Whats New in Storage in Windows Server PDF
Whats New in Storage in Windows Server PDF
Whats New in Storage in Windows Server PDF
Storage
What's new in Storage
Data Deduplication
What's new in Data Deduplication
Understand Data Deduplication
Install and enable Data Deduplication
Run Data Deduplication
Advanced Data Deduplication settings
Data Deduplication interoperability
DFS Namespaces
Checklist: Deploy DFS Namespaces
Checklist: Tune a DFS Namespace
Deploying DFS Namespaces
Choose a Namespace Type
Create a DFS Namespace
Migrate a Domain-based Namespace to Windows Server 2008 Mode
Add Namespace Servers to a Domain-based DFS Namespace
Create a Folder in a DFS Namespace
Add Folder Targets
Replicate Folder Targets using DFS Replication
Delegate Management Permissions for DFS Namespaces
Tuning DFS Namespaces
Enable or Disable Referrals and Client Failback
Change the Amount of Time that Clients Cache Referrals
Set the Ordering Method for Targets in Referrals
Set Target Priority to Override Referral Ordering
Optimize Namespace Polling
Enable Access-based Enumeration on a Namespace
Using Inherited Permissions with Access-based Enumeration
DFS Replication
Migrate SYSVOL replication to DFS Replication
Use robocopy to preseed files for DFS Replication
DFS Replication: Frequently Asked Questions (FAQ)
How to determine the minimum staging area DFSR needs for a replicated folder
Understanding (the Lack of) Distributed File Locking in DFSR
Disk Management
File Server and SMB
SMB Direct
SMB security enhancements
SMB: File and printer sharing ports should be open
Network File System overview
Deploy Network File System
NTFS overview
Volume Shadow Copy Service
Using Disk Cleanup
Advanced Troubleshooting SMB
Detect, enable and disable SMBv1, SMBv2, and SMBv3
SMBv1 is not installed by default
SMB Known issues
TCP three-way handshake failure
Negotiate, Session Setup, and Tree Connect Failures
TCP connection is aborted during Validate Negotiate
Slow SMB files transfer speed
High CPU usage
Troubleshooting Event ID 50
Troubleshooting SMB Multichannel issues
File Server Resource Manager
Checklist: Apply a Quota to a Volume or Folder
Checklist: Apply a File Screen to a Volume or Folder
Setting File Server Resource Manager Options
Configure E-mail Notifications
Configure Notification Limits
Configure Storage Reports
Configure File Screen Audit
Quota Management
Create a Quota
Create an Auto Apply Quota
Create a Quota template
Edit Quota Template Properties
Edit Auto Apply Quota Properties
File screening Management
Define File Groups for Screening
Create a File Screen
Create a File Screen Exception
Create a File Screen Template
Edit File Screen Template Properties
Storage Reports Management
Schedule a Set of Reports
Generate Reports on Demand
Classification Management
Create an Automatic Classification Rule
Create a Classification Property
File Management Tasks
Create a File Expiration Task
Create a Custom File Management Task
Managing Remote Storage Resources
Connect to a Remote Computer
Command-Line Tools
Troubleshooting File Server Resource Manager
Folder Redirection and Roaming User Profiles
Deploy Roaming User Profiles
Deploy Folder Redirection
Deploy primary computers
Disable Offline Files on folders
Enable always offline mode
Enable optimized folder moving
Troubleshoot user profiles
iSCSI
iSCSI Target Server
iSCSI Target Server scalability limits
iSCSI boot
ReFS
Mirror-accelerated parity
Block cloning
Integrity streams
ReFSUtil
Storage Migration Service
Overview
Migrate a server
Frequently asked questions (FAQ)
Known issues
Storage Replica
Stretch Cluster Replication using Shared Storage
Server to server storage replication
Cluster to cluster storage replication
Cluster to Cluster Storage Replica cross region in Azure
Cluster to Cluster Storage Replica within the same region in Azure
Storage Replica: known issues
Storage Replica: Frequently Asked Questions
Storage Spaces
Deploy Storage Spaces on a stand-alone server
Health and operational states
Storage Spaces Direct
Understand
Understand the cache
Fault tolerance and storage efficiency
Drive symmetry considerations
Understand and monitor storage resync
Cluster and pool quorum
Cluster sets
Plan
Hardware requirements
Using the CSV in-memory read cache
Choose drives
Plan volumes
Guest VM clusters
Disaster recovery
Deploy
Deploy Storage Spaces Direct
Create volumes
Nested resiliency
Configure quorum
Upgrade a Storage Spaces Direct cluster
Understand and deploy persistent memory
Manage
Manage with Windows Admin Center
Add servers or drives
Taking a server offline for maintenance
Remove servers
Update drive firmware
Extend volumes
Delete volumes
Performance history
Drives
Network adapters
Servers
VHDs
VMs
Volumes
Clusters
Scripting samples
Delimit the allocation of volumes
Monitor with Azure Monitor
Troubleshoot
Troubleshooting scenarios
Health and operational states
Collect data
Frequently asked questions
Storage-class memory health management
Work Folders
Designing a Work Folders Implementation
Deploying Work Folders
Deploying Work Folders with AD FS and Web Application Proxy (WAP)
Step 1, Set up AD FS
Step 2, AD FS post-configuration
Step 3, Set up Work Folders
Step 4, Set up WAP
Step 5, Set up clients
Storage QoS
Change history for Storage topics
What's new in Storage in Windows Server
8/18/2020 • 16 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
This topic explains the new and changed functionality in storage in Windows Server 2019, Windows Server 2016,
and Windows Server Semi-Annual Channel releases.
Support for Large Volumes Updated Prior to Windows Server 2016, volumes
had to specifically sized for the expected
churn, with volume sizes above 10 TB
not being good candidates for
deduplication. In Windows Server 2016,
Data Deduplication supports volume
sizes up to 64 TB .
Support for Large Files Updated Prior to Windows Server 2016, files
approaching 1 TB in size were not good
candidates for deduplication. In
Windows Server 2016, files up to 1 TB
are fully supported.
Support for Nano Server New Data Deduplication is available and fully
supported in the new Nano Server
deployment option for Windows Server
2016.
F UN C T IO N A L IT Y N EW O R UP DAT ED DESC RIP T IO N
Support for Cluster OS Rolling New Data Deduplication fully supports the
Upgrades new Cluster OS Rolling Upgrade feature
of Windows Server 2016.
NOTE
The registry values for these settings aren't present by default, but the hardening rules still apply until overridden by Group
Policy or other registry values.
For more information on these security improvements - also referred to as UNC hardening, see Microsoft
Knowledge Base article 3000483 and MS15-011 & MS15-014: Hardening Group Policy.
Work Folders
Improved change notification when the Work Folders server is running Windows Server 2016 and the Work
Folders client is Windows 10.
What value does this change add?
For Windows Server 2012 R2, when file changes are synced to the Work Folders server, clients are not notified of
the change and wait up to 10 minutes to get the update. When using Windows Server 2016, the Work Folders
server immediately notifies Windows 10 clients and the file changes are synced immediately.
What works differently?
This capability is new in Windows Server 2016. This requires a Windows Server 2016 Work Folders server and the
client must be Windows 10.
If you're using an older client or the Work Folders server is Windows Server 2012 R2, the client will continue to
poll every 10 minutes for changes.
ReFS
The next iteration of ReFS provides support for large-scale storage deployments with diverse workloads, delivering
reliability, resiliency, and scalability for your data.
What value does this change add?
ReFS introduces the following improvements:
ReFS implements new storage tiers functionality, helping deliver faster performance and increased storage
capacity. This new functionality enables:
Multiple resiliency types on the same virtual disk (using mirroring in the performance tier and parity in
the capacity tier, for example).
Increased responsiveness to drifting working sets.
The introduction of block cloning substantially improves the performance of VM operations, such as .vhdx
checkpoint merge operations.
The new ReFS scan tool enables the recovery of leaked storage and helps salvage data from critical corruptions.
What works differently?
These capabilities are new in Windows Server 2016.
Additional References
What's New in Windows Server 2016
Data Deduplication Overview
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel),
IMPORTANT
KB4025334 contains a roll up of fixes for Data Deduplication, including important reliability fixes, and we strongly
recommend installing it when using Data Deduplication with Windows Server 2016 and Windows Server 2019.
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
Data Deduplication in Windows Server has been optimized to be highly performant, flexible, and manageable at
private cloud scale. For more information about the software-defined storage stack in Windows Server, please see
What's New in Storage in Windows Server.
Data Deduplication has the following enhancements in Windows Server 2019:
Data Deduplication has the following enhancements starting in Windows Server 2016:
Support for large volumes Updated Prior to Windows Server 2016, volumes
had to be specifically sized for the
expected churn, with volume sizes
above 10 TB not being good candidates
for deduplication. In Windows Server
2016, Data Deduplication supports
volume sizes up to 64 TB.
Support for large files Updated Prior to Windows Server 2016, files
approaching 1 TB in size were not good
candidates for deduplication. In
Windows Server 2016, files up to 1 TB
are fully supported.
Support for Nano Server New Data Deduplication is available and fully
supported in the new Nano Server
deployment option for Windows Server
2016.
F UN C T IO N A L IT Y N EW O R UP DAT ED DESC RIP T IO N
Support for Cluster OS Rolling Upgrade New Data Deduplication fully supports the
new Cluster OS Rolling Upgrade feature
of Windows Server 2016.
These optimizations apply to all Data Deduplication Jobs, not just the Optimization Job.
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
5. Replace the original file stream of now optimized files with a reparse point to the chunk store.
When optimized files are read, the file system sends the files with a reparse point to the Data Deduplication file
system filter (Dedup.sys). The filter redirects the read operation to the appropriate chunks that constitute the
stream for that file in the chunk store. Modifications to ranges of a deduplicated files get written unoptimized to the
disk and are optimized by the Optimization job the next time it runs.
Usage Types
The following Usage Types provide reasonable Data Deduplication configuration for common workloads:
Jobs
Data Deduplication uses a post-processing strategy to optimize and maintain a volume's space efficiency.
Garbage Collection The Garbage Collection job reclaims Every Saturday at 2:35 AM
disk space by removing unnecessary
chunks that are no longer being
referenced by files that have been
recently modified or deleted.
JO B N A M E JO B DESC RIP T IO N S DEFA ULT SC H EDUL E
Integrity Scrubbing The Integrity Scrubbing job identifies Every Saturday at 3:35 AM
corruption in the chunk store due to
disk failures or bad sectors. When
possible, Data Deduplication can
automatically use volume features (such
as mirror or parity on a Storage Spaces
volume) to reconstruct the corrupted
data. Additionally, Data Deduplication
keeps backup copies of popular chunks
when they are referenced more than
100 times in an area called the hotspot.
Chunk store The chunk store is an organized series of container files in the
System Volume Information folder that Data Deduplication
uses to uniquely store chunks.
File stream The file stream is the main content of the file. This is the part
of the file that Data Deduplication optimizes.
File system The file system is the software and on-disk data structure that
the operating system uses to store files on storage media.
Data Deduplication is supported on NTFS formatted volumes.
File system filter A file system filter is a plugin that modifies the default
behavior of the file system. To preserve access semantics, Data
Deduplication uses a file system filter (Dedup.sys) to redirect
reads to optimized content completely transparently to the
user or application that makes the read request.
Optimization policy The optimization policy specifies the files that should be
considered for Data Deduplication. For example, files may be
considered out-of-policy if they are brand new, open, in a
certain path on the volume, or a certain file type.
Reparse point A reparse point is a special tag that notifies the file system to
pass off I/O to a specified file system filter. When a file's file
stream has been optimized, Data Deduplication replaces the
file stream with a reparse point, which enables Data
Deduplication to preserve the access semantics for that file.
WARNING
Unless instructed by authorized Microsoft Support Personnel, do not attempt to manually modify the chunk store. Doing so
may result in data corruption or loss.
This topic explains how to install Data Deduplication, evaluate workloads for deduplication, and enable Data
Deduplication on specific volumes.
NOTE
If you're planning to run Data Deduplication in a Failover Cluster, every node in the cluster must have the Data Deduplication
server role installed.
2. Click Next until the Install button is active, and then click Install .
Install Data Deduplication by using PowerShell
To install Data Deduplication, run the following PowerShell command as an administrator:
Install-WindowsFeature -Name FS-Data-Deduplication
-- OR --
Connect remotely to the Nano Server instance with PowerShell remoting and install Data Deduplication by
using DISM:
IMPORTANT
If you are running a recommended workload, you can skip this section and go to Enable Data Deduplication for your
workload.
To determine whether a workload works well with deduplication, answer the following questions. If you're unsure
about a workload, consider doing a pilot deployment of Data Deduplication on a test dataset for your workload to
see how it performs.
1. Does my workload's dataset have enough duplication to benefit from enabling deduplication?
Before enabling Data Deduplication for a workload, investigate how much duplication your workload's
dataset has by using the Data Deduplication Savings Evaluation tool, or DDPEval. After installing Data
Deduplication, you can find this tool at C:\Windows\System32\DDPEval.exe . DDPEval can evaluate the potential
for optimization against directly connected volumes (including local drives or Cluster Shared Volumes) and
mapped or unmapped network shares. Running DDPEval.exe will return an output similar to the following:
Data Deduplication Savings Evaluation Tool
Copyright 2011-2012 Microsoft Corporation. All Rights Reserved. Evaluated folder: E:\Test
Processed files: 34 Processed files size: 12.03MB Optimized files size: 4.02MB Space savings: 8.01MB
Space savings percent: 66 Optimized files size (no compression): 11.47MB
Space savings (no compression): 571.53KB Space savings percent (no compression): 4
Files with duplication: 2 Files excluded by policy: 20 Files excluded by error: 0
2. What do my workload's I/O patterns to its dataset look like? What performance do I have for
my workload? Data Deduplication optimizes files as a periodic job, rather than when the file is written to
disk. As a result, it is important to examine is a workload's expected read patterns to the deduplicated
volume. Because Data Deduplication moves file content into the Chunk Store and attempts to organize the
Chunk Store by file as much as possible, read operations perform best when they are applied to sequential
ranges of a file.
Database-like workloads typically have more random read patterns than sequential read patterns because
databases do not typically guarantee that the database layout will be optimal for all possible queries that
may be run. Because the sections of the Chunk Store may exist all over the volume, accessing data ranges in
the Chunk Store for database queries may introduce additional latency. High performance workloads are
particularly sensitive to this extra latency, but other database-like workloads might not be.
NOTE
These concerns primarily apply to storage workloads on volumes made up of traditional rotational storage media
(also known as Hard Disk drives, or HDDs). All-flash storage infrastructure (also known as Solid State Disk drives, or
SSDs), is less affected by random I/O patterns because one of the properties of flash media is equal access time to all
locations on the media. Therefore, deduplication will not introduce the same amount of latency for reads to a
workload's datasets stored on all-flash media as it would on traditional rotational storage media.
3. What are the resource requirements of my workload on the ser ver? Because Data Deduplication
uses a post-processing model, Data Deduplication periodically needs to have sufficient system resources to
complete its optimization and other jobs. This means that workloads that have idle time, such as in the
evening or on weekends, are excellent candidates for deduplication, and workloads that run all day, every
day may not be. Workloads that have no idle time may still be good candidates for deduplication if the
workload does not have high resource requirements on the server.
Enable Data Deduplication
Before enabling Data Deduplication, you must choose the Usage Type that most closely resembles your workload.
There are three Usage Types included with Data Deduplication.
Default - tuned specifically for general purpose file servers
Hyper-V - tuned specifically for VDI servers
Backup - tuned specifically for virtualized backup applications, such as Microsoft DPM
Enable Data Deduplication by using Server Manager
1. Select File and Storage Ser vices in Server Manager.
4. Select the desired Usage Type from the drop-down box and select OK .
5. If you are running a recommended workload, you're done. For other workloads, see Other considerations.
NOTE
You can find more information on excluding file extensions or folders and selecting the deduplication schedule, including why
you would want to do this, in Configuring Data Deduplication.
2. If you are running a recommended workload, you're done. For other workloads, see Other considerations.
NOTE
The Data Deduplication PowerShell cmdlets, including Enable-DedupVolume , can be run remotely by appending the
-CimSession parameter with a CIM Session. This is particularly useful for running the Data Deduplication PowerShell
cmdlets remotely against a Nano Server instance. To create a new CIM Session run New-CimSession .
Other considerations
IMPORTANT
If you are running a recommended workload, you can skip this section.
Data Deduplication's Usage Types give sensible defaults for recommended workloads, but they also provide a
good starting point for all workloads. For workloads other than the recommended workloads, it is possible to
modify Data Deduplication's advanced settings to improve deduplication performance.
If your workload has high resource requirements on your server, the Data Deduplication jobs should be
scheduled to run during the expected idle times for that workload. This is particularly important when running
deduplication on a hyper-converged host, because running Data Deduplication during expected working hours
can starve VMs.
If your workload does not have high resource requirements, or if it is more important that optimization jobs
complete than workload requests be served, the memory, CPU, and priority of the Data Deduplication jobs can
be adjusted.
What are the storage requirements for Data Deduplication? In Windows Server 2016, Data Deduplication
can support volume sizes up to 64 TB. For more information, view What's new in Data Deduplication.
Running Data Deduplication
8/18/2020 • 2 minutes to read • Edit Online
All settings that are available when you schedule a Data Deduplication job are also available when you start a job
manually except for the scheduling-specific settings. For example, to start an Optimization job manually with high
priority, maximum CPU usage, and maximum memory usage, execute the following PowerShell command with
administrator privilege:
Start-DedupJob -Type Optimization -Volume <Your-Volume-Here> -Memory 100 -Cores 100 -Priority High
NOTE
More detail on job successes and failures can be found in the Windows Event Viewer under
\Applications and Services Logs\Windows\Deduplication\Operational .
Optimization rates
One indicator of Optimization job failure is a downward-trending optimization rate which might indicate that the
Optimization jobs are not keeping up with the rate of changes, or churn. You can check the optimization rate by
using the Get-DedupStatus PowerShell cmdlet.
IMPORTANT
Get-DedupStatus has two fields that are relevant to the optimization rate: OptimizedFilesSavingsRate and
SavingsRate . These are both important values to track, but each has a unique meaning.
OptimizedFilesSavingsRate applies only to the files that are 'in-policy' for optimization (
space used by optimized files after optimization / logical size of optimized files ).
SavingsRate applies to the entire volume (
space used by optimized files after optimization / total logical size of the optimization ).
IMPORTANT
The Unoptimization job will fail if the volume does not have sufficient space to hold the unoptimized data.
This document describes how to modify advanced Data Deduplication settings. For recommended workloads, the
default settings should be sufficient. The main reason to modify these settings is to improve Data Deduplication's
performance with other kinds of workloads.
The most common reason for changing when Data Deduplication jobs run is to ensure that jobs run during off
hours. The following step-by-step example shows how to modify the Data Deduplication schedule for a sunny day
scenario: a hyper-converged Hyper-V host that is idle on weekends and after 7:00 PM on weeknights. To change
the schedule, run the following PowerShell cmdlets in an Administrator context.
1. Disable the scheduled hourly Optimization jobs.
2. Remove the currently scheduled Garbage Collection and Integrity Scrubbing jobs.
3. Create a nightly Optimization job that runs at 7:00 PM with high priority and all the CPUs and memory
available on the system.
4. Create a weekly Garbage Collection job that runs on Saturday starting at 7:00 AM with high priority and all
the CPUs and memory available on the system.
5. Create a weekly Integrity Scrubbing job that runs on Sunday starting at 7 AM with high priority and all the
CPUs and memory available on the system.
W H Y W O UL D Y O U WA N T TO
PA RA M ET ER N A M E DEF IN IT IO N A C C EP T ED VA L UES SET T H IS VA L UE?
Type The type of the job that Optimization This value is required
should be scheduled GarbageCollection because it is the type of job
Scrubbing that you want to have be
scheduled. This value cannot
be changed after the task
has been scheduled.
Priority The system priority of the High This value helps the system
scheduled job Medium determine how to allocate
Low CPU time. High will use
more CPU time, low will use
less.
Days The days that the job is An array of integers 0-6 Scheduled tasks have to run
scheduled representing the days of the on at least one day.
week:
0 = Sunday
1 = Monday
2 = Tuesday
3 = Wednesday
4 = Thursday
5 = Friday
6 = Saturday
Cores The percentage of cores on Integers 0-100 (indicates a To control what level of
the system that a job should percentage) impact a job will have on the
use compute resources on the
system
W H Y W O UL D Y O U WA N T TO
PA RA M ET ER N A M E DEF IN IT IO N A C C EP T ED VA L UES SET T H IS VA L UE?
DurationHours The maximum number of Positive integers To prevent a job for running
hours a job should be into a workload's non-idle
allowed to run hours
Enabled Whether the job will run True/false To disable a job without
removing it
Full For scheduling a full Switch (true/false) By default, every fourth job
Garbage Collection job is a full Garbage Collection
job. With this switch, you
can schedule full Garbage
Collection to run more
frequently.
InputOutputThrottle Specifies the amount of Integers 0-100 (indicates a Throttling ensures that jobs
input/output throttling percentage) don't interfere with other
applied to the job I/O-intensive processes.
Memory The percentage of memory Integers 0-100 (indicates a To control what level of
on the system that a job percentage) impact the job will have on
should use the memory resources of
the system
Name The name of the scheduled String A job must have a uniquely
job identifiable name.
ReadOnly Indicates that the scrubbing Switch (true/false) You want to manually
job processes and reports restore files that sit on bad
on corruptions that it finds, sections of the disk.
but does not run any repair
actions
Start Specifies the time a job System.DateTime The date part of the
should start System.Datetime provided
to Start is irrelevant (as long
as it's in the past), but the
time part specifies when the
job should start.
StopWhenSystemBusy Specifies whether Data Switch (True/False) This switch gives you the
Deduplication should stop if ability to control the
the system is busy behavior of Data
Deduplication--this is
especially important if you
want to run Data
Deduplication while your
workload is not idle.
The main reasons to modify the volume settings from the selected usage type are to improve read performance
for specific files (such as multimedia or other file types that are already compressed) or to fine-tune Data
Deduplication for better optimization for your specific workload. The following example shows how to modify the
Data Deduplication volume settings for a workload that most closely resembles a general purpose file server
workload, but uses large files that change frequently.
1. See the current volume settings for Cluster Shared Volume 1.
2. Enable OptimizePartialFiles on Cluster Shared Volume 1 so that the MinimumFileAge policy applies to
sections of the file rather than the whole file. This ensures that the majority of the file gets optimized even
though sections of the file change regularly.
