We have created our failover cluster, as well as the CAP for fileserver use.
The fileserver CAP has a host record for both 'fileserver.mydomain.com' and 'fileserver.nt.mydomain.com' (as we have an NT child domain, but it is currently being phased out.) There is a host record for fileserver.mydomain.com, and also if you do an NSLookup for 'fileserver', it has an alias as well for fileserver.nt.mydomain.com. So both are valid and both can resolve to the IP address.
In addition, on the active node (whichever it is at the time), I can go into File Explorer and manually create shares, which can be accessed via UNC path or SMB (we have both Win and Mac): \\fileserver, \\fileserver.mydomain.com and \\fileserver.nt.mydomain.com all work, as well as SMB://fileserver.mydomain.com from Mac, etc. So we know the server CAP exists, and we can connect to it.
However, I am receiving the following errors when I attempt to create a file share (SMB Share - Quick) through Failover Cluster Manager:
Using Failover Cluster Manager on Node #1 (the currently active cluster node):
When I select the Add File Share option out of the 'fileserver' role, I receive the following message - "The Client Access Point is not ready to be used for share creation. The Client Access Point 'fileserver' is not yet available. This may be due to network propagation delays, please try again later.
(I should note that the CAP is really named 'fileserver' on our domain.)
Using Failover Cluster Manager on Node #2 (the currently inactive cluster node):
When I select the Add File Share option out of the 'fileserver' role, it does launch the wizard. However, after Retrieving Server Configuration, the following error appears at the top: "Unable to retrieve all data needed to run the wizard. Error details:"Cannot retrieve information from server "fileserver". Error occured during enumeration of SMB shares: WinRM cannot process the request. The following error occured while using Kerberos authentication: Cannot find the computer fileserver.mydomain.com (edited for security obviously). Verify that the computer exists on the network and that the name provided is spelled correctly."
I can proceed with the wizard, all the way through. THe server shows up, as does the shared storage volume. When I get to the "Other Settings", a red error appears at the top: "Error retrieving SMB server settings: WinRM cannot process the request. The following error occured while using Kerberos authentication: Cannot find the computer fileserver.mydomain.com. Verify that the computer exists on the network and that the name provided is spelled correctly."
Again I can proceed with the wizard, I can customize permissions via AD. I get all the way to the Create option and the following error occurs:
"Create SMB Share: Failed. WinRM cannot process the request. The following error occured while using Kerberos authentication: Cannot find the computer fileserver.mydomain.com. Verify that the computer exists on the network and that the name provided is spelled correctly."
Now, if I go look at File Explorer, the share itself IS created, and it seems to have at least set up the NTFS permissions. But I don't see any information about the Access Based Enumeration that I requested, and we have issues connecting to that share.
Also, if I fail the cluster over from Node #1 to Node #2, the problem reverses itself. By which I mean, the node that is Active, always fails immediately with the message ""The Client Access Point is not ready to be used for share creation. The Client Access Point 'fileserver' is not yet available. This may be due to network propagation delays, please try again later." And then, the inactive node allows the FIle Share wizard, but with the errors above.
I've flushed the DNS cache on both servers. Here are the NSLookup results for the fileserver object:
NSLOOKUP > Fileserver
Non-authoritative answer:
Name: fileserver.mydomain.com
Address: <public ip>
Aliases: fileserver.nt.mydomain.com
NSLOOKUP > fileserver.mydomain.com
Name: fileserver.mydomain.com
Address: <same public IP>
NSLOOKUP > fileserver.nt.mydomain.com
Name: fileserver.mydomain.com
Address: <same public IP>
Aliases: fileserver.nt.mydomain.com
NSLOOKUP> <public IP of the fileserver CAP>
Name: fileserver.mydomain.com
Address: <public IP>
So I cannot quite tell where the sticking point is. One last note - if you go onto our domain controllers themselves, the domain is: "nt.mydomain.com" - the domain was created way back when the NT child domain was used everywhere.
It has been over 2 days since we created the cluster and fileserver object, there has been time for DNS propagation. Where else might I look for this issue?
