Clustered Work Folders Deployment client errors

Gareth Thorne 1 Reputation point
2021-07-27T10:40:43.007+00:00

Hi Folks, am after some advice and guidance - I have a customer who has deployed a Storage Spaces Direct (WS2D) cluster comprising 4 nodes, this was primarily to host VM workloads, but will also be used to host file services.

The Filer Server Role has been created and there are 2 VCO's with the File Services role (Nickel and Iron) - this is all working fine and hosts file shares with no issues: This customer wants to have a mechanism to support file syncing where end users can use either a domain joined Windows 10 device, or a BYOD device to access files seamlessly on and off of the corporate network.

Work Folders seems to be the obvious choice to support this, so we have set about testing this before it rolls into production: 1st step was to create a VM running Windows Server 2019, deploy the file services role and work folders setup, use a self signed SSL cert to secure the connection and test - this all worked as expected.

We then set about testing on the cluster - setting up the sync service on all nodes, deploying a self signed cert on all of the nodes (this is for testing initially, when we prove that it works, we'll move forward with a CA signed cert and setting up external access) - the Self Signed Cert references the VCO name as the Common Name, with DNS entries included as subject alternative names in the cert ( a DNS alias called "workfolders.domain.com) that points to the VCO name for simplicity and the DNS name of the VCO) - all looking good, and the cert has been bound to 443 on all nodes as described in the documentation.

Now when we go to test with a client, we get a variety of error messages - typing in the work folders URL of "workfolders.domain.com" generates an unspecified error: 0x80004005, when I add the registry key on the client to allow an unsecured connection (using http) it works straight away, so this made me think there is something wrong with the certificate (its in the local cert store on the server, and in the Trusted Root on the client) - I decided to run some protocol captures on the client and server side to glean if there were any errors on the server and client side with the certificate exchange and can find no evidence of such (handshaking and cert exchange all look good) - Does anyone have any suggestions on what to check for next? - I believe that the underlying technology works as I can establish a connection and sync when not using HTTPS, I believe that the self signed cert is formatted, installed and bound correctly on all of the cluster nodes and the test client. I believe that all of the relevant DNS entries are correct and can be resolved using ping and NSlookup tests - getting quite frustrated that we cant get this to work purely for testing purposes so all help and advice greatly appreciated.

Windows Server Clustering
Windows Server Clustering
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Clustering: The grouping of multiple servers in a way that allows them to appear to be a single unit to client computers on a network. Clustering is a means of increasing network capacity, providing live backup in case one of the servers fails, and improving data security.
995 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JiayaoZhu 3,911 Reputation points
    2021-07-28T03:06:54.79+00:00

    Hi,

    Thanks for posting on our forum!

    Based on your description, I agree with your assumption that your certificate may be the real culprit for your issue. In addition, I noticed that when you added the registry key on the client to allow an unsecured connection (using http) it worked straight away, and I assume that you can also try to check your security permission for the clients. As a result, I found two articles that may be helpful for your troubleshooting:
    https://social.technet.microsoft.com/Forums/ie/en-US/2ebc1b37-07f6-43d9-8e83-5b4e4f83160c/there-was-a-problem-finding-your-work-folders-server?forum=winserverfiles

    https://techcommunity.microsoft.com/t5/storage-at-microsoft/troubleshooting-work-folders-on-windows-client/ba-p/425627

    Thanks for your support!

    BR,
    Joan


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.