TL;DR: QNAP’s support is horrible for the hardware that is garbage running software that is garbage and insecure.
Most important security issue: The root password for all QES appliances up to (but not including) version 2.1.1 build 20200525 is ‘qnapsupport’. They won’t give it to you. You cannot change it. Not fucking kidding. We reported it. They eventually fixed it after we griped enough. They still haven’t disclosed it and at this point I don’t care.)
Here is the saga of my experience with QNAP’s hardware and support in a semi-enterprise data-hoarding environment.
About a year ago we purchased a TDS-16489U R2 (“the NAS”) from QNAP. We purchased it because it was compatible with QNAP Enterprise Software (“QES”). QES uses BSD and ZFS and offers a more ‘enterprise’ feel. Immediately there were problems.
Out of the box the system had failing hardware. The memory was throwing uncorrectable ECC errors into the SMC. QNAP support was less than helpful. It took 3 days of back and forward to get them to replace the device. Even after showing them screenshots from the SMC they wanted to try other stuff. QNAP also doesn’t do advanced replacement. Luckily we were still in the phase of deploying the hardware so not a big deal.
Our replacement chassis was an adjacent serial number to ours, this will be important later.
All complaints in this post were communicated to QNAP.
Immediate limitations and issues we noticed (ranked by biggest pile of horse shit to least, skip to end of list for continuation of story):
– Falsely advertised iKVM support. QNAP claims the iKVM won’t work with QES but will work with QTS. At the time we bought it the exception was NOT on their website. WE are the reason they put it there. This is complete and total bullshit and nonsense. iKVM runs on the BMC controller and has nothing to do with the operating system. The problems are twofold. One, it’s using a DEFAULT self-signed certificate FROM THE iKVM CHIP MAKER for the iKVM and it is trying to transmit a .jnlp file that’s not as big as what the ‘Content-Length’ header indicates. QNAP’s only statement is that the iKVM won’t work with QES. They won’t even try and fix it. It’s clear their engineers and developers have no idea how a BMC works.
– IPMI Web interface doesn’t have strong ciphers enabled and has NULL cipher (means shit is transmitted in plaintext) enabled. the IPMI Web interface doesn’t use ciphers compatible with modern browsers. Oh yeah they also have the NULL cipher enabled. Communicated this to them. Was never fixed. They want me to be their monkey to test builds on MY HARDWARE.
– IPMI Constantly logging temperature / RPM problems. We constantly would get alerts for every single drive, every single fan, every single temperature sensors that they were out of range. QNAP attempted a fix. Couldn’t fix it. We gave up caring. Again they wanted me to be their test monkey. (Oh yeah they wanted me to download the software from a fucking unbranded dropbox link… that’s not sketchy AT ALL)
– Cannot create a raidz2 (RAID6) device with more than 10 devices using the GUI.In fact they had a blog post showing them creating raidz2 with 16 devices). This is an arbitrary limit that QNAP introduced. In fact they had advertising material posted (https://www.qnap.com/en/how-to/tutorial/article/use-qnap-qes-series-to-build-a-large-capacity-storage-system/) that made us believe this limit doesn’t exist. They STILL have the fucking thing up even after I pointed out they made it impossible for that scenario to occur.
– Cannot Service bind per IP address. You can only service bind per physical interface. So if you have multiple VLANs on a single interface, it’s all or nothing. So much for disabling services you don’t want exposed on a certain subnet. (Still doesn’t exist)
– Cannot disable IPV4 on an interface like you can IPV6 (Still doesn’t exist)
– Cannot set MTU on a trunked interface. (Still doesn’t exist)
– No SMB multichannel support. (Still doesn’t exist)
So at this point we gave up on some of this realizing we’ll never get the features. QNAP’s support is horrible and slow. Now we come to our first upgrade. QNAP releases 2.1.0 of QES and we notice some bugfixes are in it that could apply to some things we see. We apply the update. As a result, we can’t edit SMB shares anymore? We just get an error. Turns out they added a new option to the SMB shares without setting a default value, so the UI would glitch out. How in the hell did this upgrade get past QA? By my own troubleshooting I figured the new field would get set if I edited it in the CLI so I did. Then the GUI started working. You’re welcome QNAP for fixing YOUR problem for YOU.
Skip forward about 3-4 months, we now decide to stick a cache in the server. We buy QNAP’s card for shoving 4 NVMe drives into a single PCI-E x16 slot. It does not use bifurcation, it uses a PCI-E switch onboard the hardware. It was confirmed compatible by QNAP’s compatibility matrix. It doesn’t work. It sees only one drive because their code is looking for the drives in the wrong places. BSD sees it just fine. So, another falsely advertised feature/compatibility item. How in the fuck did THIS make it past QA? Do they not test ANYTHING before shipping it!?
When I was digging around troubleshooting that issue, I noticed we were getting Machine Check Exceptions (MCEs). In BSD they call them MCAs. I start digging back, oh these have been here since we stood it up… Why is the IPMI not showing them? Well… probably because the IPMI is shit. Why is QES not noticing them? Probably because QES is shit. These were showing single bit ECC errors. At the same memory address once or twice a day (sometimes more and in no specific interval) So great, two appliances with memory issues. Remember how I said the serial number would be important? Yeah. Two appliances with memory issues with adjacent serials screams engineering defect, QA error, and/or manufacturer defect.
It’s been a week since I’ve brought up those last two issues and QNAP is absolutely fucking clueless.
At this point we’ve demanded they authorize our reseller to give us a full return and refund. We’re done. We’ve already prepped other things to do if they don’t cooperate.
Edit: I forgot the latest issue. A drive failed and we were unable to get the chassis to detect the replacement drive. We had to power cycle the chassis. The SAS expander had locked out the slot due to communication failure counts. What’s the point of hot-swap if it doesn’t work right?