NFS: User Identity Logon Monitor

  • ID:  Microsoft.Windows.FileServices.Service.NFS.6.2.Server.UserLogon
  • Description:  This object monitors user name mapping and credentials and generates an alert if a user cannot log on, if the alert is enabled for this monitor.
  • Target:  NFS (Windows Server 2012)
  • Enabled:  Yes

Operational States

Name State Description
FirstEventRaised Warning  
SecondEventRaised Success  

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

This object monitors user name mapping and credentials and generates an alert if a user cannot log on, if the alert is enabled for this monitor.

User Name Mapping associates Windows and UNIX user accounts so that users logged on to a UNIX domain can access shared resources in a Windows domain without logging on separately to the Windows domain.

Causes

This monitor can enter a Warning health state if there is a user logon problem or security policy issues.

Inspect the Windows System event log to determine the specific cause by looking for messages from Event source Microsoft-Windows-ServicesForNFS-Server with any of the following event IDs:

  • Event 1071 indicates that the Server for NFS was unable to obtain a logon token for the account used to process anonymous logons or for UNIX UIDs that do not have an explicit mapping. The event message details the account that led to the problem report.

  • Event 1072 indicates the Server for NFS was unable to obtain a logon token for the account used to access the NFS server when using an RPCSEC_GSS based identity. The event message details the account that led to the problem report.

  • Event 1073 indicates the Server for NFS was unable to refresh an access token. The event message details the account that led to the problem report.

If the health state is unknown, it means that monitoring has not yet begun for this object.

Resolutions

Configure Server for NFS to use an identity mapping source

To configure Server for NFS to use an identity mapping source, use the following procedure:

1. At an elevated command prompt on the affected server, type nfsadmin mapping to display and configure identity mapping settings.

2. Do one of the following:

  • To configure identity mapping settings for a User Name Mapping server, type nfsadmin mapping config maplookup=yes mapsvr=<computername>.

  • To configure identity mapping settings for an LDAP server, type nfsadmin mapping config adlookup=yes addomain=<domainname>.

Verification

To verify that Server for NFS is properly configured for User Name Mapping, use the following procedure:

1. At an elevated command prompt on the affected server, type nfsadmin mapping.

2. Verify that at least one of the following is configured:

  • User Name Mapping Service: User Name Mapping service is configured if the Mapping Server Lookup field is set to Enabled and the MappingServer field displays the computer name for your installed User Name Mapping service.

  • Active Directory Domain Services (AD DS)- based user name mapping: AD DS- based user name mapping is configured if the AD Lookup field is set to Enabled.

This monitor automatically resets to a Healthy state after Server for NFS is restarted.

External References
This monitor does not contain any external references.

See Also for Windows Server File & iSCSI Services Management Pack


Downloads for Windows Server File & iSCSI Services Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED