Set up a NFS Server in Windows Server 2022

In this post I want to show how easily you can set up a NFS server in Windows Server 2022 (2012 and later). Further we will see how Windows Server can also connect to UNIX or Linux NFS shares that allows anonymous access by installing the Client for NFS on Windows Server.

Network File System (NFS) provides a file sharing solution that lets you transfer files between computers running Windows Server and UNIX or Linux operating systems by using the NFS protocol.

NFS itself is a network file sharing protocol such as SMB or AFP that provides access to files over a network, but finally all of them depending on an underlying local file system to store and manage the files physically like the ext3, ext4, XFS, Btrfs, ZFS or NTFS as in this post on a Windows NFS Server.

NFS in Windows Server includes Server for NFS and Client for NFS. A computer running Windows Server can use Server for NFS to act as a NFS file server for other non-Windows client computers.

Client for NFS allows a Windows-based computer running Windows Server to access files stored on a non-Windows NFS server.

When a file share is configured, it’s shared with both the SMB and NFS protocols. Windows users access their files over the SMB protocol, and users on UNIX-based computers typically access their files over the NFS protocol.

For this scenario, you must have a valid identity mapping source configuration. Windows Server supports the following identity mapping stores:

Mapping File, Active Directory Domain Services (AD DS), RFC 2307-compliant LDAP stores such as Active Directory Lightweight Directory Services (AD LDS), User Name Mapping (UNM) server.

Source: https://learn.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview

About how to set up an NFS Server on SUSE Linux Enterprise Server 15, you can read my following post.

Introduction to the Network File System (NFS)

Network File System (NFS) is a distributed file system protocol allowing a user on a client computer to access files over a network as if they were on the local machine. NFS servers facilitate this process by managing the shared directories and files, making them accessible to client systems within the network.

An NFS server essentially acts as a centralized storage repository, allowing multiple client machines to access and manipulate files stored on it. It simplifies file sharing and collaboration within networks, enabling users to seamlessly access resources regardless of their physical location or operating system.

Key features of NFS servers include robust security mechanisms to control access to shared files, efficient data transfer protocols to optimize performance, and scalability to accommodate growing storage needs within organizations.

Introduction to CIFS (Common Internet File System) and SMB (Server Message Block)

SMB, or Server Message Block, is a network protocol working at the application layer of the OSI communications model. SMB is used for providing shared access to resources over the network. The SMB protocol is widely used to share files on file servers, share files between user computers, and copy files between computers.

In addition to manipulating files, the other use case for SMB is messaging and printing (general purpose remote transactions), as well as browsing computers in the network. IBM developed SMB in 1983, and since then the protocol has been improved multiple times.

SMB file shares are directories on a remote host that are made available via the SMB protocol. They are configured on file servers, and read and write access can be configured to these shares. One file server can have multiple SMB shares.

The SMB protocol can work:

• directly via TCP by using port 445 (without NetBIOS) – this is the modern approach.
• via NetBIOS API by using UDP ports 137 and 138 and TCP ports 137 and 139 – this is the legacy approach used up to Windows 2000. The first versions of SMB used NetBIOS over TCP/IP for transport.

CIFS, or Common Internet File System, is a particular implementation or dialect of SMB developed by Microsoft in 1996 following the Windows 95 release. A dialect is a version and not a separate independent protocol. A dialect is a set of message packets sent/received for communicating between hosts that defines a particular protocol version. CIFS is not a file system, unlike the name suggests.

The CIFS protocol specification is based on the original SMB protocol but with some additional features added by Microsoft. Microsoft implemented direct connections via TCP and port 445 without using NetBIOS over TCP (which was used on the first SMB 1 implementations). CIFS is an implementation of SMB 1 and not a separate file-sharing protocol.

When we are talking about the SMB1 implementation by Microsoft, we can use the CIFS term. In all other cases, and in general, SMB is the correct term to refer to this network protocol.

