Hi Folks, am after some advice and guidance - I have a customer who has deployed a Storage Spaces Direct (WS2D) cluster comprising 4 nodes, this was primarily to host VM workloads, but will also be used to host file services.
The Filer Server Role has been created and there are 2 VCO's with the File Services role (Nickel and Iron) - this is all working fine and hosts file shares with no issues: This customer wants to have a mechanism to support file syncing where end users can use either a domain joined Windows 10 device, or a BYOD device to access files seamlessly on and off of the corporate network.
Work Folders seems to be the obvious choice to support this, so we have set about testing this before it rolls into production: 1st step was to create a VM running Windows Server 2019, deploy the file services role and work folders setup, use a self signed SSL cert to secure the connection and test - this all worked as expected.
We then set about testing on the cluster - setting up the sync service on all nodes, deploying a self signed cert on all of the nodes (this is for testing initially, when we prove that it works, we'll move forward with a CA signed cert and setting up external access) - the Self Signed Cert references the VCO name as the Common Name, with DNS entries included as subject alternative names in the cert ( a DNS alias called "workfolders.domain.com) that points to the VCO name for simplicity and the DNS name of the VCO) - all looking good, and the cert has been bound to 443 on all nodes as described in the documentation.
Now when we go to test with a client, we get a variety of error messages - typing in the work folders URL of "workfolders.domain.com" generates an unspecified error: 0x80004005, when I add the registry key on the client to allow an unsecured connection (using http) it works straight away, so this made me think there is something wrong with the certificate (its in the local cert store on the server, and in the Trusted Root on the client) - I decided to run some protocol captures on the client and server side to glean if there were any errors on the server and client side with the certificate exchange and can find no evidence of such (handshaking and cert exchange all look good) - Does anyone have any suggestions on what to check for next? - I believe that the underlying technology works as I can establish a connection and sync when not using HTTPS, I believe that the self signed cert is formatted, installed and bound correctly on all of the cluster nodes and the test client. I believe that all of the relevant DNS entries are correct and can be resolved using ping and NSlookup tests - getting quite frustrated that we cant get this to work purely for testing purposes so all help and advice greatly appreciated.