Quantcast
Channel: File Services and Storage forum
Viewing all 13565 articles
Browse latest View live

Work Folders - recent security updates leave it broken

September 19, 2016, 3:22 pm
$
0
0

We have a small Work Folders implementation for a few clients.

Until recently, the function has been working great, no problems.

However, we have confirmed that two recent Windows10 patches leave Work Folders broken and completely unusable for clients who have either of the patches installed.

KB3185614 (security rollup for Win10 build 1511)

KB3189866 (security rollup for Win10 build 1607)

If a Win10 client has either of these updates applied, they cannot use Work Folders.  The client attempts to connect to the Work Folders Server and gets the error:

"there was a problem finding your Work Folders server", error code 0x80072f76.

Work Folders server is fully patched.

Removing the patch will allow the client to connect and use Work Folders successfully, but as we know Windows10 will just reinstall that patch again in a few days.  We are using the Microsoft "driver update" prevention tool for now to block the patch on affected machines.

We are opening a support case with Microsoft soon.

Search

DFSR database cloning - Importing fails error 9198 configuration error was detected

June 24, 2016, 12:06 am
$
0
0

Hi,

To prevent the long DFS-R initial synchronization process, I've tried to use the new DFSR database cloning principle. I've followed the steps as outlined in the blogpost of Ned Pyle. The only 'big' difference in oure setup is that we use mountpoints in our source and destination side (in stead of volume letters).

- Source is: E:\User Volumes\%Mountpoint naming%

- Destination is: C:\Mountpoints\%Mountpoint naming%

The destination folder doesn't contain the DFSRPrivate folder or reparse points. Both nodes are in different AD-sites. The DFS console shows the same information (RG and RF) on both sites. No connections are configured, and only the primary (sending) server is added. (as described in the blogpost).

After the import-DFSRClone command has run the following error is dumped:

Import-DfsrClone : Could not import the database clone. Error code: 0x000023EE

The eventviewer on the destination side shows the following information:

EventID: 2414
Level: Error
Message: The DFS Replication service failed to import a cloned database. Error: 9198 (A configuration error was detected)

EventID: 2416
Level: Information
Message: The DFS Replication service has processed a portion of imported database records. These records consist of all database entries for files and folders, including previously deleted files from the past 60 days. No action is required. [skipped rest]

EventID: 2412
Level: Information
Message: The DFS Replication service started importing a cloned database. The server will remain in this state until it has completed import operations. No action is required [skipped rest]


Can someone explain what I'm doing wrong?

Event id 4502 -- dfsr

September 3, 2016, 6:43 am
$
0
0

Hi,

We have  customer servers which has DFSR configured. There are two folders D:\Home and D:\Users which are under DFS replication. We were seeing the event id 4502 daily for the above folders. We did change staging folder path to different location (off Home and Users folder). The new path is D:\DFS\Home\Dfsrprivate\Staging and D:\DFS\Users\Dfsrprivate\Staging. We did set staging quota size to 50 and 150 GB respectively. After this change, we don't see this event id 4502 for D:\Home folder. However this continues for D:\Users folder. DFSR diagnostic reports shows the same. It points to d:\Users folder.

In these servers, FSRM is configured and hard disk quota is set to 1 GB on both D:\Home\* and D:\Users\*. Since we have changed the staging folder path from default location(off D:\Home and D:\Users), we thought it would resolve the issue. But no luck for D:\Users. As per the below link, I tried to run the command lines to get first 32 largest file size, but it fails with Access is denied. Not sure how to get the information. Please help me to resolve this issue. Let me know what information is required.

https://blogs.technet.microsoft.com/askds/2011/07/13/how-to-determine-the-minimum-staging-area-dfsr-needs-for-a-replicated-folder/

Event id details below:

Log Name:      DFS Replication
Source:        DFSR
Date:          2016-09-03 06:00:05
Event ID:      4502
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xxxxx.sna.wm.net
Description:
The DFS Replication service encountered errors replicating one or more files because adequate free space was not available on volume D:. This volume contains the replicated folder, the staging folder, or both. Please make sure that enough free space is available on this volume for replication to proceed. The service will retry replication periodically.
 