ChunkRedundancyThreshold The number of times that a Positive integers The main reason to modify
chunk is referenced before a this number is to increase
chunk is duplicated into the the savings rate for volumes
hotspot section of the with high duplication. In
Chunk Store. The value of general, the default value
the hotspot section is that (100) is the recommended
so-called "hot" chunks that setting, and you shouldn't
are referenced frequently need to modify this.
have multiple access paths
to improve access time.
ExcludeFileType File types that are excluded Array of file extensions Some file types, particularly
from optimization multimedia or files that are
already compressed, do not
benefit very much from
being optimized. This setting
allows you to configure
which types are excluded.
ExcludeFolder Specifies folder paths that Array of folder paths If you want to improve
should not be considered for performance or keep
optimization content in particular paths
from being optimized, you
can exclude certain paths on
the volume from
consideration for
optimization.
W H Y W O UL D Y O U WA N T TO
SET T IN G N A M E DEF IN IT IO N A C C EP T ED VA L UES M O DIF Y T H IS VA L UE?
InputOutputScale Specifies the level of IO Positive integers ranging 1- The main reason to modify
parallelization (IO queues) 36 this value is to decrease the
for Data Deduplication to impact on the performance
use on a volume during a of a high IO workload by
post-processing job restricting the number of IO
queues that Data
Deduplication is allowed to
use on a volume. Note that
modifying this setting from
the default may cause Data
Deduplication's post-
processing jobs to run
slowly.
MinimumFileAgeDays Number of days after the file Positive integers (inclusive of The Default and HyperV
is created before the file is zero) usage types set this value to
considered to be in-policy 3 to maximize performance
for optimization. on hot or recently created
files. You may want to
modify this if you want Data
Deduplication to be more
aggressive or if you do not
care about the extra latency
associated with
deduplication.
MinimumFileSize Minimum file size that a file Positive integers (bytes) The main reason to change
must have to be considered greater than 32 KB this value is to exclude small
in-policy for optimization files that may have limited
optimization value to
conserve compute time.
NoCompressionFileType File types whose chunks Array of file extensions Some types of files,
should not be compressed particularly multimedia files
before going into the Chunk and already compressed file
Store types, may not compress
well. This setting allows
compression to be turned
off for those files, saving
CPU resources.
W H Y W O UL D Y O U WA N T TO
SET T IN G N A M E DEF IN IT IO N A C C EP T ED VA L UES M O DIF Y T H IS VA L UE?
OptimizeInUseFiles When enabled, files that True/false Enable this setting if your
have active handles against workload keeps files open
them will be considered as for extended periods of time.
in-policy for optimization. If this setting is not enabled,
a file would never get
optimized if the workload
has an open handle to it,
even if it's only occasionally
appending data at the end.
WlmMemoryOverPercentThr This setting allows jobs to Positive integers (a value of If you have another task
eshold use more memory than 300 means 300% or 3 times) that will stop if Data
Data Deduplication judges Deduplication takes more
to actually be available. For memory
example, a setting of 300
would mean that the job
would have to use three
times the assigned memory
to get canceled.
DeepGCInterval This setting configures the Integers (-1 indicates See this frequently asked
interval at which regular disabled) question
Garbage Collection jobs
become full Garbage
Collection jobs. A setting of
n would mean that every
nth job was a full Garbage
Collection job. Note that full
Garbage Collection is always
disabled (regardless of the
registry value) for volumes
with the Backup Usage Type.
Start-DedupJob -Type
GarbageCollection -Full
may be used if full Garbage
Collection is desired on a
Backup volume.
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2019
Supported
ReFS
Data Deduplication is supported as of Windows Server 2019.
Failover Clustering
Failover Clustering is fully supported, if every node in the cluster has the Data Deduplication feature installed.
Other important notes:
Manually started Data Deduplication jobs must be run on the Owner node for the Cluster Shared Volume.
Scheduled Data Deduplication jobs are stored in the cluster task scheduled so that if a deduplicated volume is
taken over by another node, the scheduled job will be applied on the next scheduled interval.
Data Deduplication fully interoperates with the Cluster OS Rolling Upgrade feature.
Data Deduplication is fully supported on Storage Spaces Direct NTFS-formatted volumes (mirror or parity).
Deduplication is not supported on volumes with multiple tiers. See Data Deduplication on ReFS for more
information.
Storage Replica
Storage Replica is fully supported. Data Deduplication should be configured to not run on the secondary copy.
BranchCache
You can optimize data access over the network by enabling BranchCache on servers and clients. When a
BranchCache-enabled system communicates over a WAN with a remote file server that is running data
deduplication, all of the deduplicated files are already indexed and hashed. Therefore, requests for data from a
branch office are quickly computed. This is similar to preindexing or prehashing a BranchCache-enabled server.
DFS Replication
Data Deduplication works with Distributed File System (DFS) Replication. Optimizing or unoptimizing a file will not
trigger a replication because the file does not change. DFS Replication uses Remote Differential Compression
(RDC), not the chunks in the chunk store, for over-the-wire savings. The files on the replica can also be optimized
by using deduplication if the replica is using Data Deduplication.
Quotas
Data Deduplication does not support creating a hard quota on a volume root folder that also has deduplication
enabled. When a hard quota is present on a volume root, the actual free space on the volume and the quota-
restricted space on the volume are not the same. This may cause deduplication optimization jobs to fail. It is
possible however to creating a soft quota on a volume root that has deduplication enabled.
When quota is enabled on a deduplicated volume, quota uses the logical size of the file rather than the physical size
of the file. Quota usage (including any quota thresholds) does not change when a file is processed by
deduplication. All other quota functionality, including volume-root soft quotas and quotas on subfolders, works
normally when using deduplication.
Windows Server Backup
Windows Server Backup can back up an optimized volume as-is (that is, without removing deduplicated data). The
following steps show how to back up a volume and how to restore a volume or selected files from a volume.
1. Install Windows Server Backup.
2. Back up the E: volume to another volume by running the following command, substituting the correct
volume names for your situation.
This output version ID will be a date and time string, for example: 08/18/2016-06:22.
4. Restore the entire volume.
--OR--
Restore a particular folder (in this case, the E:\Docs folder):
Unsupported
Windows 10 (client OS )
Data Deduplication is not supported on Windows 10. There are several popular blog posts in the Windows
community describing how to remove the binaries from Windows Server 2016 and install on Windows 10, but this
scenario has not been validated as part of the development of Data Deduplication. Vote for this item for Windows
10 vNext on the Windows Server Storage UserVoice.
Windows Search
Windows Search doesn't support Data Deduplication. Data Deduplication uses reparse points, which Windows
Search can't index, so Windows Search skips all deduplicated files, excluding them from the index. As a result,
search results might be incomplete for deduplicated volumes. Vote for this item for Windows Server vNext on the
Windows Server Storage UserVoice.
Robocopy
Running Robocopy with Data Deduplication is not recommended because certain Robocopy commands can
corrupt the Chunk Store. The Chunk Store is stored in the System Volume Information folder for a volume. If the
folder is deleted, the optimized files (reparse points) that are copied from the source volume become corrupted
because the data chunks are not copied to the destination volume.
DFS Namespaces overview
8/18/2020 • 5 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server 2008 R2, Windows Server 2008, Windows Server (Semi-Annual Channel)
DFS Namespaces is a role service in Windows Server that enables you to group shared folders located on different
servers into one or more logically structured namespaces. This makes it possible to give users a virtual view of
shared folders, where a single path leads to files located on multiple servers, as shown in the following figure:
Must contain an NTFS volume to host the namespace. Must contain an NTFS volume to host the namespace.
Can be a member server or domain controller. Must be a member server or domain controller in the domain
in which the namespace is configured. (This requirement
applies to every namespace server that hosts a given domain-
based namespace.)
Can be hosted by a failover cluster to increase the availability The namespace cannot be a clustered resource in a failover
of the namespace. cluster. However, you can locate the namespace on a server
that also functions as a node in a failover cluster if you
configure the namespace to use only local resources on that
server.
Install-WindowsFeature <name>
For example, to install the Distributed File System Tools portion of the Remote Server Administration Tools feature,
type:
Install-WindowsFeature "RSAT-DFS-Mgmt-Con"
To install the DFS Namespaces, and the Distributed File System Tools portions of the Remote Server Administration
Tools feature, type:
Additional References
For additional related information, see the following resources.
C O N T EN T T Y P E REF EREN C ES
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
Distributed File System (DFS) Namespaces and DFS Replication can be used to publish documents, software, and
line-of-business data to users throughout an organization. Although DFS Replication alone is sufficient to distribute
data, you can use DFS Namespaces to configure the namespace so that a folder is hosted by multiple servers, each
of which holds an updated copy of the folder. This increases data availability and distributes the client load across
servers.
When browsing a folder in the namespace, users are not aware that the folder is hosted by multiple servers. When
a user opens the folder, the client computer is automatically referred to a server on its site. If no same-site servers
are available, you can configure the namespace to refer the client to a server that has the lowest connection cost as
defined in Active Directory Directory Services (AD DS).
To deploy DFS Namespaces, perform the following tasks:
Review the concepts, and requirements of DFS Namespaces. Overview of DFS Namespaces
Choose a namespace type
Create a DFS namespace
Migrate existing domain-based namespaces to Windows Server 2008 mode domain-based namespaces.
Migrate a Domain-based Namespace to Windows Server 2008 mode
Increase availability by adding namespace servers to a domain-based namespace. Add Namespace Servers to a
Domain-based DFS Namespace
Add folders to a namespace. Create a Folder in a DFS Namespace
Add folder targets to folders in a namespace. Add Folder Targets
Replicate content between folder targets using DFS Replication (optional). Replicate Folder Targets Using DFS
Replication
Additional References
Namespaces
Checklist: Tune a DFS Namespace
Replication
Checklist: Tune a DFS namespace
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
After creating a namespace and adding folders and targets, use the following checklist to tune or optimize the way
the DFS namespace handles referrals and polls Active Directory Domain Services (AD DS) for updated namespace
data.
Prevent users from seeing folders in a namespace that they do not have permissions to access. Enable Access-
Based Enumeration on a Namespace
Enable or prevent users from being referred to a namespace or folder target when they access a folder in the
namespace. Enable or Disable Referrals and Client Failback
Adjust how long clients cache a referral before requesting a new one. Change the Amount of Time That Clients
Cache Referrals
Optimize how namespace servers poll AD DS to obtain the most current namespace data. Optimize Namespace
Polling
Use inherited permissions to control which users can view folders in a namespace for which access-based
enumeration is enabled. Using Inherited Permissions with Access-Based Enumeration
In addition, by using a DFS Namespaces enhancement known as target priority, you can specify the priority of
servers so that a specific server is always placed first or last in the list of servers (known as a referral) that the client
receives when it accesses a folder with targets in the namespace.
Specify in what order users should be referred to folder targets. Set the Ordering Method for Targets in
Referrals
Override referral ordering for a specific namespace server or folder target. Set Target Priority to Override
Referral Ordering
Additional References
Namespaces
Checklist: Deploy DFS Namespaces
Tuning DFS Namespaces
Deploying DFS Namespaces
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
When creating a namespace, you must choose one of two namespace types: a stand-alone namespace or a
domain-based namespace. In addition, if you choose a domain-based namespace, you must choose a namespace
mode: Windows 2000 Server mode or Windows Server 2008 mode.
