1

While trying to add a host to NFS share permissions I'm receiving a very generic error with not much to go on.

Cannot set NFS permissions Failed to perform the requested operation.

The NFS server is a Windows 2012 R2 core server. I've tried doing this both via the UI (Server Manager tool) and directly from the box with powershell.

Windows share permissions UI screen

[server-name]: PS F:\Shares> Grant-NfsSharePermission -Name "<share-name>" -ClientName "<client-name>" -ClientType "host" -Permission "readwrite" -AllowRootAccess:$true
Grant-NfsSharePermission : Failed to perform the requested operation.
    + CategoryInfo          : ObjectNotFound: (MSFT_NfsServerTasks:root/Microsoft/..._NfsServerTasks) [Grant-NfsShareP
   ermission], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070490,Grant-NfsSharePermission

I've redacted the server/client names as I don't think that's really relevant. I'm getting the same error when trying to remove any of the existing hosts as well. The server itself hosts a number of shares and it's only this one that throws this issue. i.e I can add, remove or edit permissions on any other share on the server bar this one. If it's relevant the server is virtual(VmWare) and the Volumes for the shares are virtual disks.

I've found a very similar issue on SO with no answers but a comment from the poster himself saying he bypassed the issue by using the "FailOverClusterManager menu". In my case the shares are not clustered nor am I aware of any way to grant permissions from the cluster manager. Nothing related to this issue is coming up in the Event Viewer and a full server reboot didn't help.

I've been banging my head against the wall for a few days with this problem so any insights/pointers would be really appreciated.

Edit - adding the output of Get-NfsSharePermission and Revoke-NfsSharePermission commands as suggested in the comments.

[server-name]: PS F:\Shares> Get-NfsSharePermission <share-name> 

Name                          ClientName                    Permission                    AllowRootAccess
----                          ----------                    ----------                    ---------------
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      <client-name>                 READ, WRITE                   True
<share-name>                      All Machines                  DENY ACCESS                   False

[server-name]: PS F:\Shares> Revoke-NfsSharePermission -ClientName "client-name" -ClientType host -Name "<share-name>"
Revoke-NfsSharePermission : Failed to perform the requested operation.
    + CategoryInfo          : ObjectNotFound: (MSFT_NfsServerTasks:root/Microsoft/..._NfsServerTasks) [Revoke-NfsShare
   Permission], CimException
    + FullyQualifiedErrorId : HRESULT 0x80070490,Revoke-NfsSharePermission
Improve this question
8
  • Another Toughy Issue. The Debugging Processes are generally difficult. Debugging Network Administrative Issues is even more difficult. We would cling onto your comment: "it's only this one that throws this issue" and to the CategoryInfo Attribute of the PowerShell CimException: ObjectNotFound. Something is definitely wrong with that share.
    – user1018743
    Commented Nov 19, 2019 at 18:36
  • 1
    We would attempt to approach it the Microsoft Windows way: if it is possible, remove that share. Create it again. Attempt to set its permissions again. If it is still not working, then try to understand how it is in any way different than the other shares. What makes it special. Even in the terms of the users that it is addressing.
    – user1018743
    Commented Nov 19, 2019 at 18:37
  • @DOBRESCU_Mihai Thanks for the response. The thing that makes it difficult to troubleshoot is that this share is actively used by a number of hosts so I can't really offline it at will. ObjectNotFound bit is strange to me as Get-NfsSharePermission command works fine so the "object" mustn't be refferring to the share itself. I've tried comparing the permissions and setup with working shares across a few servers but can't see anything that stands out. Was hoping someone was in a similar situation who could advise so I could avoid having to recreate it.
    – Gytis
    Commented Nov 20, 2019 at 12:56
  • So the Get is working, but the Grant is not working. The ObjectNotFound CimException appears to be referring to the NfsServerTasks Object. Maybe you could insert both your Get and your Grant in the body of your question so that other Network Administrators might see what you have done so far and further help you.
    – user1018743
    Commented Nov 20, 2019 at 18:29
  • I've added the output of Get and Revoke (since I had the output of Get in there before)
    – Gytis
    Commented Nov 21, 2019 at 9:52

1 Answer 1

Reset to default
1

For some unknown reason, Windows NFS updates the entire list of NFS clients whenever you add or remove a client. Granting permissions for a new client will fail if there is one or more, of the existing clients, that are not up and running. As a workaround, Check the list of existing clients, remove those that are not reachable and add your new NFS client. (unfortunately DR clients that are not running must be removed also) Note: Click apply only after removing all unreachable hosts

 $ShareName="NFS_ShareName"
    $nfsClients= Get-NfsSharePermission  $ShareName
    foreach( $client in $nfsClients.ClientName){
     if (!(Test-Connection -Computername $client -BufferSize 16 -Count 1 -Quiet)){ 
        write $client
     }
   }
Improve this answer
1
  • It worked for me , thank you!
    – Ochoto
    Commented May 13, 2021 at 7:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .