I’ve got 2 x DL4100 and 1 x DL2100 that I’ve just joined to my Windows 2012 R2 domain. They join the domain just fine, however I can’t access any shares on them unless I use local admin credentials for the WD unit or an account on the WD unit. I’ve enabled the domain admin account full access to shares on the box along with my normal user account, but still it fails. When I attempt to access shares on the WD DL unit, I get continuous prompts for username/password credentials. I have verified they are domain joined correctly because I can see the users and groups from my domain in the various sections of the WD console. I’ve done a factory reset on two of the units with no change. I’ve tried LLTD on and off. I’ve tried SMB2 and SMB3. Basically - I can’t see a way to make this work. I know during beta of the WD DL4100 - it worked, but now it’s not working. Is anyone else using these like this?
Hi SBSfaq
please take a look into the DNS Server settings in your domain, normally located on your PDC Primary Domain Controller. SCroll down to the “Reverse Lookup Zone” of your doamin and check, if the DLs are listed there. If not, create the PTR record for them. In most cases, the A-Record in Forward Lookup Zone is set correct but the PTR in Reverse Lookup is missing. All kind of Linux devices must have a PTR record present but Active Directory almost doesn’t set it as it assumes that all AD clients support NetBEUI. This should solve your issue.
It will open public share just not shares with domain user access.
This is why I like Windows Servers for Windows networks.
Thanks for the tip. No - I didn’t have PTR records in there. I do now and even after a reboot of the DL, I still have the same problem.
Any other thoughts please?
take a look at the time settings. The My Cloud has to have the same time settings as your domain. Time difference must be within 5 minutes difference between NAS and DC, otherwise NAS will be placed in Quarantine. Best is to use the DC as time server - if activated. Otherwise use the same NTP and check the time zone settings on the DLs too.
Other possibility: open the computer management on your DC and check, if the My Cloud devices are flag as “trusted relationship”. If not, flag them as “trusted relationship”. Background: Samba server within an Active Directory domain acts as “Backup Domain Controller” to get the copy of your existing users. In some setups of Windows Server, you may need to activate the trusted relationship for the NAS to enable this copy. Normally, no client PC need a copy or is allowed to ask for the copy of the user accounts. Only NAS will do and need this copy as they have to have the domain users available in their own access rights management console.
Summary: check the time settings on the NAS and check the “trusted relationship” in computer management of your DC.
Hi Joerg,
Thanks for your help. I already had my time sync with my main DC and they were within 5 minutes of each other.
By Trusted relationship, I’m assuming you men Delegation - in which case I tried setting it to “Trust this computer for delegation to any service (Kerberos only)”
After I set this setting, I ensured my two DCs were in sync, rebooted one of my NAS’s (I’m using the DL2100 for testing this at the moment) and then tried again.
Unfortunately it still failed. Are there more advanced logs that I might get access too in order to better understand the situation?
Hi SBSfaq
sorry, of course “trusted for delegation”, I didn’t remember the correct wording.
Sounds like you have a domain forest if you ahve more than one DC, right? What acoount have you used to join the domain? You need to join with an account having adminstrative rights in the domain but you don’t need / should not use the domain “Administrator” to join.
Related to your nickname: is it a normal 2012 R2 or is it a Small Business Server?
His nickname has nothing to do with his current server, that’s from 20 years ago and it was for Small Business Server. 
It does not work for me either. There are no forest (Mine only has one DC and it is server 2016) and the admin name is not Administrator
Hi Joerg,
As Gramps said - I’ve been dealing with SBS since it was born - hence the SBSfaq tag.
The Primary DC is a WD DS6100 running Windows Server 2012 R2 Essentials. I have a second Domain controller which is also in the domain. There is only a single forest/domain as this is all Essentials permits.
Whilst you can use any account to add computers domains, I have used my administrator account to add this to the domain. I have tried using both THE Administrator account as well as another Domain Admin account.
Thanks for your persistence with this - I’m surprised others are not seeing the same issues
Wayne
Hi Joerg,
Any further thoughts on this? Keen to get this function working - right now I’ve had to open the shares to public in order to use these units in production which is far less than ideal.
Wayne
Hi, I have DL4100 with latest firmware installed and I encountered the same problem, I cannot access any shares from my domain users. I tried everything I could find about this problem, but nothing worked. Any solutions or new ideas how to solve it?
I have the same problem!
Hi SBSfaq,
Did you received an answered to the issue with DL4100 and AD?
I had similar situation and the issue was related that all the groups from AD recognized at the dashboard was not set as “Red/Write”. Once all groups were turned on user gain access immediately. Just wondering if you have the issue resolved.
Solved similar issues within Spiceworks by activating the “Trusted for Delegation” option in Computer Management.
The Samba server of the My Cloud (and all other NAS) uses the “Backup Domain Controller” identification during Domain Join. This is needed to get a copy of all existing AD users with their passowrds for the authentication.
After enabling the “Trusted for Delegation”, the Domain Join successfully passed.
The PTR Record in Reverse Lookup Forest and the correct time settings are realted to this too.
All three settings have to be present, then the join is successfull.
I still don’t have mine working… do I need to call for support rather than use the forums? Please advise Joerg?
WD does not really help much in here. Sometimes you may get a faster fix here, but you probably be best off contacting support directly.
No one here knows you just had a birthday 
Hehe - thanks Gramps!
It’s sad that WD don’t have much involvement here, I can see that it would be awesome for people to get good support from them via this avenue!
Wayne
Hi SBSfaq
there is pretty less where we can help as the main issues are related to the Windows Setup, not to the My Cloud.
What I showed above (PTR Record, “Trusted for Delegation”, time settings) always solved any issue with domain join.
Similar postings are available in other forums like Spiceworks where the same approach fixed it.
No clue why it’s not working in your individual environment.
The DL is joined to the domain. The issue is with the shares
Maybe I am still too damaged from a week at CeBIT. Did I missed something here?