NOTE
To check the size of a namespace, right-click the namespace in the DFS Management console tree, click Proper ties , and
then view the namespace size in the Namespace Proper ties dialog box. For more information about DFS Namespace
scalability, see the Microsoft website File Services.
Choose a domain-based namespace if any of the following conditions apply to your environment:
You want to ensure the availability of the namespace by using multiple namespace servers.
You want to hide the name of the namespace server from users. This makes it easier to replace the namespace
server or migrate the namespace to another server.
DO M A IN - B A SED DO M A IN - B A SED
N A M ESPA C E ( W IN DO W S N A M ESPA C E ( W IN DO W S
C H A RA C T ERIST IC STA N D- A LO N E N A M ESPA C E 2000 SERVER M O DE) SERVER 2008 M O DE)
Namespace size The namespace can contain The size of the namespace The namespace can contain
recommendations more than 5,000 folders object in AD DS should be more than 5,000 folders
with targets; the less than 5 megabytes (MB) with targets; the
recommended limit is to maintain compatibility recommended limit is
50,000 folders with targets with domain controllers that 50,000 folders with targets
are not running Windows
Server 2008. This means no
more than approximately
5,000 folders with targets.
Minimum AD DS domain AD DS is not required Windows 2000 mixed Windows Server 2008
functional level
Minimum supported Windows 2000 Server Windows 2000 Server Windows Server 2008
namespace servers
Supported methods to Create a stand-alone Use multiple namespace Use multiple namespace
ensure namespace namespace on a failover servers to host the servers to host the
availability cluster. namespace. (The namespace namespace. (The namespace
servers must be in the same servers must be in the same
domain.) domain.)
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
To create a new namespace, you can use Server Manager to create the namespace when you install the DFS
Namespaces role service. You can also use the New-DfsnRoot cmdlet from a Windows PowerShell session.
The DFSN Windows PowerShell module was introduced in Windows Server 2012.
Alernatively, you can use the following procedure to create a namespace after installing the role service.
To create a namespace
1. Click Star t , point to Administrative Tools , and then click DFS Management .
2. In the console tree, right-click the Namespaces node, and then click New Namespace .
3. Follow the instructions in the New Namespace Wizard .
To create a stand-alone namespace on a failover cluster, specify the name of a clustered file server instance
on the Namespace Ser ver page of the New Namespace Wizard .
IMPORTANT
Do not attempt to create a domain-based namespace using the Windows Server 2008 mode unless the forest functional
level is Windows Server 2003 or higher. Doing so can result in a namespace for which you cannot delete DFS folders, yielding
the following error message: "The folder cannot be deleted. Cannot complete this function".
Additional References
Deploying DFS Namespaces
Choose a Namespace Type
Add Namespace Servers to a Domain-based DFS Namespace
Delegate Management Permissions for DFS Namespaces.
Migrate a domain-based namespace to Windows
Server 2008 Mode
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
The Windows Server 2008 mode for domain-based namespaces includes support for access-based enumeration
and increased scalability.
2. Write down the path ( \\server \share ) for each namespace server. You must manually add namespace
servers to the re-created namespace because Dfsutil cannot import namespace servers.
3. In DFS Management, right-click the namespace and then click Delete , or type the following command at a
command prompt,
where \\domain\namespace is the name of the appropriate domain and namespace:
4. In DFS Management, re-create the namespace with the same name, but use the Windows Server 2008
mode, or type the following command at a command prompt, where
\\server\namespace is the name of the appropriate server and share for the namespace root:
5. To import the namespace from the export file, type the following command at a command prompt, where
\\domain\namespace is the name of the appropriate domain and namespace and path\filename is the path
and file name of the file to import:
6. Add any remaining namespace servers to the re-created namespace by right-clicking the namespace in DFS
Management and then clicking Add Namespace Ser ver , or by typing the following command at a
command prompt, where
\\server\share is the name of the appropriate server and share for the namespace root:
NOTE
You can add namespace servers before importing the namespace, but doing so causes the namespace servers to
incrementally download the metadata for the namespace instead of immediately downloading the entire namespace
after being added as a namespace server.
Additional References
Deploying DFS Namespaces
Choose a Namespace Type
Add namespace servers to a domain-based DFS
namespace
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
You can increase the availability of a domain-based namespace by specifying additional namespace servers to host
the namespace.
NOTE
This procedure is not applicable for stand-alone namespaces because they support only a single namespace server. To
increase the availability of a stand-alone namespace, specify a failover cluster as the namespace server in the New
Namespace Wizard.
TIP
To add a namespace server by using Windows PowerShell, use the New-DfsnRootTarget cmdlet. The DFSN Windows
PowerShell module was introduced in Windows Server 2012.
Additional References
Deploying DFS Namespaces
Review DFS Namespaces Server Requirements
Create a DFS Namespace
Delegate Management Permissions for DFS Namespaces
Create a folder in a DFS namespace
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
You can use folders to create additional levels of hierarchy in a namespace. You can also create folders with folder
targets to add shared folders to the namespace. DFS folders with folder targets cannot contain other DFS folders,
so if you want to add a level of hierarchy to the namespace, do not add folder targets to the folder.
Use the following procedure to create a folder in a namespace using DFS Management:
TIP
To create a folder in a namespace by using Windows PowerShell, use the New-DfsnFolder cmdlet. The DFSN Windows
PowerShell module was introduced in Windows Server 2012.
Additional References
Deploying DFS Namespaces
Delegate Management Permissions for DFS Namespaces
Add folder targets
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
A folder target is the Universal Naming Convention (UNC) path of a shared folder or another namespace that is
associated with a folder in a namespace. Adding multiple folder targets increases the availability of the folder in the
namespace.
TIP
To add a folder target by using Windows PowerShell, use the New-DfsnFolderTarget cmdlet. The DFSN Windows PowerShell
module was introduced in Windows Server 2012.
NOTE
Folders can contain folder targets or other DFS folders, but not both, at the same level in the folder hierarchy.
Additional References
Deploying DFS Namespaces
Delegate Management Permissions for DFS Namespaces
Replicate Folder Targets Using DFS Replication
Replicate folder targets using DFS Replication
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008
You can use DFS Replication to keep the contents of folder targets in sync so that users see the same files
regardless of which folder target the client computer is referred to.
NOTE
Configuration changes are not applied immediately to all members except when using the Suspend-DfsReplicationGroup and
Sync-DfsReplicationGroup cmdlets. The new configuration must be replicated to all domain controllers, and each member in
the replication group must poll its closest domain controller to obtain the changes. The amount of time this takes depends
on the Active Directory Directory Services (AD DS) replication latency and the long polling interval (60 minutes) on each
member. To poll immediately for configuration changes, open a Command Prompt window and then type the following
command once for each member of the replication group:
dfsrdiag.exe PollAD /Member:DOMAIN\Server1
To do so from a Windows PowerShell session, use the Update-DfsrConfigurationFromAD cmdlet, which was introduced in
Windows Server 2012 R2.
Additional References
Deploying DFS Namespaces
Delegate Management Permissions for DFS Namespaces
DFS Replication
Delegate management permissions for DFS
Namespaces
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
The following table describes the groups that can perform basic namespace tasks by default, and the method for
delegating the ability to perform these tasks:
GRO UP S T H AT C A N P ERF O RM T H IS
TA SK TA SK B Y DEFA ULT DEL EGAT IO N M ET H O D
Create a domain-based namespace Domain Admins group in the domain Right-click the Namespaces node in
where the namespace is configured the console tree, and then click
Delegate Management
Permissions . Or use the Set-DfsnRoot
GrantAdminAccounts and Set-
DfsnRoot RevokeAdminAccounts.
Windows PowerShell cmdlets
(introduced in Windows Server 2012).
You must also add the user to the local
Administrators group on the
namespace server.
Add a namespace server to a domain- Domain Admins group in the domain Right-click the domain-based
based namespace where the namespace is configured namespace in the console tree, and
then click Delegate Management
Permissions . Or use the Set-DfsnRoot
GrantAdminAccounts and Set-
DfsnRoot RevokeAdminAccounts.
Windows PowerShell cmdlets
(introduced in Windows Server 2012).
You must also add the user to the local
Administrators group on the
namespace server to be added.
Manage a domain-based namespace Local Administrators group on each Right-click the domain-based
namespace server namespace in the console tree, and
then click Delegate Management
Permissions .
Create a stand-alone namespace Local Administrators group on the Add the user to the local
namespace server Administrators group on the
namespace server.
Manage a stand-alone namespace* Local Administrators group on the Right-click the stand-alone namespace
namespace server in the console tree, and then click
Delegate Management
Permissions . Or use the Set-DfsnRoot
GrantAdminAccounts and Set-
DfsnRoot RevokeAdminAccounts.
Windows PowerShell cmdlets
(introduced in Windows Server 2012).
GRO UP S T H AT C A N P ERF O RM T H IS
TA SK TA SK B Y DEFA ULT DEL EGAT IO N M ET H O D
Create a replication group or enable Domain Admins group in the domain Right-click the Replication node in the
DFS Replication on a folder where the namespace is configured console tree, and then click Delegate
Management Permissions .
*Delegating management permissions to manage a stand-alone namespace does not grant the user the ability to
view and manage security by using the Delegation tab unless the user is a member of the local Administrators
group on the namespace server. This issue occurs because the DFS Management snap-in cannot retrieve the
discretionary access control lists (DACLs) for the stand-alone namespace from the registry. To enable the snap-in
to display delegation information, you must follow the steps in the Microsoft® Knowledge Base article:
KB314837: How to Manage Remote Access to the Registry
Tuning DFS Namespaces
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
After creating a namespace and adding folders and targets, refer to the following sections to tune or optimize the
way DFS Namespace handles referrals and polls Active Directory Domain Services (AD DS) for updated
namespace data:
Enable Access-Based Enumeration on a Namespace
Enable or Disable Referrals and Client Failback
Change the Amount of Time That Clients Cache Referrals
Set the Ordering Method for Targets in Referrals
Set Target Priority to Override Referral Ordering
Optimize Namespace Polling
Using Inherited Permissions with Access-Based Enumeration
NOTE
To search for folders or folder targets, select a namespace, click the Search tab, type your search string in the text box, and
then click Search .
Enable or Disable Referrals and Client Failback
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
A referral is an ordered list of servers that a client computer receives from a domain controller or namespace
server when the user accesses a namespace root or DFS folder with targets. After the computer receives the
referral, the computer attempts to access the first server in the list. If the server is not available, the client computer
attempts to access the next server. If a server becomes unavailable, you can configure clients to fail back to the
preferred server after it becomes available.
The following sections provide information about how to enable or disable referrals or enable client failback:
TIP
To enable or disable referrals by using Windows PowerShell, use the Set-DfsnRootTarget –State or Set-
DfsnServerConfiguration cmdlets, which were introduced in Windows Server 2012.
NOTE
To enable client failback on a namespace root by using Windows PowerShell, use the Set-DfsnRoot cmdlet. To enable client
failback on a DFS folder, use the Set-DfsnFolder cmdlet.
Additional References
Tuning DFS Namespaces
Review DFS Namespaces Client Requirements
Delegate Management Permissions for DFS Namespaces
Change the amount of time that clients cache
referrals
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
A referral is an ordered list of targets that a client computer receives from a domain controller or namespace
server when the user accesses a namespace root or folder with targets in the namespace. You can adjust how long
clients cache a referral before requesting a new one.
