Troubleshooting User Name Mapping
Applies To: Windows Server 2003 R2
What problem are you having?
Issues
I cannot download Windows users from a Windows domain.
Cause
You do not have adequate credentials, or the computer running User Name Mapping does not belong to a domain trusted by the Windows user domain.
Solution
Log on as a user in a domain trusted by the domain to which the computer running User Name Mapping belongs and that belongs to the Administrators group on the computer running User Name Mapping.
I cannot download Windows users from an Active Directory domain.
Cause
When installing the Active Directory domain controller, you chose the Permissions compatible with Windows 2000 Server option.
Solution
Do one of the following:
If the computer running User Name Mapping is a member of the domain, add the computer to the security group called Pre-Windows 2000 Compatible Access.
If the computer running User Name Mapping does not belong to the domain (that is, it belongs to a trusted domain), add the special group Everyone to the Pre-Windows 000 Compatible Access security group of the Active Directory domain.
You must restart the domain controller after adding the computer or group to the security group.
If, for some reason, you cannot add Everyone or the computer that is running User Name Mapping to the Pre-Windows 2000 Compatible Access security group, you can enable User Name Mapping to enumerate users in the domain by running the User Name Mapping service with an account that belongs to the Domain Admins group. This method is less secure than the other two solutions, however, and should be avoided if possible.
I cannot download UNIX users from a Network Information Service (NIS) server.
Cause
You have specified only the domain name, and either the NIS server is on a different subnet, or the NIS server is down.
Solution
Ensure that the NIS server is running. Ensure that the computer running User Name Mapping and the NIS server are on the same subnet, or specify the Internet Protocol (IP) address of the NIS server.
Users of a particular Windows-based computer cannot access Network File System (NFS) shares.
Cause
The Windows-based computer is not granted access in the .maphosts file to User Name Mapping.
Solution
Add the Windows-based computer to the .maphosts file. Make sure it does not appear after any – entry.
Mapped users cannot access Network File System (NFS) resources.
Cause
The .maphosts file has not been modified to specify trusted computers.
Solution
Ensure that the .maphosts file specifies the names or Internet Protocol (IP) addresses of computers that can map user accounts by using User Name Mapping. For more information, see Securing access to the User Name Mapping server.
If users still cannot access NFS resources, see "Error message: Unable to perform the requested operation as the mapping service cannot be contacted" later in this topic.
Error message: Unable to perform the requested operation as the mapping service cannot be contacted.
Cause
The maximum number of concurrent client connections has been exceeded.
Solution
If this message appears frequently when you are attempting to administer User Name Mapping, or if properly mapped users can only access NFS resources intermittently and other troubleshooting steps have failed, you can increase the maximum number of concurrent client connections that are allowed by creating a DWORD registry value named RpcMaxConcurrentConnectionsPerIp in the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \MSNFS
The value must be between 16 (the default) and 64.
Warning
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
If the problem persists, or if NFS access performance noticeably degrades, consider establishing a User Name Mapping server pool. For more information, see Creating a User Name Mapping pool.
If you click Reload immediately after creating and saving a map, the new map is not shown.
Cause
Maps are saved to the registry, which notifies User Name Mapping of the new map. Because this process can take a minute or more, if you click Reload during that time, you will not see current data.
Solution
Wait at least a minute, and then click Reload again.
A user is unable to access NFS resources after being added or changed.
Cause
Maps have not been refreshed with new or changed data in the Windows or UNIX user databases.
Solution
After adding or changing a user in the Windows domain, the Network Information Service (NIS) domain, or the password and group files, update User Name Mapping. On the Configuration tab, click Synchronize Now, and then click Apply.
User Name Mapping configuration settings are not replicated across nodes in a server cluster.
Cause
The Cluster service is not running, was not running when User Name Mapping started, or failed after User Name Mapping started.
Solution
Stop User Name Mapping, start the Cluster service if needed, and then restart User Name Mapping.
If replication consistently fails after the computer restarts, it might be because User Name Mapping is starting before the Cluster service completes its startup procedures. In this case, use the Services snap-in to make User Name Mapping dependent on the Cluster service.
Restoring password and group files on a server cluster node does not recreate the files on other nodes.
Cause
User Name Mapping restores password and group files on one node only.
Solution
Copy the password and group files to all other cluster server nodes.
Maps are not updated to reflect changes in Windows user and group accounts or in NIS or password and group files.
Cause
The User Name Mapping server has not received the changes. By default, User Name Mapping refreshes its maps once every 24 hours.
Solution
In Microsoft Services for Network File System, click User Name Mapping, click Map Maintenance, and then click Synchronize Now.