Source: https://www.nakivo.com/blog/cifs-vs-smb/

SMB 2 was introduced in Windows Vista in 2006 and SMB 3 in Windows 8 and Windows Server 2012. The latest version as of today is SMB 3.1.1 and was introduced with Windows 10 and Windows Server 2016.

In Windows Server 2019 and later, the SMB 1.0/CIFS protocol is disabled by default.

On Windows Server 2012 R2 and Windows Server 2016 the SMB 1.0/CIFS protocol is enabled by default.

More about SMB and CIFS you will also find in the following article by NAKIVO https://www.nakivo.com/blog/cifs-vs-smb/.

Running NFS behind a Firwall

By default the NFS server is listening on TCP/UDP port 2049 for incoming connection requests. Further you should allow TCP/UDP port 111 for RPC binding.

NFS and portmap
NFS relies upon remote procedure calls (RPC) to function. portmap is required to map RPC requests to the correct services. RPC processes notify portmap when they start, revealing the port number they are monitoring and the RPC program numbers they expect to serve. The client system then contacts portmap on the server with a particular RPC program number. portmap then redirects the client to the proper port number to communicate with its intended service.

Source: https://mirror.apps.cam.ac.uk/pub/doc/redhat/redhat7.3/rhl-rg-en-7.3/ch-nfs.html

Install and set up Server for NFS

To set up a NFS server on Windows Server we first need to install the Server for NFS server role.

Under server roles expand File and Storage Services -> File and iSCSI Services and select the Server for NFS role. This will also add the File Server role and the Services for Network File System Management Tools feature as shown below.

File Server role -> File Server manages shared folders and enables users to access files on this computer from the network.

Services for Network File System Management Tools -> Includes the Network File System snap-in and the nfsadmin showmount, and rpcinfo commands.

Below you will find from now on the NFS server also in the services console.

Using PowerShell to install Server for NFS

You can also use PowerShell to install the server roles and features by using the following commands.

Import-Module ServerManager
Add-WindowsFeature FS-NFS-Service
Import-Module NFS

Add new Shares

We can now add new shares on the NFS server by using the Server Manager from Windows Server as shown below.

Sharing directories or files is in UNIX NFS terminology is called exporting directories or files. To mount these shares on a NFS client later is then called importing the file system.

Select File and Storage Services -> Shares -> TASKS and click on New Share …

Select either NFS Share – Quick or NFS Share – Advanced, then select Next.

On the Share Location page, select a server and a volume, then select Next.

On the Share Name page, enter a name for the new share, then select Next.

On the Authentication page, specify the authentication method you want to use, then select Next.

On the Share Permissions page, select Add. The Add Permissions dialog opens. Choose the level of user permissions to grant: Host, Netgroup, Client group, or All Machines.

The share permissions we can later also check by using PowerShell.

On the Permissions page, configure access control for your selected users. When you’re ready, select Next.

We also need to configure the NTFS permissions for Windows clients, here the more restrictive permissions between the Share permissions and NTFS permissions wins finally.

On the Confirmation page, review your configuration, and select Create to create the NFS file share.

We can also any time change the settings for the share by right clicking on and select Properties as shown below.

Using PowerShell to add new Shares

The following Windows PowerShell cmdlet can also create an NFS file share (where nfs1 is the name of the share and C:\shares\nfsfolder is the file path):

New-NfsShare -Name nfs1 -Path C:sharesnfsfolder

Install and set up Client for NFS

In order that Windows operating systems are able to connect to a NFS server, we first need to install the Client for NFS.

Select the Client for NFS feature as shown below.

Client for NFS enables this computer to access files on UNIX-based NFS servers. When installed, you can configure a computer to connect to UNIX NFS shares that allow anonymous access.

Mount NFS Network Shares on Windows

In order to mount Network File System (NFS) network shares on Windows we can either use the mount command-line utility or we can also just map the share by using its UNC path like for normal SMB shares.

The mount utility is available only if Client for NFS is installed.