Additional Information:
Staging Folder: d:\DFS\Users\DfsrPrivate\Staging
Replicated Folder Root: d:\Users
Replicated Folder Name: Users
Replicated Folder ID: 4513DC92-29BB-4408-B785-D9A528EBA7F8
Replication Group Name: xxxx\shares\users
Replication Group ID: 6E2B8CFC-902D-4676-99FD-9C1C94E30386
Member ID: 81DA8BD9-2309-48EC-88BD-830E4CE3E1BD
Volume: DF7BBC15-BFD4-11DE-B6B2-005056914A38

-Umesh.S.K


How to remove the shortcut icon after creating a Directory Junction with “mklink /J” ?

September 20, 2016, 1:40 am
$
0
0

Hi, I created a directory junction with command "mklink /J" on windows server 2008 R2.

But the folder has shortcut icon which can be seen by windows 7 client, we don't want to let them see it.

So, is there anyway to remove this shortcut icon ?  just make it looks normal with other folders.

thanks.


ABE not working in Win Server 2008 R2

September 20, 2016, 1:48 am
$
0
0

I have installed only file server role and active directory in a server, I have shared a folder to a perticular user and enabled access based enumeration for the same share folder but still it is visible to all domain users

please help

thanks in advance

Remote Share Permissions Strangeness

September 20, 2016, 5:34 am
$
0
0

Posted this in the Office 2016 forum, got pushed in this direction, hopefully someone can assist.

All,

Working through an odd issue I've bumped up against regarding Office 2016 (probably other versions) and saving to remote shares.

Scenario is as follows:

Two domains, no trust between.  User A is on Domain A, User B on Domain B.  File servers are available on both Domain A and B.

User on Domain B has an account on Domain A, and can connect remotely to share on File Server A just fine.  User can create .txt files, docx files, etc without issue (with Right click -> new file).  Permissions are irrelevant (set full control to Everyone, direct to user account, etc).  User can edit, save, delete .txt files without issue.  Freshly created .docx file inherits permissions as expected, and file can be renamed without issue.  If user B's 'Domain A account' edits that .docx file however, and saves it, the permissions on the file get blasted, and the NTFS owner becomes unresolvable.  At that point any further attempts to open the file from any source gets access denied.  I can re-take ownership with admin credentials/elevated token, at which point the security tab shows no permissions assigned.  I can re-add permissions (or reassign inheritance) and open the file, and see the data that the user added.  This tells me the file is being edited, then permissions changed somehow.

This does not happen if User A connects to File Server B with 'Domain B credentials' and write/save files.  Everything there appears to work fine.  Both domain file servers are 08R2, both domain workstations are using Office 2016, fully patched.  Tested with different workstations, different 'Domain A accounts', different Domain B users, etc.  Tested with different shares, subfolders, different permission assignments, etc.  Same result, Office alters the Owner/NTFS perms of file after writing data. User can create document on local machine on Domain B, then copy the file into File Server A's share, and file is fine... openable, correct permissions, etc.  If user edits that file again however, same result.  Perms wiped, owner unresolvable.

It looks very very similar to a few issues with past versions of office, as seen here:
https://www.experts-exchange.com/questions/28094803/Microsoft-Office-Access-Denied-Contact-Your-administrator-message-when-saving-to-Network-Drive.html

The above was fixed by a user changing an option on a 3rd party device to prevent the editing of NTFS permissions on files, essentially blocking whatever functionality was causing this.

Other is here:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/bae1e32a-b878-4af2-8d27-9b747e11bf21/kb980232-ms10020-problem-users-cant-save-anymore-from-office-2007-applications-to-servers?forum=winservergen

Vaguely related, seems to have something to do with patch incompatibility with very old SMB (1.0) shares.  I doubt the cause is the same (most of the information in that technet post is irrelevant at this time) but the symptoms are similar.