TIP
To change the amount of time that clients cache namespace root referrals by using Windows PowerShell, use the Set-
DfsnRoot TimeToLiveSec cmdlet. These cmdlets were introduced in Windows Server 2012.
Additional References
Tuning DFS Namespaces
Delegate Management Permissions for DFS Namespaces
Set the Ordering Method for Targets in Referrals
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
A referral is an ordered list of targets that a client computer receives from a domain controller or namespace
server when the user accesses a namespace root or folder with targets. After the client receives the referral, the
client attempts to access the first target in the list. If the target is not available, the client attempts to access the next
target. Targets on the client's site are always listed first in a referral. Targets outside of the client's site are listed
according to the ordering method.
Use the following sections to specify in what order targets should be referred to clients and to understand the
different methods of ordering target referrals:
NOTE
To use Windows PowerShell to set the ordering method for targets in namespace root referrals, use the Set-DfsnRoot cmdlet
with one of the following parameters:
EnableSiteCosting specifies the Lowest cost ordering method
EnableInsiteReferrals specifies the Exclude targets outside of the client's site ordering method
Omitting either parameter specifies the Random order referral ordering method.
The DFSN Windows PowerShell module was introduced in Windows Server 2012.
Random order
In this method, targets are ordered as follows:
1. Targets in the same Active Directory Directory Services (AD DS) site as the client are listed in random order at
the top of the referral.
2. Targets outside of the client's site are listed in random order.
If no same-site target servers are available, the client computer is referred to a random target server regardless of
how expensive the connection is or how distant the target.
Lowest cost
In this method, targets are ordered as follows:
1. Targets in the same site as the client are listed in random order at the top of the referral.
2. Targets outside of the client's site are listed in order of lowest cost to highest cost. Referrals with the same cost
are grouped together, and the targets are listed in random order within each group.
NOTE
Site link costs are not shown in the DFS Management snap-in. To view site link costs, use the Active Directory Sites and
Services snap-in.
NOTE
Targets that have target priority set to "First among all targets" or "Last among all targets" are still listed in the referral, even
if the ordering method is set to Exclude targets outside of the client's site .
Additional References
Tuning DFS Namespaces
Delegate Management Permissions for DFS Namespaces
Set target priority to override referral ordering
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
A referral is an ordered list of targets that a client computer receives from a domain controller or namespace
server when the user accesses a namespace root or folder with targets in the namespace. Each target in a referral
is ordered according to the ordering method for the namespace root or folder.
To refine how targets are ordered, you can set priority on individual targets. For example, you can specify that the
target is first among all targets, last among all targets, or first or last among all targets of equal cost.
Additional References
Tuning DFS Namespaces
Delegate Management Permissions for DFS Namespaces
Optimize Namespace Polling
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
To maintain a consistent domain-based namespace across namespace servers, it is necessary for namespace
servers to periodically poll Active Directory Domain Services (AD DS) to obtain the most current namespace data.
NOTE
To set the namespace polling mode by using Windows PowerShell, use the Set-DfsnRoot EnableRootScalability cmdlet, which
was introduced in Windows Server 2012.
Additional References
Tuning DFS Namespaces
Delegate Management Permissions for DFS Namespaces
Enable access-based enumeration on a namespace
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
Access-based enumeration hides files and folders that users do not have permissions to access. By default, this
feature is not enabled for DFS namespaces. You can enable access-based enumeration of DFS folders by using DFS
Management. To control access-based enumeration of files and folders in folder targets, you must enable access-
based enumeration on each shared folder by using Share and Storage Management.
To enable access-based enumeration on a namespace, all namespace servers must be running Windows
Server 2008 or newer. Additionally, domain-based namespaces must use the Windows Server 2008 mode. For
information about the requirements of the Windows Server 2008 mode, see Choose a Namespace Type.
In some environments, enabling access-based enumeration can cause high CPU utilization on the server and slow
response times for users.
NOTE
If you upgrade the domain functional level to Windows Server 2008 while there are existing domain-based namespaces, DFS
Management will allow you to enable access-based enumeration on these namespaces. However, you will not be able to edit
permissions to hide folders from any groups or users unless you migrate the namespaces to the Windows Server 2008
mode. For more information, see Migrate a Domain-based Namespace to Windows Server 2008 Mode.
To use access-based enumeration with DFS Namespaces, you must follow these steps:
Enable access-based enumeration on a namespace
Control which users and groups can view individual DFS folders
WARNING
Access-based enumeration does not prevent users from getting a referral to a folder target if they already know the DFS
path. Only the share permissions or the NTFS file system permissions of the folder target (shared folder) itself can prevent
users from accessing a folder target. DFS folder permissions are used only for displaying or hiding DFS folders, not for
controlling access, making Read access the only relevant permission at the DFS folder level. For more information, see Using
Inherited Permissions with Access-Based Enumeration
You can enable access-based enumeration on a namespace either by using the Windows interface or by using a
command line.
TIP
To manage access-based enumeration on a namespace by using Windows PowerShell, use the Set-DfsnRoot, Grant-
DfsnAccess, and Revoke-DfsnAccess cmdlets. The DFSN Windows PowerShell module was introduced in Windows Server
2012.
You can control which users and groups can view individual DFS folders either by using the Windows interface or
by using a command line.
For example, to replace existing permissions with permissions that allows the Domain Admins and
CONTOSO\Trainers groups Read (R) access to the \contoso.office\public\training folder, type the following
command:
3. To perform additional tasks from the command prompt, use the following commands:
C OMMAND DESC RIP T IO N
Dfsutil property sd deny Denies a group or user the ability to view the folder.
Dfsutil property sd revoke Removes a group or user ACE from the folder.
Additional References
Create a DFS Namespace
Delegate Management Permissions for DFS Namespaces
Installing DFS
Using Inherited Permissions with Access-Based Enumeration
Using inherited permissions with Access-based
Enumeration
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server (Semi-Annual Channel), Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008
By default, the permissions used for a DFS folder are inherited from the local file system of the namespace server.
The permissions are inherited from the root directory of the system drive and grant the DOMAIN\Users group
Read permissions. As a result, even after enabling access-based enumeration, all folders in the namespace remain
visible to all domain users.
NOTE
When using inherited permissions, it is simplest to set permissions on namespace roots and folders without targets. Then
use inherited permissions on folders with targets so that they inherit all permissions from their parents.
NOTE
Access-based enumeration does not prevent users from obtaining a referral to a folder target if they already know the DFS
path of the folder with targets. Permissions set using Windows Explorer or the Icacls command on namespace roots or
folders without targets control whether users can access the DFS folder or namespace root. However, they do not prevent
users from directly accessing a folder with targets. Only the share permissions or the NTFS file system permissions of the
shared folder itself can prevent users from accessing folder targets.
Additional References
Create a DFS Namespace
DFS Replication overview
8/18/2020 • 5 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server 2008 R2, Windows Server 2008, Windows Server (Semi-Annual Channel)
DFS Replication is a role service in Windows Server that enables you to efficiently replicate folders (including those
referred to by a DFS namespace path) across multiple servers and sites. DFS Replication is an efficient, multiple-
master replication engine that you can use to keep folders synchronized between servers across limited bandwidth
network connections. It replaces the File Replication Service (FRS) as the replication engine for DFS Namespaces, as
well as for replicating the Active Directory Domain Services (AD DS) SYSVOL folder in domains that use the
Windows Server 2008 or later domain functional level.
DFS Replication uses a compression algorithm known as remote differential compression (RDC). RDC detects
changes to the data in a file and enables DFS Replication to replicate only the changed file blocks instead of the
entire file.
For more information about replicating SYSVOL using DFS Replication, see Migrate the SYSVOL replication to DFS
Replication.
To use DFS Replication, you must create replication groups and add replicated folders to the groups. Replication
groups, replicated folders, and members are illustrated in the following figure.
This figure shows that a replication group is a set of servers, known as members, which participates in the
replication of one or more replicated folders. A replicated folder is a folder that stays synchronized on each
member. In the figure, there are two replicated folders: Projects and Proposals. As the data changes in each
replicated folder, the changes are replicated across connections between the members of the replication group. The
connections between all members form the replication topology. Creating multiple replicated folders in a single
replication group simplifies the process of deploying replicated folders because the topology, schedule, and
bandwidth throttling for the replication group are applied to each replicated folder. To deploy additional replicated
folders, you can use Dfsradmin.exe or a follow the instructions in a wizard to define the local path and permissions
for the new replicated folder.
Each replicated folder has unique settings, such as file and subfolder filters, so that you can filter out different files
and subfolders for each replicated folder.
The replicated folders stored on each member can be located on different volumes in the member, and the
replicated folders do not need to be shared folders or part of a namespace. However, the DFS Management snap-in
makes it easy to share replicated folders and optionally publish them in an existing namespace.
You can administer DFS Replication by using DFS Management, the DfsrAdmin and Dfsrdiag commands, or scripts
that call WMI.
Requirements
Before you can deploy DFS Replication, you must configure your servers as follows:
Update the Active Directory Domain Services (AD DS) schema to include Windows Server 2003 R2 or later
schema additions. You cannot use read-only replicated folders with the Windows Server 2003 R2 or older
schema additions.
Ensure that all servers in a replication group are located in the same forest. You cannot enable replication across
servers in different forests.
Install DFS Replication on all servers that will act as members of a replication group.
Contact your antivirus software vendor to check that your antivirus software is compatible with DFS Replication.
Locate any folders that you want to replicate on volumes formatted with the NTFS file system. DFS Replication
does not support the Resilient File System (ReFS) or the FAT file system. DFS Replication also does not support
replicating content stored on Cluster Shared Volumes.
Install-WindowsFeature <name>
For example, to install the Distributed File System Tools portion of the Remote Server Administration Tools feature,
type:
Install-WindowsFeature "RSAT-DFS-Mgmt-Con"
To install the DFS Replication, and the Distributed File System Tools portions of the Remote Server Administration
Tools feature, type:
Additional References
DFS Namespaces and DFS Replication overview
Checklist: Deploy DFS Replication
Checklist: Manage DFS Replication
Deploying DFS Replication
Managing DFS Replication
Troubleshooting DFS Replication
Migrate SYSVOL replication to DFS Replication
8/18/2020 • 2 minutes to read • Edit Online
NOTE
To download a printable version of this guide, go to SYSVOL Replication Migration Guide: FRS to DFS Replication
(https://go.microsoft.com/fwlink/?LinkId=150375)
In this guide
SYSVOL Migration Conceptual Information
SYSVOL Migration States
Overview of the SYSVOL Migration Procedure
SYSVOL Migration Procedure
Migrating to the Prepared State
Migrating to the Redirected State
Migrating to the Eliminated State
Troubleshooting SYSVOL Migration
Troubleshooting SYSVOL Migration Issues
Rolling Back SYSVOL Migration to a Previous Stable State
SYSVOL Migration Reference Information
Supported SYSVOL Migration Scenarios
Verifying the State of SYSVOL Migration
Dfsrmig
SYSVOL Migration Tool Actions
Additional references
SYSVOL Migration Series: Part 1—Introduction to the SYSVOL migration process
SYSVOL Migration Series: Part 2—Dfsrmig.exe: The SYSVOL migration tool
SYSVOL Migration Series: Part 3—Migrating to the 'PREPARED' state
SYSVOL Migration Series: Part 4—Migrating to the 'REDIRECTED' state
SYSVOL Migration Series: Part 5—Migrating to the 'ELIMINATED' state
Step-by-Step Guide for Distributed File Systems in Windows Server 2008
FRS Technical Reference
Use Robocopy to pre-seed files for DFS Replication
8/18/2020 • 8 minutes to read • Edit Online
Applies to: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2,
Windows Server 2008
This topic explains how to use the command-line tool, Robocopy.exe , to pre-seed files when setting up replication
for Distributed File System (DFS) Replication (also known as DFSR or DFS-R) in Windows Server. By pre-seeding
files before you set up DFS Replication, add a new replication partner, or replace a server, you can speed up initial
synchronization and enable cloning of the DFS Replication database in Windows Server 2012 R2. The Robocopy
method is one of several pre-seeding methods; for an overview, see Step 1: pre-seed files for DFS Replication.
