Home > Clustering, Windows Server > The curious case of missing file shares on a Microsoft File Server Cluster.

The curious case of missing file shares on a Microsoft File Server Cluster.

I had a very unusual issue recently where, after a fail over one of my file cluster resources didn’t publish all shares to the users. Some shares did come up, but many of the shares were missing resulting in users being locked out of their network drives.

I immediately jumped to the registry HKEY_LOCAL_MACHINE\Cluster\Resources and found the resource by guid of my misbehaving file cluster. I could see all the shares missing were still published as resources as below:

Upon reviewing the event logs, each time the cluster was failed over, each missing share was logging the following event:

Log Name: System
Source: Microsoft-Windows-FailoverClustering
Date: xx/xx/xxxx 08:00:27
Event ID: 1068
Task Category: File Server Resource
Level: Warning
Keywords:
User: SYSTEM
Computer: XXXXXXXXXXX.Domain.com
Description:
Cluster file share resource 'File Server FileServer' cannot be brought online. Creation of file share 'Vedeni' (scoped to network name Fileserver) failed due to error '5'. This operation will be automatically retried.

Upon reviewing the share permissions, an over zealous administrator had trimmed the NTFS permissions, removing the local system account. Upon each cluster resource coming online, the cluster uses the local system account to enumerate the shares and present them. Remove this account and your shares wont come online!

This  account doesnt need to be on every folder, just each folder a share is based on. E.g. if you share d:\share\finance as \\server\finance, only the finance folder needs access granted to the system account.

To resolve, configure the system account to have access to the folder on “this folder only” then restart the file server resource. The resource will come on-line and your shares will be available again!

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: