Troubleshooting Guide for ?OpenAFS for Windows
- Troubleshooting Guide for ?OpenAFS for Windows
- Bugs
- Error Messages
- I receive a "Delayed Write failure" error when saving documents from Microsoft Office to AFS volumes. What can I do?
- I receive errors stating that the AFS Client Service may not have been started; what should I do?
- When I have obtained tokens using Kerberos for Windows, I receive errors similar to "Ticket contained unknown key version number". What is wrong?
- Why can't I use ?OpenAFS with an Active Directory KDC?
- Why can't I install ?OpenAFS on Windows NT, ME or 9x?
- Why do I receive "AFS is still starting. Retry?" messages when I have turned off "Obtain tokens at logon"?
- What is this ?MrxSmb event 3019 that pops up in my System Log?
- Why isn't the AFS Light Gateway working anymore?
- Features
- There is only one cell listed in \\AFS\all or when browsing \\AFS. Where are all my cells?
- What happened to the files in the Windows directory, like afsdcell.ini, afs_freelance.ini and afsdsbmt.ini?
- Why can I not use fs to set the X option anymore?
- Why should I abandon Kerberos 4?
- What is the difference between the Nullsoft Installer (.exe) and the Microsoft Installer (.msi)?
- Nomenclature
Bugs
Are my tokens destroyed when I logout?
Hard to tell. If your profile is local (not on the network, roaming) there is no need for the tokens, and they are destroyed when you logout.
If, on the other hand, you are using roaming profiles, there is unfortunately no way for the AFS Client Service to know when the profile has been put back into AFS. Thus, the "roaming" could fail if the service tried to forget the tokens. When using roaming profiles, the tokens are not destroyed on logout.
How come my non-ASCII filename characters are wrong; code page problems?
Yes, it is. Currently, the ?OpenAFS implementation uses a SMB server with which Windows communicates. This server is not yet able to handle all code pages. So, if you are accessing files from other systems as well, you will experience the old code page mismatch problem.
The CIFS protocol itself has support for Unicode. Hopefully, it will be implemented in ?OpenAFS in the future. (from J. Altman)
Why do my 2 GB+ files break?
First of all, note that the default cache size is 20 MB, which means a 2 GB file will flush the cache directly. Second, ?OpenAFS does not yet support files larger than 231 bytes, which is 2 GB.
Why does the Client Service crash when I start my laptop?
If the ?OpenAFS Client Service cannot connect to your home cell when it starts, it will crash.
To solve this problem, look up Freelance Mode in the WindowsConfigurationReferenceGuide.
Why does ?OpenAFS for Windows crash on my Hyperthreaded Pentium 4?
This is due to a known bug. Set MaxCPUs
(type DWORD) (in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
) to 1. This restricts the ?OpenAFS Client Service to use one processor.
Error Messages
I receive a "Delayed Write failure" error when saving documents from Microsoft Office to AFS volumes. What can I do?
Windows has support for a concept known as Overlapped I/O. It is frequently used in Microsoft Office programs. The idea is that the program sends several file read, or write, requests at once and handles them in the order they are completed. This way, writes to different locations do not have to wait for previous writes to complete. It is mostly a performance enhancement.
Unfortunately, ?OpenAFS for Windows currently does not handle these overlapping requests very well. You are probably better off saving to local disk and then copying into AFS.
I receive errors stating that the AFS Client Service may not have been started; what should I do?
First, you should check if the service is running or not. You can do this in Control Panel\Administration Tools\Services. If it is not, try to start it. Won't work? File a bugreport!
You could try to login on a local account (like Administrator) and browse \\AFS
. Check that you have RPC running.
If all fails, file a bugreport!
When I have obtained tokens using Kerberos for Windows, I receive errors similar to "Ticket contained unknown key version number". What is wrong?
As with most things on the computer, this error message is not entirely correct. It is not neccessarily the version number of the key that is wrong. Two of the most common reasons are
- Wrong cell. You may have obtained tokens for one cell and are now trying to reach another cell. Try doing
afslog
for the new cell if you know you should have access to it. - Old server. Support for ?KerberosV tickets is a relatively new feature of ?OpenAFS. You will need an ?OpenAFS 1.2.8 or later server to use the feature. Either update the server, or disable ?KerberosV. Read about the latter in the Configuration Reference Guide.
Why can't I use ?OpenAFS with an Active Directory KDC?
You can; however, Microsoft uses Kerberos tickets in a way no one anticipated during protocol design. While remaining syntactically valid, the tickets the AD KDC issues are very large: they can be 10 kB while other KDC implementations usually issue tickets around 500 bytes in size.
You will have to setup you AFS server to support the larger ticket sizes, or update your server.
Why can't I install ?OpenAFS on Windows NT, ME or 9x?
As of version 1.3.65, the old Windows branch will no longer be maintained. The interface for the Windows NT series and the Windows 9x series are completely different. Most users now use Windows 2000 or newer. Less has changed between Windows NT 4 and Windows 2000, but the developer community has decided to discontinue support for Windows NT 4 too.
The main reason for this decision is a lack of developers and funding. ?OpenAFS for Windows is a free project and requires donations, or developers with time left, to move forward. Old versions of ?OpenAFS for Windows 9x and NT 4 are still available.
Why do I receive "AFS is still starting. Retry?" messages when I have turned off "Obtain tokens at logon"?
The AFS Client Service is trying to start, but is waiting for something. This may be a slow or non-existent DNS server, a faulty AFS server, or simply an unplugged cable. The important thing to know is that AFS does not have enough information to begin normal operation. Check your DNS, AFS servers and CellServDB.
What is this ?MrxSmb event 3019 that pops up in my System Log?
The ?MrxSmb event 3019 is due to the use of the WindowsLoopBackAdapter. It can be safely ignored. (from JSI FAQ, 3136)
Why isn't the AFS Light Gateway working anymore?
The Light Gateway works by simply publishing what ?OpenAFS has already built for internal use. If you install the WindowsLoopBackAdapter, the submounts will only be published on the local computer. Either remove the Loop Back Adapter, or stop using the gateway functionality.
Features
There is only one cell listed in \\AFS\all
or when browsing \\AFS
. Where are all my cells?
There are two possible reasons:
Broken Root Volume
You may have chosen the wrong default cell. Maybe that cell only has one cell mounted at the root.
Freelance Mode
Your computer is currently using Freelance Mode. Read about that below.
What happened to the files in the Windows directory, like afsdcell.ini
, afs_freelance.ini
and afsdsbmt.ini
?
They are gone. All INI files but one have been put into the Windows registry. Use the WindowsConfigurationReferenceGuide and regedit
to change them.
The only file preserved is the afsdsbmt.ini
, which is now called CellServDB
and moved to C:\Program Files\OpenAFS\Client\
(default location).
Why can I not use fs
to set the X option anymore?
Starting with version 1.3.65 several settings now require Administrator privileges to change them.
Why should I abandon Kerberos 4?
A giant security hole was found in the Kerberos 4 protocol. This led the world to move over to the (already deployed) more secure Kerberos 5 protocol. The problem occurs when using trusted domains.
Recent updates to ?OpenAFS include support for Kerberos 5. If your cell still uses kaserver or a plain Kerberos 4 server, you should update them to use Kerberos 5. The kaserver can be seen as deprecated. The most common Kerberos 5 servers (KDCs) are Heimdal, MIT Kerberos and Microsoft's Active Directory services.
What is the difference between the Nullsoft Installer (.exe) and the Microsoft Installer (.msi)?
?OpenAFS for Windows is distributed in two different packages. The first uses the Nullsoft Install System (NSIS) and is a stand-alone executable file. The second is the Microsoft (Windows) Installer (MSI) package, which relies on the pre-installed Microsoft Installer.
The NSIS package is preferred for computers you want to install interactively on. The dialogs are more elaborate and gives you more control when installing. On the other hand, if you are deploying on a large Windows site, you may want to do this automagically on all computers at once, thus not using an interactive interface. For this reason, the (scriptable) Microsoft Installer package was design as a common base. You can modify the steps to suit your needs.
For more information, see the MSI Deployment Guide.
Nomenclature
What is "Freelance Mode"?
AFS was originally intended to be run on stationary office computers. It required the AFS servers to be reachable at any time. Laptop computers operate differently: users disconnect and connect their computers to different networks several times a day. This led the AFS community to invent "Freelance Mode." Since the user's default cell determines which cells will be visible to the user, a workaround was neccessary when laptops began moving around.
If you have a laptop, or will otherwise be without a connection to the servers of your default cell, you should have this enabled. If your computer can always communicate with the servers of the default cell, this mode is superfluous.
To switch Freelance Mode on and off, please read the Configuration Reference.
What is "High Security Mode"?
It is a deprecated way of achieving a modicum of security. Before the ?OpenAFS for Windows client was able to use authenticated SMB connections, you had a potential security risk when more than one user was logging on to the same computer at once.
The High Security Mode created a SMB share with a random name (instead of the default \\machine-AFS), thus making it harder for anyone else to connect to it. There is no reason to use High Security Mode now that ?OpenAFS for Windows supports SMB authentication.
What is the Microsoft Loop Back Adapter?
See the WindowsLoopBackAdapter page.
What is a "submount"?
A submount is used in ?OpenAFS for Windows to map drives. Instead of mapping drives directly to the AFS server, the ?OpenAFS Client uses another approach. It uses the CIFS file system as an intermediary. So, the Windows computer really thinks it maps a normal Windows share. These shares are the same thing as a submount. When you want to map a drive, the ?OpenAFS service creates a submount, exports it for Windows to see it, and maps the share. The submount "all" is always available and is the root of the AFS file system (/afs
in Unix). This means you can always access any cell by writing \\AFS\all\cell\...
.
This is a quick-and-dirty approach, but it has an upside. In Unix, the way to shorten a path is to install a symbolic link. In Windows, this is not possible. Using submounts, however, you can create shortcuts to any AFS path. Say you often use the path /afs/openafs.org/usr/someone/development/code/openafs/src/WINNT
. Then you could create a submount (say, "openafs-nt") of it, thus reducing the path to \\AFS\openafs-nt
.
What is "Symbol Information"?
When installing ?OpenAFS, you have the option of installing symbol information. This helps the developers track down crashes. It is only informational, and if you don't intend to send bug reports (you really should), there is no need for this feature.