To install the Client for NFS on Windows Server you can use either the PowerShell or the Server Manager.

By using the Server Manager check the Client for NFS feature.

By using PowerShell enter the following command.

PS C:> Install-WindowsFeature -Name NFS-Client  

To install the Client for NFS on Windows 10 or 11 you can use also either the PowerShell or the Control Panel and Windows Features wizard.

By using the Windows Features wizard check the Client for NFS feature.

By using PowerShell enter the following command.

PS C:> Enable-WindowsOptionalFeature -FeatureName ServicesForNFS-ClientOnly, ClientForNFS-Infrastructure -Online -NoRestart

To mount a Network File System (NFS) network share execute the following command.

> mount \ServerIPShareName Z:
> mount \braincloud07.braincourt.deNFS-Share N:

Source: https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/mount

As mentioned we can also just map the share like for SMB shares by using its UNC path as shown below.

Mount NFS Network Shares on UNIX or Linux operating systems

On UNIX or Linux operating systems we will also use the mount command which is here by default available and one of the essential commands.

Below I first created a new directory named NFS to mount the shares from the remote NFS server in.

sudo mount -t nfs <hostname/FQDN or IP address>:/<nfs Share> /<target folder mountpoint>
sudo mount -t nfs 192.168.195.42:/NFS-Share /NFS

-t limit the set of filesystem types and here set to nfs

Mount NFS Network Shares by default by using /etc/fstab

In order to not have every time to mount the NFS share by hand, we can add the following entry in the /etc/fstab to mount it always when the system is booting.

192.168.195.42:/NFS-Share /NFS nfs defaults 0 0

For remote file system mounts I will use the option _netdev to ensure the network is online before systemd will mount the exported file system (NFS share)
192.168.195.42:/NFS-Share /NFS nfs _netdev 0 0

x-systemd.mount-timeout= : option to specify how long systemd should wait for the mount command to finish
x-systemd.automount : option to be mounted only upon access
_netdev : option ensures systemd understands that the mount is network dependent and order it after the network is online.

Device: usually the given name or UUID of the mounted device (sda1/sda2/etc)
Mount Point: designates the directory where the device is/will be mounted
File System Type: nothing trick here, shows the type of filesystem in use
Options: lists any active mount options. If using multiple options they must be separated by commas
Backup Operation: (the first digit) this is a binary system where 1 = dump utility backup of a partition. 0 = no backup. This is an outdated backup method and should NOT be used.
File System Check Order: (second digit) Here we can see three possible outcomes.  0 means that fsck will not check the filesystem. Numbers higher than this represent the check order. The root filesystem should be set to 1 and other partitions set to 2. 

Source: https://www.redhat.com/sysadmin/etc-fstab

In order to unmount the NFS share we can use:

sudo umount 192.168.195.42:/NFS-Share

Troubleshooting

mount Network Error – 53

When trying to mount a remote NFS share the Network Error – 53 appears.

A common error here is that the permissions on the NFS server are not set correctly. In my case for demonstration purpose I want to allow read/write access on the root. Before the permissions were set to No Access and therefore on the clients the Network Error -53 was appearing when trying to mount the share.

After switching above the permissions to Read / Write, I was able to mount the share from a different server.

By just enter mount all NFS remote shares will be listed.

NFS version 4.1

NFS version 4.1 allows the file names to be created or copied with illegal characters. If you attempt to open the files with vi editor, it shows the files as being corrupt. You can’t save the file from vi, rename, move it, or change permissions. So avoid using illegal characters.

Source: https://learn.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs#known-issue

Links

Network File System (NFS)
https://en.wikipedia.org/wiki/Network_File_System

Network File System overview
https://learn.microsoft.com/en-us/windows-server/storage/nfs/nfs-overview

Deploy Network File System
https://learn.microsoft.com/en-us/windows-server/storage/nfs/deploy-nfs

mount
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/mount

NFS Server and File Permissions
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/nfs-server-file-permissions