The Robocopy (Robust File Copy) command-line utility is included with Windows Server. The utility provides
extensive options that include copying security, backup API support, retry capabilities, and logging. Later versions
include multi-threading and un-buffered I/O support.
IMPORTANT
Robocopy does not copy exclusively locked files. If users tend to lock many files for long periods on your file servers, consider
using a different pre-seeding method. pre-seeding does not require a perfect match between file lists on the source and
destination servers, but the more files that do not exist when initial synchronization is performed for DFS Replication, the less
effective pre-seeding is. To minimize lock conflicts, use Robocopy during non-peak hours for your organization. Always
examine the Robocopy logs after pre-seeding to ensure that you understand which files were skipped because of exclusive
locks.
To use Robocopy to pre-seed files for DFS Replication, follow these steps:
1. Download and install the latest version of Robocopy.
2. Stabilize files that will be replicated.
3. Copy the replicated files to the destination server.
Prerequisites
Because pre-seeding does not directly involve DFS Replication, you only need to meet the requirements for
performing a file copy with Robocopy.
You need an account that's a member of the local Administrators group on both the source and destination
servers.
Install the most recent version of Robocopy on the server that you will use to copy the files—either the
source server or the destination server; you will need to install the most recent version for the operating
system version. For instructions, see Step 2: Stabilize files that will be replicated. Unless you are pre-seeding
files from a server running Windows Server 2003 R2, you can run Robocopy on either the source or
destination server. The destination server, which typically has the more recent operating system version,
gives you access to the most recent version of Robocopy.
Ensure that sufficient storage space is available on the destination drive. Do not create a folder on the path
that you plan to copy to: Robocopy must create the root folder.
NOTE
When you decide how much space to allocate for the pre-seeded files, consider expected data growth over time and
storage requirements for DFS Replication. For planning help, see Edit the Quota Size of the Staging Folder and Conflict
and Deleted Folder in Managing DFS Replication.
On the source server, optionally install Process Monitor or Process Explorer, which you can use to check for
applications that are locking files. For download information, see Process Monitor and Process Explorer.
For example, enter robocopy.exe kbqfe "Windows Ser ver 2008 R2" .
3. Locate and download the hotfix with the highest ID number (that is, the latest version).
4. Install the hotfix on the server.
Users remotely open files on shares. Employees connect to a standard file Only perform Robocopy operations
server and edit documents, multimedia during off-peak, non-business hours.
content, or other files. Sometimes This minimizes the number of files that
referred to as the traditional home Robocopy must skip during pre-
folder or shared data workloads. seeding.
Applications open files local. Application workloads running on a file Temporarily disable or uninstall the
server sometimes lock files. applications that are locking files. You
can use Process Monitor or Process
Explorer to determine which
applications are locking files. To
download Process Monitor or Process
Explorer, visit the Process Monitor and
Process Explorer pages.
NOTE
You can run Robocopy on either the source computer or the destination computer. The following procedure describes running
Robocopy on the destination server, which typically is running a more recent operating system, to take advantage of any
additional Robocopy capabilities that the more recent operating system might provide.
pre -seed the replicated files onto the destination server with Robocopy
1. Sign in to the destination server with an account that's a member of the local Administrators group on both
the source and destination servers.
2. Open an elevated command prompt.
3. To pre-seed the files from the source to destination server, run the following command, substituting your
own source, destination, and log file paths for the bracketed values:
robocopy "<source replicated folder path>" "<destination replicated folder path>" /e /b /copyall /r:6
/w:5 /MT:64 /xd DfsrPrivate /tee /log:<log file path> /v
This command copies all contents of the source folder to the destination folder, with the following
parameters:
PA RA M ET ER DESC RIP T IO N
"<source replicated folder path>" Specifies the source folder to pre-seed on the destination
server.
"<destination replicated folder path>" Specifies the path to the folder that will store the pre-
seeded files.
/log <log file path> Specifies the log file to write. Overwrites the file's existing
contents. (To append the entries to the existing log file, use
/log+ <log file path> .)
For example, the following command replicates files from the source replicated folder, E:\RF01, to data drive
D on the destination server:
robocopy.exe "\\srv01\e$\rf01" "d:\rf01" /e /b /copyall /r:6 /w:5 /MT:64 /xd DfsrPrivate /tee
/log:c:\temp\pre-seedsrv02.log
NOTE
We recommend that you use the parameters described above when you use Robocopy to pre-seed files for DFS
Replication. However, you can change some of their values or add additional parameters. For example, you might find
out through testing that you have the capacity to set a higher value (thread count) for the /MT parameter. Also, if
you'll primarily replicate larger files, you might be able to increase copy performance by adding the /j option for
unbuffered I/O. For more information about Robocopy parameters, see the Robocopy command-line reference.
WARNING
To avoid potential data loss when you use Robocopy to pre-seed files for DFS Replication, do not make the following
changes to the recommended parameters:
Do not use the /mir parameter (that mirrors a directory tree) or the /mov parameter (that moves the files, then
deletes them from the source).
Do not remove the /e , /b , and /copyall options.
4. After copying completes, examine the log for any errors or skipped files. Use Robocopy to copy any skipped
files individually instead of recopying the entire set of files. If files were skipped because of exclusive locks,
either try copying individual files with Robocopy later, or accept that those files will require over-the-wire
replication by DFS Replication during initial synchronization.
Next step
After you complete the initial copy, and use Robocopy to resolve issues with as many skipped files as possible, you
will use the Get-DfsrFileHash cmdlet in Windows PowerShell or the Dfsrdiag command to validate the pre-
seeded files by comparing file hashes on the source and destination servers. For detailed instructions, see Step 2:
Validate pre-seeded Files for DFS Replication.
DFS Replication: Frequently Asked Questions (FAQ)
8/18/2020 • 39 minutes to read • Edit Online
Interoperability
Can DFS Replication communicate with FRS?
No. DFS Replication does not communicate with File Replication Service (FRS). DFS Replication and FRS can run on
the same server at the same time, but they must never be configured to replicate the same folders or subfolders
because doing so can cause data loss.
Can DFS Replication replace FRS for SYSVOL replication
Yes, DFS Replication can replace FRS for SYSVOL replication on servers running Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008. Servers running Windows
Server 2003 R2 do not support using DFS Replication to replicate the SYSVOL folder.
For more information about replicating SYSVOL by using DFS Replication, see the SYSVOL Replication Migration
Guide: FRS to DFS Replication.
Can I upgrade from FRS to DFS Replication without losing configuration settings?
Yes. To migrate replication from FRS to DFS Replication, see the following documents:
To migrate replication of folders other than the SYSVOL folder, see DFS Operations Guide: Migrating from
FRS to DFS Replication and FRS2DFSR – An FRS to DFSR Migration Utility (https://go.microsoft.com/fwlink/?
LinkID=195437).
To migrate replication of the SYSVOL folder to DFS Replication, see SYSVOL Replication Migration Guide:
FRS to DFS Replication.
Can I use DFS Replication in a mixed Windows/UNIX environment?
Yes. Although DFS Replication only supports replicating content between servers running Windows Server, UNIX
clients can access file shares on the Windows servers. To do so, install Services for Network File Systems (NFS) on
the DFS Replication server.
You can also use the SMB/CIFS client functionality included in many UNIX clients to directly access the Windows file
shares, although this functionality is often limited or requires modifications to the Windows environment (such as
disabling SMB Signing by using Group Policy).
DFS Replication interoperates with NFS on a server running a Windows Server operating system, but you cannot
replicate an NFS mount point.
Can I use the Volume Shadow Copy Service with DFS Replication?
Yes. DFS Replication is supported on Volume Shadow Copy Service (VSS) volumes and previous snapshots can be
restored successfully with the Previous Versions Client.
Can I use Windows Backup (Ntbackup.exe ) to remotely back up a replicated folder?
No, using Windows Backup (Ntbackup.exe) on a computer running Windows Server 2003 or earlier to back up the
contents of a replicated folder on a computer running Windows Server 2012, Windows Server 2008 R2, or
Windows Server 2008 is not supported.
To back up files that are stored in a replicated folder, use Windows Server Backup or Microsoft® System Center
Data Protection Manager. For information about Backup and Recovery functionality in Windows Server 2008 R2
and Windows Server 2008, see Backup and Recovery. For more information, see System Center Data Protection
Manager (https://go.microsoft.com/fwlink/?LinkId=182261).
Do file system policies impact DFS Replication?
Yes. Do not configure file system policies on replicated folders. The file system policy reapplies NTFS permissions at
every Group Policy refresh interval. This can result in sharing violations because an open file is not replicated until
the file is closed.
Does DFS Replication replicate mailboxes hosted on Microsoft Exchange Server?
No. DFS Replication cannot be used to replicate mailboxes hosted on Microsoft Exchange Server.
Does DFS Replication support file screens created by File Server Resource Manager?
Yes. However, the File Server Resource Manager (FSRM) file screening settings must match on both ends of the
replication. In addition, DFS Replication has its own filter mechanism for files and folders that you can use to
exclude certain files and file types from replication.
The following are best practices for implementing file screens or quotas:
The hidden DfsrPrivate folder must not be subject to quotas or file screens.
Screened files must not exist in any replicated folder before screening is enabled.
No folders may exceed the quota before the quota is enabled.
You must use hard quotas with caution. It is possible for individual members of a replication group to stay
within a quota before replication, but exceed it when files are replicated. For example, if a user copies a
10 megabyte (MB) file onto server A (which is then at the hard limit) and another user copies a 5 MB file
onto server B, when the next replication occurs, both servers will exceed the quota by 5 megabytes. This can
cause DFS Replication to continually retry replicating the files, causing holes in the version vector and
possible performance problems.
Is DFS Replication cluster aware?
Yes, DFS Replication in Windows Server 2012 R2, Windows Server 2012 and Windows Server 2008 R2 includes
the ability to add a failover cluster as a member of a replication group. For more information, see Add a Failover
Cluster to a Replication Group (https://go.microsoft.com/fwlink/?LinkId=155085). The DFS Replication service on
versions of Windows prior to Windows Server 2008 R2 is not designed to coordinate with a failover cluster, and
the service will not fail over to another node.
NOTE
DFS Replication does not support replicating files on Cluster Shared Volumes.
IMPORTANT
When creating replication groups with a large number or size of files we recommend exporting a database clone and using
pre-seeding techniques to minimize the duration of initial replication. For more information, see DFS Replication Initial Sync in
Windows Server 2012 R2: Attack of the Clones.
The following list provides a set of scalability guidelines that have been tested by Microsoft on Windows Server
2012, Windows Server 2008 R2, and Windows Server 2008:
Size of all replicated files on a server: 10 terabytes.
Number of replicated files on a volume: 11 million.
Maximum file size: 64 gigabytes.
