Troubleshooting Services for Network File System
Applies To: Windows Server 2008 R2
This section lists a few common issues you might encounter when working with Services for Network File System (NFS).
For more information about Services for NFS, see the Windows Server TechCenter (https://go.microsoft.com/fwlink/?LinkId=92798).
Despite appearing to have appropriate permissions, the user cannot access folder or file
Authenticated users cannot access Network File System resources
Users, including properly mapped users, cannot change the current directory to a shared directory or create files in the directory, even though anonymous access to the directory is allowed
All files created on Server for NFS are owned by Anonymous
Files created by a new user are owned by Anonymous
A user cannot write to a file
Users of Japanese UNIX systems cannot view file names in Japanese
Server for NFS configuration settings are not replicated across nodes in a server cluster
Server for NFS fails to stop on a server cluster
An NFS shared network resource on a server cluster node fails to come online
Creating or modifying an NFS shared resource fails with the error: The share path specified does not exist, or you are trying to modify the properties of an online shared resource
User Name Mapping is properly configured, but users are not being mapped correctly
A group containing an NFS shared resource fails to come online on a particular cluster server node
The showmount –e command for a virtual server lists all shared resources on the node rather than those in the same group as the virtual server
The root user is not granted proper permissions
Anonymous access fails
The user belongs to one or more groups that are not mapped consistently, Active Directory Domain Services is not accessible, or User Name Mapping is not running.
To ensure proper file access, ensure that Windows and UNIX groups that are mapped to each other, in either Active Directory Domain Services or User Name Mapping, contain the same users, and that the members of the Windows and UNIX groups are properly mapped to each other. Also, ensure that Active Directory Domain Services is accessible or the User Name Mapping service is running on the designated server.
Active Directory Lookup or User Name Mapping is not properly configured to work with this computer.
If you are using Active Directory Lookup, ensure that Services for Network File System (NFS) is pointing to the proper Active Directory domain.
If you are using User Name Mapping, ensure that the .maphosts file on the computer running User Name Mapping specifies the names or IP addresses of computers that can map user accounts by using User Name Mapping. If users cannot access NFS resources intermittently and configuring the .maphosts file does not solve the problem, it might be that too many client computers are trying to access User Name Mapping simultaneously.
Users, including properly mapped users, cannot change the current directory to a shared directory or create files in the directory, even though anonymous access to the directory is allowed
Either the NFS client does not support NFS version 3, or Server for NFS is not configured to support NFS 3. Also, the discretionary access control list (DACL) protecting the shared directory does not have an entry for Everyone, and so the access mode bit for Other is reported as 0. Because NFS 2 clients rely on directory mode settings rather than performing a separate access check for the shared directory, the client incorrectly fails the attempted access.
Do one of the following:
To the DACL protecting the directory being shared, add an entry that grants Everyone read or read/write access, as appropriate.
Ensure that the NFS client supports NFS 3, and enable NFS 3 support by Server for NFS.
The directory was moved after it was shared.
Return the directory to its original location, or stop sharing the directory and then reshare it.
Authentication is not configured properly.
Ensure that mappings are set up correctly in Active Directory Domain Services or in User Name Mapping, and that Server for NFS is correctly configured to use either Active Directory Lookup or User Name Mapping. Also, be sure all domain controllers are properly configured.
If you are using User Name Mapping, then User Name Mapping and Server for NFS have not yet refreshed data from the Network Information Service (NIS) server. Typically, User Name Mapping refreshes data from NIS once an hour, and Server for NFS refreshes data from User Name Mapping once an hour.
The new user should wait at least two hours before attempting to access or create files on Server for NFS, or the administrator of the computer running User Name Mapping can refresh the mapping database.
File permissions or attributes do not allow write access to the file or its directory.
If the directory is owned by the Administrators group, make an individual user account the owner of the directory. Ensure that the user's UNIX account is mapped to a valid Windows account and that the NTFS file system permissions of the directory and file allow write access to the Windows user account. Ensure that the read-only attribute is not set on the file or the directory.
Extended UNIX character (EUC) set is not enabled.
Configure the shared resource to use the appropriate character encoding.
The Cluster service is not running, was not running when Server for NFS started, or failed after Server for NFS started.
Take all NFS shared resources owned by the node offline, or move the cluster groups containing NFS shared resources to another node. Stop Server for NFS, start the Cluster service if needed, and then restart Server for NFS. Return the NFS shared resources online or move the cluster groups back to the node.
This is by design. When an NFS shared resource is online on a cluster node, the cluster service automatically restarts Server for NFS to keep the shared resources online.
Before stopping Server for NFS on a server cluster node, take all NFS shared resources owned by the node offline, or move the cluster groups containing NFS shared resources to another node.
An NFS shared resource with the same alias or path already exists on the node.
Make sure that the shared path and alias are unique across the cluster. Also, avoid having nonclustered NFS shared resources on a server cluster node.
The user who installed the cluster service does not have read permission on the directory that is shared, so the path cannot be validated.
Grant read access to the directory for the user who installed the cluster service.
The disk resource containing the directory being shared is offline, so the cluster service cannot verify the path of the share.
Bring the disk resource online, and then bring the NFS shared resource online. We recommend that the NFS shared resource be made dependent on the disk resource that contains the shared folder.
The disk is inaccessible due to hardware error.
