AFS Troubleshooting Guide

• OpenBSD Firewalls Cause Slow File Access
• Registry Settings For AFS Client
• Cannot Start AFS Client Service
• Cannot Map Drive: Network Path Not Found
• Access Denied: Mapped Drive, but Can't View Files
• Global Drive Mapping: Description Already Used
• AFS Client Service Doesn't Start After Bootup
• Windows Computer Name Maximum Character Length
• Spurious Mapping of \\proxy-afs\desktop

Problem	How to fix it
OpenBSD Firewalls Cause Slow File Access	AFS Client version 1.5.34 and higher apparently utilize a packet size that may result in slow file access to the Q: Drive for computers protected by an OpenBSD firewall. Solution: A maximum packet size up to and including 1431 bytes seems to work fine. Packet sizes larger than 1431 bytes reduce the throughout by a factor of about 10. The configuration below resolved access issues for staff in Accounting & Financial Services: Previous OpenBSD pf setting: scrub in all random-id fragment reassemble New OpenBSD pf setting: scrub in all random-id fragment reassemble no-df Disclaimer: This turns off fragmentation reassembly for all traffic in the firewall, which opens some operating systems to various forms of attach via buffer overruns from purposely crafted bad packets. It also breaks other sorts of traffic--particularly on UNIX boxes that expect certain IP checksums. It may be best to use the alternate solution below (see Registry Settings), or only use Open BSD configuration change temporarily to verify that packet size is an issue in your environment, then implement the alternate solution.
Registry Settings for AFS Client	If the suggestions above (see OpenBSD Firewalls) for handling the packet size do not work, the suggestions in this section may help. Solution: Explicitly set the packet size used by the AFS Client. This requires a registry setting on each PC running the AFS Client. Instead of the default value of 0, enter an explicit RxMaxMTU value. http://docs.openafs.org/ReleaseNotesWindows/ch08.html#id4836061 Value: RxMaxMTU Type: DWORD Default: 0 Variable: rx_mtu If set to anything other than 0, that value is used as the maximum send and receive MTU supported by the RX interface. The value below shows a RxMaxMTU setting of 1431 bytes. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] "RxMaxMTU"=dword:00000597 We have received reports that some later versions of the AFS Client do not work well. Version 1.5.64 is known to work and can be downloaded from http://www.openafs.org/frameless/release/openafs-1.5.64.html.
Cannot Start AFS Client Service	There are several different reasons why the AFS Client might fail to start. In most cases, you will receive an error message that says: The AFS Client Service could not be started successfully. You might not have authorization to perform this operation. This message often includes an error number (either Error 0x0000041D or Error 0x0000042A). Solution: Because the error message is non-specific, there are a number of possible problems to check. Try these solutions in order. After each section, try to start the AFS Client service. If it can be started, you do not need to continue with the other solutions listed. In some versions of the DaFIS install, the correct permissions are not given to the DaFIS folder (located under C:\Oracle\DaFIS). Either give Users or Authenticated Users the Modify permission and push it down through all the subfolders and files. In Windows: Enable NetBIOS over TCP/IP The AFS Client needs to use NetBIOS over TCP/IP. Check your TCP/IP WINS settings and Enable NetBIOS over TCP/IP. Select Start -> Settings -> Network and Dial-up Connection. Right-click on Local Area Connection and select Properties. Double-click on Internet Protocol (TCP/IP). Click on the Advanced button. Click on the WINS tab. Click on the Enable NetBIOS over TCP/IP option to select it. Click OK to close the various Network properties dialog boxes.
Cannot Map Drive: Network Path Not Found	There are several different reasons why mapping the Q: drive via the AFS Client may not work. In most cases, you will receive an error message that says: Network path not found. Solution: Because the error message is non-specific, there are a number of possible problems to check. Try these solutions in order. After each section, try to map the Q: drive via the AFS Client. If it can be mapped, you do not need to continue with the other solutions listed. Windows Computer Name Too Long If the computer name is longer than 11 characters, check the Windows Computer Name Maximum Character Length troubleshooting section for information on how to modify the AFS computer name for mapping the Q: drive. Firewall is Blocking AFS UDP Port The AFS Client uses UDP port numbers 7000 and 7001. If you have a firewall installed, it must allow traffic for those UDP ports to pass.
Access Denied: Mapped Drive, but Can't View Files	Connections to the AFS servers are restricted by IP address. The IP address restrictions effect connections to the AFS proxy servers and connections via the AFS Client. Most UC Davis network sites have IP addresses that start with either 169.237, 128.120 or 152.79. If you are located off campus, you are able to map the Q: drive, but then you get an Access Denied message when you try to access files on the Q: drive, it may be that your IP address is blocked. Check the IP address of your computer. If it does not start with the numbers listed above, contact the DaFIS Help Desk for assistance. Be sure to give us the IP address of your computer.
