VMware Cloud Community
edwardsd
Contributor
Contributor

Adding Windows NFS Share to ESXi 5 | "Mount request was denied"

I'm unable to add a Windows Server 2008 R2 NFS share. When I try to add the share I receive the following error:

"HostDatastoreSystem.CreateNasDatastore" for object "ha-datastoresystem" on ESXi "192.168.1.24" failed.
NFS mount server1:nfs failed: The mount request was denied by the NFS server. Check that the export exists and that the client is permitted to mount it.

I have enabled the NFS service in server 2008 R2 and shared using NFS setting (as referenced here: http://www.kasraeian.com/2011/02/nfs-on-windows-server-2008-r2/)

I have also checked that the "NFS Client" is ticked on ESXi Client firewall settings.

Windows Firewall has been disabled.

I have tried using both the host name and IP when creating the NFS storage, but results with the same error which looks like it is related to permissions. The Windows NFS share has "everyone" and "anonymous" with full access to the share. 

Unfortunately I have limited knowledge with NFS/Unix shares therefore am unsure of the best way to test these are setup correctly. I am also very new to vSphere, so all the advise would be helpful. This setup is in a new environment, with 1 single host connected on the same network by vSphere client. Can anyone advise a step-by-step guide to obtain log files?

Many Thanks

Reply
0 Kudos
14 Replies
aravinds3107
Virtuoso
Virtuoso

Check if UNIX Clientt have permission to mount the NFS volume or probably you have to create User Name mapping (http://technet.microsoft.com/en-us/library/bb463218.aspx) and also make sure you have VMkernel port enabled on the ESXi host

Please post the log from /var/log/messages

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

Can you check i "Allow root access is enabled" in permission tab

SGPhoto_2012_02_26 21_56_08.png

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
edwardsd
Contributor
Contributor

Thanks for your time responding.

From my understanding username mapping has been removed from Windows Server 2008 R2 and it therefore unavailable. I have configured full access and the domain name settings in the Windows "Services for Network File System" interface under the "Client NFS" properties.

Error shown in var/log/vmkernal.log is:

2012-02-26T22:07:59.685Z cpu1:3369)NFS: 157: Command: (mount) Server: (192.168.1.40) IP: (192.168.1.40) Path: (nfs) Label: (nfs) Options: (None)

2012-02-26T22:07:59.687Z cpu1:2897)WARNING: NFS: 217: Got error 2 from mount call
2012-02-26T22:07:59.689Z cpu0:3369)NFS: 190: NFS mount 192.168.1.40:nfs failed: The mount request was denied by the NFS server. Check that the export exists and that the client is permitted to mount it.

I have also checked the "Allow root access is enabled" in the permission tab and it matches the configuration your screenshot shows.

All settings have been factory reset and the networking has the VMkernel listed. The iSCSI port binding is greyed out if relative.

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

Do you have VMkernel port in 192.168.1.* network?

Are you able to ping VMkernel IP address from your Windows 2008R2 (NFS) server and vice-versa?

Please post your host network seting

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
Reply
0 Kudos
cho9045
Enthusiast
Enthusiast

http://blogs.technet.com/b/sfu/archive/2010/08/25/mounting-windows-2008-nfs-share-as-a-datastore-on-...

Please refer step-by-setp guides as per above link and see if your Windows has correct settings.

Reply
0 Kudos
edwardsd
Contributor
Contributor

Thanks for the link. There is a slightly different interface for R2. But all the settings appear to be the same "cmd -> ntfsshare nfs"

Alias = NFS
Path = S:\NFS
Supported security flavors are SYS
Encoding = ansi
UNMAPPED UNIX USER access disallowed
ANONYMOUS access allowed

Anonymous UID = -2
Anonymous GID = -2

HOST ACCESS :
ALL MACHINES            read-write     Root Access Allowed      ansi

There is an additional output "UNMAPPED UNIX USER access disallowed" - If I edit the NFS share and select "Allow unmapped user Unix access (by UID/GID)" I get this printout.

Alias = NFS
Path = S:\NFS
Supported security flavors are SYS
Encoding = ansi
UNMAPPED UNIX USER access allowed
ANONYMOUS access disallowed

Anonymous UID = -2
Anonymous GID = -2

HOST ACCESS :
ALL MACHINES            read-write     Root Access Allowed      ansi

If I select "Allow unmapped user Unix access (by UID/GID)" or "Allow anonymous access" with "UID -2" "GID -2" I see get the same error within ESXi.

It's frustrating as there must be some simple tickbox that i'm missing :smileyconfused: but not many articals relate to 2008 R2

Reply
0 Kudos
aravinds3107
Virtuoso
Virtuoso

Take a look at this video

http://andysworld.org.uk/2011/06/21/creating-an-nfs-server-using-windows-2008-r2-for-vmware-vsphere-...