Take the NFS shared resources on the disk offline. Ensure that the disk is accessible from all cluster nodes, and then bring the NFS shared resources online.
There are a large number of subdirectories under a subdirectories-only share, and the resource times out before all the shared resources are created when the resource is coming online.
Increase the time-out interval for the resource.
Creating or modifying an NFS shared resource fails with the error: The share path specified does not exist, or you are trying to modify the properties of an online shared resource
The specified directory does not exist.
Make sure that the directory exists and that the path is correct.
The shared resource is online.
Take the shared resource offline, make the required modifications, and then bring the shared resource online.
The disk resource containing the shared directory is offline, so the cluster service cannot verify the path of the share.
Bring the disk online, make the necessary modifications to the NFS shared resource, and then bring the NFS shared resource online.
Server for NFS is not set to use the correct User Name Mapping server.
Ensure that the specified User Name Mapping server is valid. If the User Name Mapping server is on a server cluster, ensure that the following conditions exist:
User Name Mapping is installed on all cluster nodes
User Name Mapping data is being replicated to all nodes in the cluster
Server for NFS is using the name of a Network Name cluster resource as the User Name Mapping server, not localhost or the name of any of the cluster nodes
Server for NFS has not received updated maps from the mapping server. If Server for NFS and User Name Mapping are on different computers, this occurs once every 30 minutes.
Force Server for NFS to refresh the maps by doing one of the following:
Use the nfsadmin server command to execute an operation, such as by setting a value to its current value.
Restart Server for NFS.
Account changes on the Windows domain controller or the Network Information Service (NIS) server have not been received by User Name Mapping.
Force Server for NFS to refresh the maps by doing one of the following:
In Services for Network File System, click Server for NFS, and then click Apply.
Use the nfsadmin server command to execute an operation, such as by setting a value to its current value.
Restart Server for NFS.
Local accounts on a cluster node were mapped to UNIX user accounts. Local accounts are not valid on all nodes in a cluster.
Ensure that all Windows accounts mapped to UNIX accounts on User Name Mapping running on a cluster are Windows domain accounts.
The passwd and group files are not at the same location on all nodes of the cluster, or on a network drive.
Ensure that the passwd and group files are identical and at identical locations on local disks of all nodes.
The Server for NFS server is not on the list of permitted User Name Mapping server clients.
Ensure that the .maphosts files on all User Name Mapping server cluster nodes are identical to permit the node running Server for NFS to obtain maps from the User Name Mapping server.
The server running User Name Mapping has failed.
Correct the cause of failure and then restart User Name Mapping on the server.
A Windows account mapped to a UNIX account is disabled or no longer exists.
If the Windows account exists but is disabled, enable it. If the account does not exist, create a new account and, if necessary, recreate the corresponding advanced map.
A Windows user account has not been granted the credentials to log on to the network.
Grant the required credentials to the Windows user account, and then force Server for NFS to refresh the maps by doing one of the following:
Use the nfsadmin server command to execute an operation, such as by setting a value to its current value.
Restart Server for NFS.
Windows and UNIX groups mapped to each other do not contain the same members.
Ensure that all Windows users in a group are mapped to UNIX users in the corresponding UNIX group, and that all UNIX users in a group are mapped to users in the corresponding Windows group.
User Name Mapping settings are not properly replicated on all nodes in a server cluster.
Ensure that User Name Mapping on a server cluster is configured properly to allow replication on all nodes.
Server for NFS is not installed on the node.
Install Server for NFS on the node.
The node is not configured as the preferred owner of the group.
Configure the group properties to make the node the preferred owner of the group.
One of the resources in the group does not list the node as a possible owner even though the group specifies the node as a preferred owner.
Configure the resource's properties to specify the node as a possible owner.
The showmount –e command for a virtual server lists all shared resources on the node rather than those in the same group as the virtual server
This is by design. There is only one instance of Server for NFS running on a node that will enumerate all shared resources on that node. It does not distinguish between shared resources in different cluster groups.
Maintain different groups on different nodes.
The shared resource does not have root access enabled.
Right-click the shared directory, click Properties, click NFS Sharing, click Permissions, and then click Allow root access.
The computer from which the root user is accessing the shared resource is not permitted root access.
Right-click the shared directory, click Properties, click Permissions, and then do one of the following:
Grant root access to ALL MACHINES.
Grant root access to a client group containing the computer.
Grant root access to the computer itself.
The root user does not have read/write permission.
Grant the appropriate permissions to the Windows user mapped to the root user. Right-click the shared directory, click Properties, click Permissions, and then click Root access allowed.
The root user account is not properly mapped to a Windows user account.
Map the root user to a Windows account in the Administrators or Domain Admins group, and map the root user's group to the same Windows group.
Server for NFS has not received updated maps from User Name Mapping.
Force Server for NFS to refresh the maps by doing one of the following:
Use the nfsadmin server command to execute an operation, such as by setting a value to its current value.
Restart Server for NFS.
The root user's user identifier (UID) is not 0. Server for NFS grants root access only to a UNIX user with a UID of 0.
Change the root user's UID to 0.
Local security policy is not set to enable Everyone permissions to apply to anonymous users (the default).
Use the Local Security Policy manager to enable Network Access: Let Everyone permissions apply to anonymous users in Security Options in Local Policies.