This object monitors the LDAP Service connection and generates an alert if there are problems with the connection, if the alert is enabled for this monitor.
This object monitors the LDAP service connection and generates an alert if there are problems with the connection, if the alert is enabled for this monitor.
Server for NFS enables you to control access by users and groups to Services for Network File System resources. A connection to a Lightweight Directory Access Protocol (LDAP) server allows Server for NFS to query Windows to UNIX user account mappings and grant file access to a user.
This monitor can enter a Warning health state for one of several reasons. Inspect the Windows Application event log for messages from Source NfsService and one of the following event IDs:
Event 4012 indicates that Active Directory Domain Services contains multiple users that have an identical value for attribute uidNumber (the value is given in the event message text).
Event 4013 indicates that Active Directory Domain Services contains multiple groups that have an identical value for attribute gidNumber (the value is given in the event message text).
Event 4014 indicates that Active Directory Domain Services contains multiple users that have an identical value for attribute sAMAccountName (the value is given in the event message text).
Event 4015 indicates that Active Directory Domain Services contains multiple groups that have an identical value for attribute sAMAccountName (the value is given in the event message text).
Event 4017 indicates that Server for NFS could not find any Lightweight Directory Access Protocol (LDAP) accounts that match the attribute specified in the event message text.
If the health state is unknown, it means that monitoring has not yet begun for this object.
Configure Server for NFS to retrieve identity mapping data
To resolve the problem, use the following procedure:
1. At an elevated command prompt on the affected server, type nfsadmin mapping and identify the domain that the LDAP service is running under (AD Domain).
2. Identify the currently configured LDAP service being used by Server for NFS to retrieve identity mapping data (Mapping Server).
3. Resolve the problem based on the associated event ID. Using the administrative tools for the configured LDAP service, search for and remove any duplicate entries as indicated by the Application event log message.
The associated events and possible resolutions are:
Event 4012 - Try removing the duplicate UNIX UID entries.
Event 4013 - Try removing the duplicate UNIX GID entries.
Event 4014 - Try removing the duplicate sAMAccountName entries.
Event 4015 - Try removing the duplicate sAMAccountName entries.
Event 4017 - Add the necessary account information to the LDAP service.
Verification
To verify that Server for NFS is properly configured for retrieving Windows to UNIX identity mappings from the LDAP service, use the following procedure:
1. At an elevated command prompt on the affected server, type nfsadmin mapping.
2. Verify that the AD Lookup field is set to Enabled, and that AD Domain is either blank to use the computer’s parent domain, or explicitly set to the domain name to be used.
After resolving this issue, reset the monitor in the Operations console to a Healthy state.
Event IDs 4012 through 4015 (http://go.microsoft.com/fwlink/?LinkId=186010)
Event ID 4017 (http://go.microsoft.com/fwlink/?LinkId=186005)
For more information about configuring Server for NFS, see Services for Network File System (http://go.microsoft.com/fwlink/?LinkId=185983).
Target | Microsoft.Windows.FileServer.Service.NFS.Base | ||
Parent Monitor | Microsoft.Windows.FileServer.NFS.Library.Server.UserNameMapping.Config | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | MatchMonitorHealth | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.SingleEventLogManualReset2StateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.Windows.FileServer.NFS.Library.Server.UserNameMapping.Config.LDAPService" Accessibility="Public" Enabled="true" Target="Microsoft.Windows.FileServer.Service.NFS.Base" ParentMonitorID="Microsoft.Windows.FileServer.NFS.Library.Server.UserNameMapping.Config" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.SingleEventLogManualReset2StateMonitorType" ConfirmDelivery="true">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.Windows.FileServer.NFS.Library.Server.UserNameMapping.Config.LDAPService_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/EventDescription$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="EventRaised" MonitorTypeStateID="EventRaised" HealthState="Warning"/>
<OperationalState ID="ManualResetEventRaised" MonitorTypeStateID="ManualResetEventRaised" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Application</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">NfsService</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<Or>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">4012</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">4013</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">4014</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">4015</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">4017</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</Or>
</Expression>
</And>
</Expression>
</Configuration>
</UnitMonitor>