The fileserver CAP has a host record for both 'fileserver.mydomain.com' and 'fileserver.nt.mydomain.com' (as we have an NT child domain, but it is currently being phased out.) There is a host record for fileserver.mydomain.com, and also if you do an NSLookup for 'fileserver', it has an alias as well for fileserver.nt.mydomain.com. So both are valid and both can resolve to the IP address.
In addition, on the active node (whichever it is at the time), I can go into File Explorer and manually create shares, which can be accessed via UNC path or SMB (we have both Win and Mac): \\fileserver, \\fileserver.mydomain.com and \\fileserver.nt.mydomain.com all work, as well as SMB://fileserver.mydomain.com from Mac, etc. So we know the server CAP exists, and we can connect to it.
However, I am receiving the following errors when I attempt to create a file share (SMB Share - Quick) through Failover Cluster Manager:
Using Failover Cluster Manager on Node #1 (the currently active cluster node):
When I select the Add File Share option out of the 'fileserver' role, I receive the following message - "The Client Access Point is not ready to be used for share creation. The Client Access Point 'fileserver' is not yet available. This may be due to network propagation delays, please try again later.
(I should note that the CAP is really named 'fileserver' on our domain.)
Using Failover Cluster Manager on Node #2 (the currently inactive cluster node):
When I select the Add File Share option out of the 'fileserver' role, it does launch the wizard. However, after Retrieving Server Configuration, the following error appears at the top: "Unable to retrieve all data needed to run the wizard. Error details:"Cannot retrieve information from server "fileserver". Error occured during enumeration of SMB shares: WinRM cannot process the request. The following error occured while using Kerberos authentication: Cannot find the computer fileserver.mydomain.com (edited for security obviously). Verify that the computer exists on the network and that the name provided is spelled correctly."
I can proceed with the wizard, all the way through. THe server shows up, as does the shared storage volume. When I get to the "Other Settings", a red error appears at the top: "Error retrieving SMB server settings: WinRM cannot process the request. The following error occured while using Kerberos authentication: Cannot find the computer fileserver.mydomain.com. Verify that the computer exists on the network and that the name provided is spelled correctly."
Again I can proceed with the wizard, I can customize permissions via AD. I get all the way to the Create option and the following error occurs:
"Create SMB Share: Failed. WinRM cannot process the request. The following error occured while using Kerberos authentication: Cannot find the computer fileserver.mydomain.com. Verify that the computer exists on the network and that the name provided is spelled correctly."
Now, if I go look at File Explorer, the share itself IS created, and it seems to have at least set up the NTFS permissions. But I don't see any information about the Access Based Enumeration that I requested, and we have issues connecting to that share.
Also, if I fail the cluster over from Node #1 to Node #2, the problem reverses itself. By which I mean, the node that is Active, always fails immediately with the message ""The Client Access Point is not ready to be used for share creation. The Client Access Point 'fileserver' is not yet available. This may be due to network propagation delays, please try again later." And then, the inactive node allows the FIle Share wizard, but with the errors above.
I've flushed the DNS cache on both servers. Here are the NSLookup results for the fileserver object:
NSLOOKUP > Fileserver
Non-authoritative answer:
Name: fileserver.mydomain.com
Address: <public ip>
Aliases: fileserver.nt.mydomain.com
NSLOOKUP > fileserver.mydomain.com
Name: fileserver.mydomain.com
Address: <same public IP>
NSLOOKUP > fileserver.nt.mydomain.com
Name: fileserver.mydomain.com
Address: <same public IP>
Aliases: fileserver.nt.mydomain.com
NSLOOKUP> <public IP of the fileserver CAP>
Name: fileserver.mydomain.com
Address: <public IP>
So I cannot quite tell where the sticking point is. One last note - if you go onto our domain controllers themselves, the domain is: "nt.mydomain.com" - the domain was created way back when the NT child domain was used everywhere.
It has been over 2 days since we created the cluster and fileserver object, there has been time for DNS propagation. Where else might I look for this issue?