NOTE
There is no longer a limit to the number of replication groups, replicated folders, connections, or replication group members.
For a list of scalability guidelines that have been tested by Microsoft for Windows Server 2003 R2, see DFS
Replication scalability guidelines (https://go.microsoft.com/fwlink/?LinkId=75043).
When should I not use DFS Replication?
Do not use DFS Replication in an environment where multiple users update or modify the same files
simultaneously on different servers. Doing so can cause DFS Replication to move conflicting copies of the files to
the hidden DfsrPrivate\ConflictandDeleted folder.
When multiple users need to modify the same files at the same time on different servers, use the file check-out
feature of Windows SharePoint Services to ensure that only one user is working on a file. Windows SharePoint
Services 2.0 with Service Pack 2 is available as part of Windows Server 2003 R2. Windows SharePoint Services can
be downloaded from the Microsoft Web site; it is not included in newer versions of Windows Server.
Why is a schema update required for DFS Replication?
DFS Replication uses new objects in the domain-naming context of Active Directory Domain Services to store
configuration information. These objects are created when you update the Active Directory Domain Services
schema. For more information, see Review Requirements for DFS Replication (https://go.microsoft.com/fwlink/?
LinkId=182264).
IMPORTANT
To view or manage replication groups that contain read-only replicated folders or members that are failover clusters, you
must use the version of DFS Management that is included with Windows Server 2012 R2, Windows Server 2012, Windows
Server 2008 R2, the Remote Server Administration Tools for Windows 8, or the Remote Server Administration Tools for
Windows 7.
Performance
Does DFS Replication support dial-up connections?
Although DFS Replication will work at dial-up speeds, it can get backlogged if there are large numbers of changes
to replicate. If small changes are made to existing files, DFS Replication with Remote Differential Compression
(RDC) will provide a much higher performance than copying the file directly.
Does DFS Replication perform bandwidth sensing?
No. DFS Replication does not perform bandwidth sensing. You can configure DFS Replication to use a limited
amount of bandwidth on a per-connection basis (bandwidth throttling). However, DFS Replication does not further
reduce bandwidth utilization if the network interface becomes saturated, and DFS Replication can saturate the link
for short periods. Bandwidth throttling with DFS Replication is not completely accurate because DFS Replication
throttles bandwidth by throttling RPC calls. As a result, various buffers in lower levels of the network stack
(including RPC) may interfere, causing bursts of network traffic.
Does DFS Replication throttle bandwidth per schedule, per server, or per connection?
If you configure bandwidth throttling when specifying the schedule, all connections for that replication group will
use that setting for bandwidth throttling. Bandwidth throttling can be also set as a connection-level setting using
DFS Management.
Does DFS Replication use Active Directory Domain Services to calculate site links and connection costs?
No. DFS Replication uses the topology defined by the administrator, which is independent of Active Directory
Domain Services site costing.
How can I improve replication performance?
To learn about different methods of tuning replication performance, see Tuning Replication Performance in DFSR on
the Ask the Directory Services Team blog.
How does DFS Replication avoid saturating a connection?
In DFS Replication you set the maximum bandwidth you want to use on a connection, and the service maintains
that level of network usage. This is different from the Background Intelligent Transfer Service (BITS), and DFS
Replication does not saturate the connection if you set it appropriately.
Nonetheless, the bandwidth throttling is not 100% accurate and DFS Replication can saturate the link for short
periods of time. This is because DFS Replication throttles bandwidth by throttling RPC calls. Because this process
relies on various buffers in lower levels of the network stack, including RPC, the replication traffic tends to travel in
bursts which may at times saturate the network links.
DFS Replication in Windows Server 2008 includes several performance enhancements, as discussed in Distributed
File System, a topic in Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008.
How does DFS Replication performance compare with FRS?
DFS Replication is much faster than FRS, particularly when small changes are made to large files and RDC is
enabled. For example, with RDC, a small change to a 2 MB PowerPoint® presentation can result in only
60 kilobytes (KB) being sent across the network—a 97 percent savings in bytes transferred.
RDC is not used on files smaller than 64 KB and might not be beneficial on high-speed LANs where network
bandwidth is not contended. RDC can be disabled on a per-connection basis using DFS Management.
How frequently does DFS Replication replicate data?
Data replicates according to the schedule you set. For example, you can set the schedule to 15-minute intervals,
seven days a week. During these intervals, replication is enabled. Replication starts soon after a file change is
detected (generally within seconds).
The replication group schedule may be set to Universal Time Coordinate (UTC) while the connection schedule is set
to the local time of the receiving member. Take this into account when the replication group spans multiple time
zones. Local time means the time of the member hosting the inbound connection. The displayed schedule of the
inbound connection and the corresponding outbound connection reflect time zone differences when the schedule
is set to local time.
How much of my server's system resources will DFS Replication consume?
The disk, memory, and CPU resources used by DFS Replication depend on a number of factors, including the
number and size of the files, rate of change, number of replication group members, and number of replicated
folders. In addition, some resources are harder to estimate. For example, the Extensible Storage Engine (ESE)
technology used for the DFS Replication database can consume a large percentage of available memory, which it
releases on demand. Applications other than DFS Replication can be hosted on the same server depending on the
server configuration. However, when hosting multiple applications or server roles on a single server, it is important
that you test this configuration before implementing it in a production environment.
What happens if a WAN link fails during replication?
If the connection goes down, DFS Replication will keep trying to replicate while the schedule is open. There will also
be connectivity errors noted in the DFS Replication event log that can be harvested using MOM (proactively
through alerts) and the DFS Replication Health Report (reactively, such as when an administrator runs it).
Windows No Yes No
Server 2003 R2
* You can optionally disable cross-file RDC on Windows Server 2012 R2.
Replication details
Can I change the path for a replicated folder after it is created?
No. If you need to change the path of a replicated folder, you must delete it in DFS Management and add it back as
a new replicated folder. DFS Replication then uses Remote Differential Compression (RDC) to perform a
synchronization that determines whether the data is the same on the sending and receiving members. It does not
replicate all the data in the folder again.
Can I configure which file attributes are replicated?
No, you cannot configure which file attributes that DFS Replication replicates.
For a list of attribute values and their descriptions, see File Attributes on MSDN (https://go.microsoft.com/fwlink/?
LinkId=182268).
The following attribute values are set by using the SetFileAttributes dwFileAttributes function, and they are
replicated by DFS Replication. Changes to these attribute values trigger replication of the attributes. The contents of
the file are not replicated unless the contents change as well. For more information, see SetFileAttributes Function
in the MSDN library (https://go.microsoft.com/fwlink/?LinkId=182269).
FILE_ATTRIBUTE_HIDDEN
FILE_ATTRIBUTE_READONLY
FILE_ATTRIBUTE_SYSTEM
FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
FILE_ATTRIBUTE_OFFLINE
The following attribute values are replicated by DFS Replication, but they do not trigger replication.
FILE_ATTRIBUTE_ARCHIVE
FILE_ATTRIBUTE_NORMAL
The following file attribute values also trigger replication, although they cannot be set by using the
SetFileAttributes function (use the GetFileAttributes function to view the attribute values).
FILE_ATTRIBUTE_REPARSE_POINT
NOTE
DFS Replication does not replicate reparse point attribute values unless the reparse tag is IO_REPARSE_TAG_SYMLINK. Files
with the IO_REPARSE_TAG_DEDUP, IO_REPARSE_TAG_SIS or IO_REPARSE_TAG_HSM reparse tags are replicated as normal files.
However, the reparse tag and reparse data buffers are not replicated to other servers because the reparse point only works
on the local system.
FILE_ATTRIBUTE_COMPRESSED
FILE_ATTRIBUTE_ENCRYPTED
NOTE
DFS Replication does not replicate files that are encrypted by using the Encrypting File System (EFS). DFS Replication does
replicate files that are encrypted by using non-Microsoft software, but only if it does not set the FILE_ATTRIBUTE_ENCRYPTED
attribute value on the file.
FILE_ATTRIBUTE_SPARSE_FILE
FILE_ATTRIBUTE_DIRECTORY
DFS Replication does not replicate the FILE_ATTRIBUTE_TEMPORARY value.
Can I control which member is replicated?
Yes. You can choose a topology when you create a replication group. Or you can select No topology and manually
configure connections after the replication group has been created.
Can I seed a replication group member with data prior to the initial replication?
Yes. DFS Replication supports copying files to a replication group member before the initial replication. This
"prestaging" can dramatically reduce the amount of data replicated during the initial replication.
The initial replication does not need to replicate contents when files differ only by real attributes or time stamps. A
real attribute is an attribute that can be set by the Win32 function SetFileAttributes . For more information, see
SetFileAttributes Function in the MSDN library (https://go.microsoft.com/fwlink/?LinkId=182269). If two files differ
by other attributes, such as compression, then the contents of the file are replicated.
To prestage a replication group member, copy the files to the appropriate folder on the destination server(s), create
the replication group, and then choose a primary member. Choose the member that has the most up-to-date files
that you want to replicate because the primary member's content is considered "authoritative." This means that
during initial replication, the primary member's files will always overwrite other versions of the files on other
members of the replication group.
For information about pre-seeding and cloning the DFSR database, see DFS Replication Initial Sync in Windows
Server 2012 R2: Attack of the Clones.
For more information about the initial replication, see Create a Replication Group.
Does DFS Replication overcome common File Replication Service issues?
Yes. DFS Replication overcomes three common FRS issues:
Journal wraps: DFS Replication recovers from journal wraps on the fly. Each existing file or folder will be
marked as journalWrap and verified against the file system before replication is enabled again. During the
recovery, this volume is not available for replication in either direction.
Excessive replication: To prevent excessive replication, DFS Replication uses a system of credits.
Morphed folders: To prevent morphed folder names, DFS Replication stores conflicting data in a hidden
DfsrPrivate\ConflictandDeleted folder (located under the local path of the replicated folder). For example,
creating multiple folders simultaneously with identical names on different servers replicated using FRS
causes FRS to rename the older folder(s). DFS Replication instead moves the older folder(s) to the local
Conflict and Deleted folder.
Does DFS Replication replicate files in chronological order?
No. Files may be replicated out of order.
Does DFS Replication replicate files that are being used by another application?
If an application opens a file and creates a file lock on it (preventing it from being used by other applications while
it is open), DFS Replication will not replicate the file until it is closed. If the application opens the file with read-share
access, the file can still be replicated.
Does DFS Replication replicate NTFS file permissions, alternate data streams, hard links, and reparse points?
DFS Replication replicates NTFS file permissions and alternate data streams.
Microsoft does not support creating NTFS hard links to or from files in a replicated folder – doing so can
cause replication issues with the affected files. Hard link files are ignored by DFS Replication and are not
replicated. Junction points also are not replicated, and DFS Replication logs event 4406 for each junction
point it encounters.
The only reparse points replicated by DFS Replication are those that use the IO_REPARSE_TAG_SYMLINK tag;
however, DFS Replication does not guarantee that the target of a symlink is also replicated. For more
information, see the Ask the Directory Services Team blog.
Files with the IO_REPARSE_TAG_DEDUP, IO_REPARSE_TAG_SIS, or IO_REPARSE_TAG_HSM reparse tags are
replicated as normal files. The reparse tag and reparse data buffers are not replicated to other servers
because the reparse point only works on the local system. As such, DFS Replication can replicate folders on
volumes that use Data Deduplication in Windows Server 2012, or Single Instance Storage (SIS), however,
data deduplication information is maintained separately by each server on which the role service is enabled.
