and are desperate for a fix it's something to consider.


Did you mean a new not released version?

Or the already released?

Version: 6.1-15047-2

(2017/03/22)
Fixed Issues
Fixed an issue where a high-availability cluster might unexpectedly switch over when the active server is busy.
Fixed an issue where SHA alternatively displays the message of availability/unavailability due to false alarm.
Fixed an issue where DSM cannot be joined into Windows AD domains after upgrading to version 6.1.
Fixed an issue where domain users cannot be edited on DSM after enabling Windows AD services.
Fixed an issue where LDAP users could fail to access files via the SMB protocol.
Fixed the compatibility issue of VMware with some file LUNs created on DSM 6.0 Beta.
Fixed an issue where an encrypted shared folder cannot be decrypted when the encryption key is set to maximum length.
Enhanced the stability of the iSCSI service.
Fixed an issue where Auto Block might fail to block addresses when the Allow List is set as an IP range.
Fixed an incorrect volume display on some models where RAID Groups are supported and SHR has been enabled.
Fixed an issue where Microsoft Office and Adobe documents cannot be opened on Windows after being accessed on macOS via the AFP protocol.
Improved the write performance of fragmented Btrfs volumes.
Added Seagate IronWolf Health Management (IHM) support on Broadwell-DE models.
Fixed the compatibility issue of WD WD8001FFWX with the DX1215 expansion unit.
User avatar
jjb2
Enlightened
Enlightened
Posts: 415
Joined: Fri Feb 21, 2014 1:19 pm

Re: Active Directory Bugs after update to DSM 6.1-15047 Update 1, AD Groups missing or not correct after some running ti

Postby jjb2 » Mon Mar 27, 2017 11:32 am

The already released Update 2 - there isn't another I am aware of "yet"



GMD wrote:
jjb2 wrote:I believe update 2 released the other day has fixes for AD issues listed in its release notes. You might want to search the forums for the link and check it. Of course it could create other problems if you apply it but if you are so inclined and are desperate for a fix it's something to consider.


Did you mean a new not released version?

Or the already released?

Version: 6.1-15047-2

(2017/03/22)
Fixed Issues
Fixed an issue where a high-availability cluster might unexpectedly switch over when the active server is busy.
Fixed an issue where SHA alternatively displays the message of availability/unavailability due to false alarm.
Fixed an issue where DSM cannot be joined into Windows AD domains after upgrading to version 6.1.
Fixed an issue where domain users cannot be edited on DSM after enabling Windows AD services.
Fixed an issue where LDAP users could fail to access files via the SMB protocol.
Fixed the compatibility issue of VMware with some file LUNs created on DSM 6.0 Beta.
Fixed an issue where an encrypted shared folder cannot be decrypted when the encryption key is set to maximum length.
Enhanced the stability of the iSCSI service.
Fixed an issue where Auto Block might fail to block addresses when the Allow List is set as an IP range.
Fixed an incorrect volume display on some models where RAID Groups are supported and SHR has been enabled.
Fixed an issue where Microsoft Office and Adobe documents cannot be opened on Windows after being accessed on macOS via the AFP protocol.
Improved the write performance of fragmented Btrfs volumes.
Added Seagate IronWolf Health Management (IHM) support on Broadwell-DE models.
Fixed the compatibility issue of WD WD8001FFWX with the DX1215 expansion unit.
RS810+ RS810RP+ RS812+ RS812RP+ RS814+ RS814RP+ RS815+ RS815RP+ RS2212+ RS2212RP+ RS2416+ RS2416+ RS3614XS RS3614RPXS RS3617XS, | DSM4 DSM5, DSM6 | Raid 1, Raid 5, Raid 6, Raid 10, Raid 50 | CMS, HA, HYPER Backup, iScsi, Mail Server, Mail Station, SSD, VPN, Web Hosting | Petabytes of storage with 2TB, 3TB, 4TB, 5TB, 6TB, 8TB, 10TB disks | RT1900ac, RT2600ac

Return to “Windows AD Domain”

Who is online

Users browsing this forum: No registered users and 2 guests