This article describes the basic procedure for sharing home folders on a shared disk on a cluster.
In Cluster Administrator, it is not the optimal configuration to create a cluster file share resource for every user's home folder. Not only does this require a lot of administrative work, but it also uses memory and CPU resources that it does not need to. The Cluster service uses memory and CPU cycles for every resource you have defined in Cluster Administrator. The more resources you have, the more overhead that the Cluster service generates. Assuming that there are 750 users' home folders on a cluster, a file share resource would be created for every user. Failover times from one node to another increase, as well as viewing resources in Cluster Administrator. The worst-case scenario is that a very busy cluster may drop connections because of the amount of time being used to manage 750 cluster resources.
The optimal way to use a server cluster to house home folders is to use the "Share sub-directories" or dynamic shares feature. The basic principal behind dynamic file shares is that a single cluster file share resource is created, yet an independent file share is created for every user folder. For example:
Drive Z is the shared disk. The Z:\Users folder is the root share that contains all user home folders.
- Create a cluster file share resource for each user. In this case, a cluster resource is defined five times for each user under the Z:\Users folder.
- Set NTFS Permissions on the Z:\Users\Username folder to allow only the intended user access the folder.
- Every time a user is created, go to the Z:\Users folder and create the proper folder with permissions. Then use Cluster Administrator to create a file share resource.
- Create a single cluster file share resource to the Z:\Users root folder.
- Give the Everyone group Full Control share-level permissions in Cluster Administrator.
- Using the Parameters tab for the root cluster file share resource, click to select the Share all sub-directories check box.
- Set NTFS permissions on the Z:\Users\Username folder to allow the intended user to access the folder. The Cluster Service account needs to have at least Read permissions. At this point, all folders under Z:\users are automatically shared with the same network permissions as the root share. To add a user when you are using dynamic shares, create a folder under Z:\Users and assign proper NTFS permissions (see step 4). The Cluster service automatically shares the folder.
NOTE: When you perform the following step, you do not hide the directories under a share, only the shares themselves.
- To make the user shares hidden, use the Parameters Tab for the root cluster file share resource, and then click to select the Hide subdirectory shares check box. This action appends "$" to the end of the shares located under Z:\Users\<Username>.
The "Share sub-directories" feature was added to the Microsoft Windows NT 4.0, Enterprise Edition, Cluster service with Service Pack 4, and enhanced with Service Pack 5. Apply Service Pack 5 if you plan to implement dynamic file shares. Windows 2000 Advanced Server includes this feature.
If the sub-directories are shared in a Clustered file share, and there are more than one file share groups within the cluster that use environment variables by username, the following behavior may occur when the groups are brought online on the same physical node. For example, you have drives in each group that have the following folders:
- \\<virtual_server1>\users Drive U: |-- users |-- user1 |-- user2
- \\<virtual_server2>\data Drive Z: |-- data |-- user1 |-- user2
For example, when you use environment variables and either or both of the following two virtual server groups come online on the same physical node, users can connect to the correct shares:
However, if you use the either or both of the following virtual server groups, users may experience inconsistent results when they map network drives:
- "net use * \\<virtual_server1>\%username%"
- "net use * \\<virtual_server2>\%username%"
The Lanman server Service does not differentiate between sub-directory shares. Therefore, it cannot distinguish that \\<virtual_server1>\%username% and \\<virtual_server2>\%username% are different file shares. When the second instance of the %username% file share tries to share, the following error 2118 occurs in the Cluster log file, and that share will not be created:
WARN File Share <Data>: SmbpCheckAndBringSubSharesOnline: NetShareAdd failed for subshare <user1>$ Error: 2118.
WARN File Share <Data>: SmbpCheckAndBringSubSharesOnline: NetShareAdd failed for subshare <user2>$ Error: 2118.
C:\err>err 2118 # for decimal 2118 / hex 0x846 NERR_DuplicateShare lmerr.h # /* The name has already been shared. */
Because the second shares do not exist, the drive mapping will connect to the first share. The best solution to avoid share name collision is not to share sub directories under the advanced properties of the File Share resource in Cluster Administrator. You can use ABE (Access-based Enumeration) to apply ACLs (Access Control List) for the user subdirectories. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
How to implement Windows Server 2003 Access-based Enumeration in a DFS environment
Alternatively, the file shares can be created by using one of the following two methods:
- Rename all subfolders under the original share locations to something different so that they will never match
- Do not share sub-directories, and map everything to \\<virtual_server1>\users or to \\<virtual_server2>\data or to both. Then, use NTFS permissions so that the users can only access their own share.
Securing a common folder
SP4 Cluster shares must be reset to recognize added subdirectories
How to create file shares on a cluster
Security considerations when implementing clustered file shares
Microsoft Cluster Server may not share folders automatically