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful |Blog: http://aravindsivaraman.com/ | Twitter : ss_aravind
edwardsd
Contributor
Contributor

Thank you for the responses. I was unable to test yesterday.

I'm fairly confident that the NFS shares are configured correctly looking at all the tutorials and guides.

I've setup another NFS share from a new Windows Server 2008 VM using the exact steps listed. I still receive the same error listed which points me towards the network config in ESXi.

C:\Users\server>nfsshare

        NFS = C:\NFS

C:\Users\server>nfsshare nfs

   Alias = NFS
   Path = C:\NFS
   Encoding = ansi
   ANONYMOUS access allowed
   Anonymous UID = -2
   Anonymous GID = -2

   HOST ACCESS :
      ALL MACHINES            read-write     Root Access Allowed      ansi

Is there any specific system log that I can export and look at to confirm the network settings are correct?

Reply
0 Kudos
kastlr
Expert
Expert

Hi Edward,

error 2 usually stands for: The system cannot find.....

I might be wrong, but in general the value used for path should always start with / (slash).

You should retry the mount with the following parameters.

Capture.JPG

Good luck

Ralf


Hope this helps a bit.
Greetings from Germany. (CEST)
Reply
0 Kudos
edwardsd
Contributor
Contributor

I finally figured out the problems was very simple (I through it would be something I was missing, it always is!)

The NFS share is case sensitive.

My share was created in UPPERCASE and I was adding the share /nfs. Added /NFS and all working. I didn't realise that it was so Finicky.

Many Thanks for all the replys and answers. I really am grateful and learnt a lot from this!

Reply
0 Kudos
mcx082
Contributor
Contributor

One thing is important: anonymous acces to Windows NFS is not supported on Windows 2008 R2 Cluster.

Reply
0 Kudos
HariRajan
Hot Shot
Hot Shot

Hi ,

Since you are getting "The mount request was denied by the NFS server. Check that the export exists and that the client is permitted to mount it. An unknown error has occurred."


simple step , if you think that you have fulfilled all the mandatory steps mentioned in many of the blogs and KB article.

Try : in ESXI add storage  GUI Option

server : IP address only

folder :C:\Users\Administrator\Desktop\Share (description below)

<if you are using windows native NFS share ,  Using below command you can see the complete path and please give the same here c:\Users\Administrator\Desktop\Share >

Issue below command with your share name in windows host ,

C:\Users\Administrator>nfsshare share

   Alias = Share

   Path = C:\Users\Administrator\Desktop\Share

   Supported security flavors are SYS

   Encoding = ansi

   UNMAPPED UNIX USER access allowed

   ANONYMOUS access disallowed

   Anonymous UID = -2

   Anonymous GID = -2

   HOST ACCESS :

      ALL MACHINES            read-write     Root Access Allowed      ansi


I hope below troubleshooting will also help if you have some different issue

Enable SSH on ESXI and putty log in to targeted ESXI and ping using vmkernel . I believe each esxi having vmkernel configured.

vmkping nfsserverip  (vmkping command only support from esxi shell , it is not a part of vMA as of now .)

if it is pinging to destination Windows NFS IP . you have done . you can try the FQDN ping also here .



Regards

Hari Rajan



Thanks & Regards in Plenteous .
Hari Rajan

Thanks & Regards in Plenteous . Hari Rajan
Reply
0 Kudos
BayabasBoy
Contributor
Contributor

just tested it today, these settings worked on my test environment (my nfs server setup is not secured though).

On Windows 2008 R2

1) Server Manager > Add role > File Services > Added File Services and Services for Network File System

2) After the role is installed Server Manager > File Services > Share and Storage Management > Provision Share wizard (on the Actions Pane)

3) Select the Location of the Folder to be Shared (on my case E:\NFS-Share3)

4) On Share Protocol, select “NFS”

5) On NFS Authentication, don’t check both Kerberos checkbox, select “Enable unmapped user access” and “Allow unmapped user Unix access (by UID/GID)

6) On the NFS Permission, Edit the default, set “Access Permission” to Read-Write and put a check on “Allow root access”.

And you are set.

On ESXi 5

On the host where you want to add the  NFS share:

1) Navigate to Configuration > Security Profile > Firewall > Properties

2) Put a check on NFS Client

3) Navigate to Storage> Add Storage > Network File System

4) Key in the ip address or hostname of your Win2k8 R2 NFS server, (e.x. 10.10.11.10) then on the Folder, key in the name of your NFS Share (e.x. NFS-Share3) (case sensitive) and the name of the Datastore  (e.x. NFS-3)


i have attached the screenshots.



i hope it helps Smiley Happy

Reply
0 Kudos
davemays
Contributor
Contributor

I had this same issue and found that it was a UDP versus TCP issue on the Windows NFS server. I have written a short blog entry about it. DaveOnline: Using Windows 2012 NFS with VMware ESX

Reply
0 Kudos