Troubleshooting User Name Mapping

  • Article

Applies To: Windows Server 2003 R2

What problem are you having?

Issues

I cannot download Windows users from a Windows domain.

Cause

You do not have adequate credentials, or the computer running User Name Mapping does not belong to a domain trusted by the Windows user domain.

Solution

Log on as a user in a domain trusted by the domain to which the computer running User Name Mapping belongs and that belongs to the Administrators group on the computer running User Name Mapping.

I cannot download Windows users from an Active Directory domain.

Cause

When installing the Active Directory domain controller, you chose the Permissions compatible with Windows 2000 Server option.

Solution

Do one of the following:

  • If the computer running User Name Mapping is a member of the domain, add the computer to the security group called Pre-Windows 2000 Compatible Access.

  • If the computer running User Name Mapping does not belong to the domain (that is, it belongs to a trusted domain), add the special group Everyone to the Pre-Windows  000 Compatible Access security group of the Active Directory domain.

You must restart the domain controller after adding the computer or group to the security group.

If, for some reason, you cannot add Everyone or the computer that is running User Name Mapping to the Pre-Windows 2000 Compatible Access security group, you can enable User Name Mapping to enumerate users in the domain by running the User Name Mapping service with an account that belongs to the Domain Admins group. This method is less secure than the other two solutions, however, and should be avoided if possible.

I cannot download UNIX users from a Network Information Service (NIS) server.

Cause

You have specified only the domain name, and either the NIS server is on a different subnet, or the NIS server is down.

Solution

Ensure that the NIS server is running. Ensure that the computer running User Name Mapping and the NIS server are on the same subnet, or specify the Internet Protocol (IP) address of the NIS server.

Users of a particular Windows-based computer cannot access Network File System (NFS) shares.

Cause

The Windows-based computer is not granted access in the .maphosts file to User Name Mapping.

Solution

Add the Windows-based computer to the .maphosts file. Make sure it does not appear after any – entry.

Mapped users cannot access Network File System (NFS) resources.

Cause

The .maphosts file has not been modified to specify trusted computers.

Solution

Ensure that the .maphosts file specifies the names or Internet Protocol (IP) addresses of computers that can map user accounts by using User Name Mapping. For more information, see Securing access to the User Name Mapping server.

If users still cannot access NFS resources, see "Error message: Unable to perform the requested operation as the mapping service cannot be contacted" later in this topic.

Error message: Unable to perform the requested operation as the mapping service cannot be contacted.

Cause

The maximum number of concurrent client connections has been exceeded.

Solution

If this message appears frequently when you are attempting to administer User Name Mapping, or if properly mapped users can only access NFS resources intermittently and other troubleshooting steps have failed, you can increase the maximum number of concurrent client connections that are allowed by creating a DWORD registry value named RpcMaxConcurrentConnectionsPerIp in the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \MSNFS

The value must be between 16 (the default) and 64.

Warning

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

If the problem persists, or if NFS access performance noticeably degrades, consider establishing a User Name Mapping server pool. For more information, see Creating a User Name Mapping pool.

If you click Reload immediately after creating and saving a map, the new map is not shown.

Cause

Maps are saved to the registry, which notifies User Name Mapping of the new map. Because this process can take a minute or more, if you click Reload during that time, you will not see current data.

Solution

Wait at least a minute, and then click Reload again.

A user is unable to access NFS resources after being added or changed.

Cause

Maps have not been refreshed with new or changed data in the Windows or UNIX user databases.

Solution

After adding or changing a user in the Windows domain, the Network Information Service (NIS) domain, or the password and group files, update User Name Mapping. On the Configuration tab, click Synchronize Now, and then click Apply.

User Name Mapping configuration settings are not replicated across nodes in a server cluster.

Cause

The Cluster service is not running, was not running when User Name Mapping started, or failed after User Name Mapping started.

Solution

Stop User Name Mapping, start the Cluster service if needed, and then restart User Name Mapping.

If replication consistently fails after the computer restarts, it might be because User Name Mapping is starting before the Cluster service completes its startup procedures. In this case, use the Services snap-in to make User Name Mapping dependent on the Cluster service.

Restoring password and group files on a server cluster node does not recreate the files on other nodes.

Cause

User Name Mapping restores password and group files on one node only.

Solution

Copy the password and group files to all other cluster server nodes.

Maps are not updated to reflect changes in Windows user and group accounts or in NIS or password and group files.

Cause

The User Name Mapping server has not received the changes. By default, User Name Mapping refreshes its maps once every 24 hours.

Solution

In Microsoft Services for Network File System, click User Name Mapping, click Map Maintenance, and then click Synchronize Now.