Global Drive Mapping: Description Already Used	You are trying to configure a global drive mapping as described in Mapping Method 2: Global Mapping via AFS Client Configuration. When you click OK, you get an error message that says: AFS was unable to use the description you specified when connecting to the network drive. The specified description is already used for a different AFS path. Solution: It may in fact be in use, try a Desktop2 or no description instead. Just try one or two variations and then go on to the other solutions below. Solution: What is the NetBIOS name of the computer? If it is longer than 11 characters, you cannot use the Global Mapping Method. See Windows Computer Name Maximum Character Length for more details. Solution: The AFS Client service must be running before you can map a global drive. Click on the General tab and start the AFS Client service. Then try to map the global drive.
AFS Client Service Doesn't Start After Bootup	Normally the AFS Client service will automatically start each time you boot your computer. Sometimes you may find that you have to start the service manually from the AFS Client Configuration control panel. Solution: Sometimes, the AFS Client tries to start before other services it depends upon have started. Create a batch file to start the AFS Client service at user login time. By then, the other services the AFS Client depends upon will already have been started. Contents of startafs.bat for Global mapping method net start "IBM AFS Client" Contents of startafs.bat for Windows Explorer mapping method (substitute your -AFS qualified host name for NAME-AFS) net start "IBM AFS Client" net use q: <\\NAME-AFS\Desktop> /PERSISTENT:NO Place the startafs.bat file in either the Startup folder for All Users or for a particular user. Note: When using this work-around, the login account must have sufficient privileges to start the AFS Client service.
Windows Computer Name Maximum Character Length	Windows has a limitation on the number of characters in a computer name. A Windows computer name may be at most 15 characters. The way to specify a drive mapping in the AFS file space is to add an '-afs' qualifier to your computer name. This is the trick that tells the drive mapping to go through the AFS Client instead of going through normal Windows NetBIOS drive mapping. When you use the '-afs' qualifier to map a drive from AFS file space, you are in effect adding 4 characters to the computer name. This can cause problems when your computer name is already 12 - 15 characters in length. For example, a computer name of SD-DEVELOPER-3 is a perfectly valid Windows computer name: it is 14 characters long. However, if the AFS Client is installed on that computer and we try to enter a drive mapping to \\SD-DEVELOPER-3-AFS\DESKTOP, the mapping will fail and say 'Network path not found'. Why? Because 'SD-DEVELOPER-3-AFS' is 18 characters long which makes it too long for a valid Windows computer name. Solution (Mapping Method 1): The solution to this problem is to truncate the computer name at 11 characters and then add the '-afs' qualifier. You don't need to change the computer name; just truncate the name when you map the drive. In the case of the computer named 'SD-DEVELOPER-3', map the Q: drive to \\SD-DEVELOPE-AFS\DESKTOP Solution (Mapping Method 2): If the Windows computer name is longer than 11 characters, you cannot use the global drive mapping method. The AFS Client automatically uses the host name in the global drive mapping and does not know how to truncate the name. If feasible, you can change the computer name to a different name that is 11 characters or shorter. Use this alternative with care. Conflicts on the computer can be created when the name is changed.
Spurious Mapping of \\proxy-afs\desktop	When you disconnect the old Q: drive mapping and then remap the Q: drive through the AFS client, this changes the source location of the files that are pulled from the Q: drive. The existing shortcuts to the DaFIS TP application will often try to override the new mapping. This is because the original host name is embedded in the shortcut. Even though 'Q:' is displayed in the path when you look at the shortcut properties, the shortcut knows that it was originally mapped to \\proxy-afs\desktop. When the shortcut overrides the new mapping, it will create a new mapping under the old path (e.g., \\proxy-afs\desktop) on the first available drive letter. Not what we want! Solution: When you detect that the shortcut has remapped itself to a different drive letter so it can use the old proxy server (instead of your newly installed AFS client on the Q: drive), here is how to correct the problem: Make sure you already have the Q: drive mapped via the AFS client. Right-click on the DaFIS shortcut and select Properties. (The shortcut may be on the desktop, or you may have to use Windows Explorer and find the shortcut that is on the Start Menu.) In the DaFIS Properties window, click on the Shortcut tab. Change the drive letter to Q: in both the Target and the Start in fields. Just change the drive letter, leave the rest of the field as is. Click OK to save your changes. You should also remove the extra drive mapping that the shortcut created. To do this: Right-click on the Network Neighborhood icon on the desktop and select Disconnect Network Drive. If you see a drive letter other than Q: that is mapped to \\proxy-afs\desktop, select the drive and click the OK button to disconnect it. If there is more than one, disconnect each one.

Please consider the environment before you print this web page. This site is a service of Accounting & Financial Services. Questions? Contact us. © UC Regents, Davis campus. All rights reserved.