Thank you.

EDIT: Forgot to include, symptoms are identical whether or not user's office is signed in or not, and persists through restarts.

Additional EDIT:  Symptoms appear to only affect DFS shares.  If saved to some_server\share, permissions behave as expected.  If saved to DOMAIN\Share, permissions go sideways upon saving.  If saved to some_server\DFS_SHARE, same thing happens.  DFS for said share is currently set to a single namespace server (so only a single server is being touched), DFS share permissions permit full control to Everyone, and DFS is accessible normally from other domain IP space.


DFS overwrite content

September 19, 2016, 7:32 pm
$
0
0

HI everyone,

there are 2 servers member of DFS system (windows 2012), we are running into trouble when twice users open the same file and the same time but DFS assign separate 2 member DFS for each user so content will not correct.

We want to set up if it's more than 1 user open the same file, just allow only the first user can modify, others read-only.

Best regards,

Van Cong Khanh


File Screening Emails

September 19, 2016, 7:05 pm
$
0
0

Hello.

I'm looking at the File Screening abilities in 2012 R2. It seems like a pretty straight forward setup, but I have a question on the email portion of it. In the properties of my File Screen I have a "email" and "Reports" tab. Both of which have the ability to send an email to whomever I need. So in a situation where I need to be immediately notified if a file type is being saved, which one will send the email to the intended person?

Will the email feature in the Reports area email the end user and tell them there is a new report to look at, where as the Email setup will actually email the intended person alerting them to the attempt to save the screened file?

I'm confused on these two, can someone help clear this up for me? 

::- TIA -::

Search

How to create NTFS quota for folders in Cluster shared volume on SAN storage?

January 17, 2013, 12:33 am
$
0
0
Hi, i have issue with creating NTFS quota for CSV on SAN storage using windows 2012 standard. I have failover cluster with 10 nodes, all have access to the CSV. I want to create quota for folders specified for every server on CSV. I add File server role, but cant create quota due to error, that folders that i choose is not NTFS, but as i know, CSV just add to NTFS. Please advice, how to create quota on CSV.

2012 storage server NFS and SMB problem

September 20, 2016, 3:07 pm
$
0
0

Hi... I can't figure this out.

We have a windows 2012 storage server running on our Dell NX/MD device.

There is an SMB share that is also an NFS export.  I have left things about as wide open as possible as we don't really have security issues or need to lock this share/export down, just for exchange of data.

The problem is that when a user creates a file under the NFS mount, under Unix, he is then unable to access or modify it under the Windows Share.  When I look at the security tab on the server, it says all users have full control, but the user still can't access the new directory or the files... even though NTFS and share permissions are everyone full control and on the share read/write.  If I go to advanced on the directory and do a replace permissions on all child objects, then users can access via the windows share... it looks exactly the same as it did before though.

I have been reading about NFS using an Active Directory mapping - but it sounds like this needs an AD schema change and this is a big company and the chances of getting them to change extend the schema are nil.  We were using anonymous, not sure if that would have worked, but one of our Unix gurus change the it to a specific GID I think... anyway, it's almost working but not quite - just wondering if there might be a simple answer to this if we are not concerned with security.

thanks

Bill

Folder auditing alternative?

September 9, 2016, 5:50 am
$
0
0

Hi guys,

I have a folder on a server that keeps being overloaded with text files. I am not sure what creates these, and I'd like to avoid enabling auditing.

I've looked at who the owner is and it's the local admin account.

Is there any other way to check where these files come from/what application is writing the files on the folder?

Thanks.


File server loses its share and becomes unaccessible by users

September 13, 2016, 12:23 am
$
0
0
I have a file server configured for my users. Several units have their folders in the server. However, I noticed that the share stops working intermittently and users are not able to access their files from their location. A restart solves this problem but I need to find out what is the cause of this problem because i am tired of restarting the server. Anyone with a similar problem and solution?

SMB Share not seen by Ricoh Printer

September 16, 2016, 4:43 am
$
0
0

Hi,

We are having trouble in seeing an SMB share on our Ricoh printer. Basically, we need to set up scan to folder from the Ricoh printer to the shared folder. This shared folder is on Windows Server 2012 R2 Standard

We have already spend a whole week troubleshooting this issue to no avail and nothing is working. Today, I installed a test server and installed everything exactly as its on the original one and scanning worked! Obviously, this brings to the conclusion that there is nothing wrong with the printer but, there is surely something wrong with the server installation or configuration.

Below are what we have tried to do to make it work on the server:

  • Disable firewall
  • Disable Anti-virus
  • Checked SMB signing is turned off and it was
  • Create another folder
  • Create another user
  • Made sure network discovery is working - I manage to see the shared folder if I use a Windows 7 machine but, the folder is not discoverable by the printer.
  • Installed the latest SMB patch by Microsoft

I have tried all the above and nothing is working. Is there something else which I need to look into please? If I manage to solve this problem on the existing server will help me save time installing another fresh server and transfer files/folders. Thank you

FSRM Quota in DFS - Windows Server 2012 R2

September 20, 2016, 10:30 pm
$
0
0

We have two servers DFS1 and DFS2 which are configured as target for DFS Namespace and DFS Replication. Namespace is \\Domain.com\Files\Users\User1 whose target are \\DFS1\Users\User1(local path D:\User1) and \\DFS2\Users\User1. We have also configured the DFS Replication for those paths.

In the DFS1 server, I have added a 1GB hard quota using the local path (D:\User1) in File Server Resource Manager.

  • When I map network drive using \\DFS1\Users\User1 path, it shows the total size as 1GB.
  • When I map network drive using \\Domain.com\Files\Users\User1 path (DFS1 is active), it shows the correct total size as 1GB.
  • When I map network drive using \\Domain.com\Files\Users\User1 path (DFS2 is active), it shows the total size as the drive size which is 922GB.
  • When I map network drive using \\DFS2\Users\User1 path, it shows the total size as the drive size which is 922GB. It looks like the quota is not getting replicate with DFS.

How do I make FSRM Quota to work in DFS Namespace and DFS Replication?




Slow copying to network shares

September 21, 2016, 12:41 am
$
0
0

Hi all,

We are an SMB, and have installed new hardware to run our virtual servers.
We run 2 ESXi hosts, and one of them, a Windows SBS 2008 SP2 VM is running.

The new SAN and its 10gbe connection to the hosts has increased the disk performance of the virtual machines a lot :
The SBS 2008 VM can now read and write to disk (locally) at about 500MB/s.

As our entire network is 1 gigabit, I was expecting that the clients could now copy from and to the network shares (on the SBS 2008) at 110MB/s. However reading is only at 80MB/s and writing at 60MB/s. I am trying to find out why this netowrk copy performance is throttled.

I think it has to do with a setting on the SBS 2008, but I can't found out which.

These are the things that I have already tried :

- Check that it is indeed the SBS 2008 VM that is throttling performance : I have created a network share on a VM (Win7) that is running on the same host as the SBS 2008. so the Win7 VM is running 'next to' the SBS2008 VM. Clients can copy to the share on this VM at 110MB/s. So this means that there are no client, network or host bottlenecks.

- The SBS 2008 VM is running on ESXi 6, is hardware version 8, has an VMXNET3 network interface. Same as the other VM to which we can copy at full speed.

- SBS 2008 has 8 cores at 32 GB RAM dedicated. During copying the CPU is not maxing out.

- Same anti-virus and anti-malware is running on SBS 2008 and Win7 VM. So anti virus is not bringing down performance.

- No bandwidth limits at Esxi level. Also I tried disabling QoS at SBS 2008 level. Did not help.

- SMBv2 was disabled. Enabled and rebooted. No help.

- All test were done at night (no clients/load)

- Disabled gpo 'digitally sign communications (always)

Can anyone please advise?

thx.

Search

Dynamic Cache Service isn't doing anything on Server 2008 R2 file server

September 9, 2016, 9:55 am
$
0
0

So, we've been experiencing the issues which are described in the use case for the Dynamic Cache Service (https://www.microsoft.com/en-us/download/details.aspx?id=9258, https://support.microsoft.com/en-us/kb/976618).

I installed the service, imported the .reg file, set the MaxSystemCacheMBytes reg key to 2560, and started the service. However, Free RAM is still at 252 MB's, and the Metafile is currently using a bit over 4 GB's. I left the SampleIntervalSecs at 60 (seconds), so it should run every 60s and free up RAM if the metafile usage is over 2560 MB's. But, that's obviously not happening, or I'm misunderstanding something.

Does anyone have any idea what's going on, and if I misconfigured something?

Edit: I also tried setting MaxSystemCacheMBytes to 40, which should change it from being a defined max size in MB's, to a percentage of RAM (according to the documentation). However, the Free RAM isn't changing, and the Metafile is still using a bit over 4 GB's.

DFS and Offline files clean up

September 21, 2016, 1:42 pm
$
0
0

I have been searching through this forum and the net looking for any best practices for removing user files and folders after an AD user account had been disabled and/or removed. (ex. Person leaves the company)

After the account is closed and all GPOs no longer apply, can I just delete or archive these files without impacting the configuration?  Or is there a process that needs to be followed?

Any suggestions are welcome.

Thanks!

Several VSS Keys Missing in recovered Registry

September 21, 2016, 12:51 pm
$
0
0

Recently, a server was repaired and the registry became corrupted somehow.  Bottom line is VSS will not function.  I've looked at the registry and found that there are several keys missing and I'm also denied access to create new keys.  I've checked the registry of a second server at the same site and this is how I found the difference.  I'm not able to find anything that relates to reinstalling the Volume Shadow Copy.  I'm only finding run certain commands.  Now I exported the VSS section from the known good server.  My question is, can I rename the VSS key in the corrupted one, and then merge this export without causing any harm?  Or is there a way to complete rebuild this application without having to reinstall windows.  Thank you.......

Respectfully

Chuck

DFS Moved Files

September 1, 2016, 8:11 am
$
0
0

I have two file server both 2012r2.  I installed the DFS Namespaces and DFS replication roles on both servers.  I then created a simple namespace called ITDFS and added a folder to the namespace called IT Test1.  I added the second server from the DFS managment console and added a folder by the same name to it.  I then added a replication group via the wizard.  I was able to add text and excel file and have them replicate between the two servers.

About an hour later I received a call that folders (on the server that I initially configured DFS on) were missing.  After using a utility called tree size I was able to see that several hundred gigs of software was moved into the DFSR/Private/PreExisting folder.

1.  At no point did I ever configure this set of folders to be included in DFS replication.  It was several folders deep so there is no chance I accidentally navigated to it during my DFS testing.  Also, I would have never selected some 200 folders at a size of 347 GB for a simple DFS test.  I have no idea why these files would have been moved to the preexisting folder, which I understand is readying the files for replication.

2.  I cannot get into the DFSR private folder for the life of me.  I have forced the permissions on it numerous times to no avail.

Any idea why my files would have been moved and how do I get them back?

~Eric

File sharing in Server 2012

September 21, 2016, 11:32 pm
$
0
0

If I have a parent folder and two sub folder inside it.

Which kind of permissions should I give that subfolder A cannot see Subfolder B if My Parent folder have Domain Level User Permission enable.

Please give you views except saying that "We should deny permissions of SubFolder B on A'' because by that I have to go on each folder and deny users in that so on Big level it is difficult task for me.

Waiting for keen response !

Viewing all 13565 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>