Does DFS Replication replicate timestamp changes if no other changes are made to the file?
No, DFS Replication does not replicate files for which the only change is a change to the timestamp. Additionally,
the changed timestamp is not replicated to other members of the replication group unless other changes are made
to the file.
Does DFS Replication replicate updated permissions on a file or folder?
Yes. DFS Replication replicates permission changes for files and folders. Only the part of the file associated with the
Access Control List (ACL) is replicated, although DFS Replication must still read the entire file into the staging area.
NOTE
Changing ACLs on a large number of files can have an impact on replication performance. However, when using RDC, the
amount of data transferred is proportionate to the size of the ACLs, not the size of the entire file. The amount of disk traffic is
still proportional to the size of the files because the files must be read to and from the staging folder.
Does DFS Replication support merging text files in the event of a conflict?
DFS Replication does not merge files when there is a conflict. However, it does attempt to preserve the older
version of the file in the hidden DfsrPrivate\ConflictandDeleted folder on the computer where the conflict was
detected.
Does DFS Replication use encryption when transmitting data?
Yes. DFS Replication uses Remote Procedure Call (RPC) connections with encryption.
Is it possible to disable the use of encrypted RPC?
No. The DFS Replication service uses remote procedure calls (RPC) over TCP to replicate data. To secure data
transfers across the Internet, the DFS Replication service is designed to always use the authentication-level
constant, RPC_C_AUTHN_LEVEL_PKT_PRIVACY . This ensures that the RPC communication across the Internet is always
encrypted. Therefore, it is not possible to disable the use of encrypted RPC by the DFS Replication service.
For more information, see the following Microsoft Web sites:
RPC Technical Reference
About Remote Differential Compression
Authentication-Level Constants
How are simultaneous replications handled?
There is one update manager per replicated folder. Update managers work independently of one another.
By default, a maximum of 16 (four in Windows Server 2003 R2) concurrent downloads are shared among all
connections and replication groups. Because connections and replication group updates are not serialized, there is
no specific order in which updates are received. If two schedules are opened, updates are generally received and
installed from both connections at the same time.
How do I force replication or polling?
You can force replication immediately by using DFS Management, as described in Edit Replication Schedules. You
can also force replication by using the Sync-DfsReplicationGroup cmdlet, included in the DFSR PowerShell module
introduced with Windows Server 2012 R2, or the Dfsrdiag SyncNow command. You can force polling by using
the Update-DfsrConfigurationFromAD cmdlet, or the Dfsrdiag PollAD command.
Is it possible to configure a quiet time between replications for files that change frequently?
No. If the schedule is open, DFS Replication will replicate changes as it notices them. There is no way to configure a
quiet time for files.
Is it possible to configure one -way replication with DFS Replication?
Yes. If you are using Windows Server 2012 or Windows Server 2008 R2, you can create a read-only replicated
folder that replicates content through a one-way connection. For more information, see Make a Replicated Folder
Read-Only on a Particular Member (https://go.microsoft.com/fwlink/?LinkId=156740).
We do not support creating a one-way replication connection with DFS Replication in Windows Server 2008 or
Windows Server 2003 R2. Doing so can cause numerous problems including health-check topology errors, staging
issues, and problems with the DFS Replication database.
If you are using Windows Server 2008 or Windows Server 2003 R2, you can simulate a one-way connection by
performing the following actions:
Train administrators to make changes only on the server(s) that you want to designate as primary servers.
Then let the changes replicate to the destination servers.
Configure the share permissions on the destination servers so that end users do not have Write
permissions. If no changes are allowed on the branch servers, then there is nothing to replicate back,
simulating a one-way connection and keeping WAN utilization low.
Is there a way to force a complete replication of all files including unchanged files?
No. If DFS Replication considers the files identical, it will not replicate them. If changed files have not been
replicated, DFS Replication will automatically replicate them when configured to do so. To overwrite the configured
schedule, use the WMI method ForceReplicate() . However, this is only a schedule override, and it does not force
replication of unchanged or identical files.
What happens if the primary member suffers a database loss during initial replication?
During initial replication, the primary member's files will always take precedence in the conflict resolution that
occurs if the receiving members have different versions of files on the primary member. The primary member
designation is stored in Active Directory Domain Services, and the designation is cleared after the primary member
is ready to replicate, but before all members of the replication group replicate.
If the initial replication fails or the DFS Replication service restarts during the replication, the primary member sees
the primary member designation in the local DFS Replication database and retries the initial replication. If the
primary member's DFS Replication database is lost after clearing the primary designation in Active Directory
Domain Services, but before all members of the replication group complete the initial replication, all members of
the replication group fail to replicate the folder because no server is designated as the primary member. If this
happens, use the Dfsradmin membership /set /isprimar y:true command on the primary member server to
restore the primary member designation manually.
For more information about initial replication, see Create a Replication Group.
WARNING
The primary member designation is used only during the initial replication process. If you use the Dfsradmin command to
specify a primary member for a replicated folder after replication is complete, DFS Replication does not designate the server
as a primary member in Active Directory Domain Services. However, if the DFS Replication database on the server
subsequently suffers irreversible corruption or data loss, the server attempts to perform an initial replication as the primary
member instead of recovering its data from another member of the replication group. Essentially, the server becomes a rogue
primary server, which can cause conflicts. For this reason, specify the primary member manually only if you are certain that
the initial replication has irretrievably failed.
What happens if the replication schedule closes while a file is being replicated?
If remote differential compression (RDC) is enabled on the connection, inbound replication of a file larger than
64 KB that began replicating immediately prior to the schedule closing (or changing to No bandwidth ) continues
when the schedule opens (or changes to something other than No bandwidth ). The replication continues from the
state it was in when replication stopped.
If RDC is turned off, DFS Replication completely restarts the file transfer. This can delay when the file is available on
the receiving member.
What happens when two users simultaneously update the same file on different servers?
When DFS Replication detects a conflict, it uses the version of the file that was saved last. It moves the other file into
the DfsrPrivate\ConflictandDeleted folder (under the local path of the replicated folder on the computer that
resolved the conflict). It remains there until Conflict and Deleted folder cleanup, which occurs when the Conflict and
Deleted folder exceeds the configured size or DFS Replication encounters an Out of disk space error. The Conflict
and Deleted folder is not replicated, and this method of conflict resolution avoids the problem of morphed
directories that was possible in FRS.
When a conflict occurs, DFS Replication logs an informational event to the DFS Replication event log. This event
does not require user action for the following reasons:
It is not visible to users (it is visible only to server administrators).
DFS Replication treats the Conflict and Deleted folder as a cache. When a quota threshold is reached, it
cleans out some of those files. There is no guarantee that conflicting files will be saved.
The conflict could reside on a server different from the origin of the conflict.
Staging
Does DFS Replication continue staging files when replication is disabled by a schedule or bandwidth throttling
quota, or when a connection is manually disabled?
No. DFS Replication does not continue to stage files outside of scheduled replication times, if the bandwidth
throttling quota has been exceeded, or when connections are disabled.
Does DFS Replication prevent other applications from accessing a file during staging?
No. DFS Replication opens files in a way that does not block users or applications from opening files in the
replication folder. This method is known as "opportunistic locking."
Is it possible to change the location of the staging folder with the DFS Management Tool?
Yes. The staging folder location is configured on the Advanced tab of the Proper ties dialog box for each member
of a replication group.
When are files staged?
Files are staged on the sending member when the receiving member requests the file (unless the file is 64 KB or
smaller) as shown in the following table. If Remote Differential Compression (RDC) is disabled on the connection,
the file is staged unless it is 256 KB or smaller. Files are also staged on the receiving member as they are
transferred if they are less than 64 KB in size, although you can configure this setting between 16 KB and 1 MB. If
the schedule is closed, files are not staged.
The minimum file sizes for staging files
RDC EN A B L ED RDC DISA B L ED
What happens if a file is changed after it is staged but before it is completely transmitted to the remote site?
If any part of the file is already being transmitted, DFS Replication continues the transmission. If the file is changed
before DFS Replication begins transmitting the file, then the newer version of the file is sent.
Change History
DAT E DESC RIP T IO N REA SO N
November 15, 2018 Updated for Windows Server 2019. New operating system.
DAT E DESC RIP T IO N REA SO N
October 9th, 2013 Updated the What are the Updates for the latest version of
supported limits of DFS Replication? Windows Server
section with results from tests on
Windows Server 2012 R2.
January 30th, 2013 Added the Does DFS Replication Customer questions
continue staging files when
replication is disabled by a schedule
or bandwidth throttling quota, or
when a connection is manually
disabled? entry.
October 31st, 2012 Edited the What are the supported Customer feedback
limits of DFS Replication? entry to
increase the tested number of
replicated files on a volume.
August 15, 2012 Edited the Does DFS Replication Feedback from Customer Support
replicate NTFS file permissions, Services
alternate data streams, hard links,
and reparse points? entry to further
clarify how DFS Replication handles
hard links and reparse points.
June 13, 2012 Edited the Does DFS Replication Customer feedback
work on ReFS or FAT volumes?
entry to add discussion of ReFS.
April 25, 2012 Edited the Does DFS Replication Reduce potential confusion
replicate NTFS file permissions,
alternate data streams, hard links,
and reparse points? entry to clarify
how DFS Replication handles hard
links.
March 30, 2011 Edited the Can DFS Replication Customer questions about the
replicate Outlook .pst or Microsoft previous entry, which incorrectly
Office Access database files? entry indicated that replicating .pst or
to correct the potential impact of Access files could corrupt the DFS
using DFS Replication with .pst and Replication database.
Access files.
Added How can I improve
replication performance?
January 26, 2011 Added How can files be recovered Customer feedback
from the ConflictAndDeleted or
PreExisting folders?
This article is a quick reference guide on how to calculate the minimum staging area needed for DFSR to function
properly. Values lower than these may cause replication to go slowly or stop altogether.
Keep in mind these are minimums only. When considering staging area size, the bigger the staging area the better,
up to the size of the Replicated Folder. See the section "How to determine if you have a staging area problem" and
the blog posts linked at the end of this article for more details on why it is important to have a properly sized
staging area.
NOTE
We also have a hotfix to help you with calculating staging sizes. Update for the DFS Replication (DFSR) Management interface
is available
Rules of thumb
Windows Ser ver 2003 R2 – The staging area quota must be as large as the 9 largest files in the Replicated
Folder
Windows Ser ver 2008 and 2008 R2 – The staging area quota must be as large as the 32 largest files in the
Replicated Folder
Initial Replication will make much more use of the staging area than day-to-day replication. Setting the staging area
higher than the minimum during initial replication is strongly encouraged if you have the drive space available
This command will return the file names and the size of the files in bytes. Useful if you want to know what 32
files are the largest in the Replicated Folder so you can “visit” their owners.
2. Run the following command:
Get-ChildItem c:\\temp -recurse | Sort-Object length -descending | select-object -first 32 | measure-
object -property length –sum
This command will return the total number of bytes of the 32 largest files in the folder without listing the file
names.
3. Run the following command:
$big32.sum /1gb
This command will get the total number of bytes of 32 largest files in the folder and do the math to convert
bytes to gigabytes for you. This command is two separate lines. You can paste both them into the PowerShell
command shell at once or run them back to back.
Manual Walkthrough
To demonstrate the process and hopefully increase understanding of what we are doing, I am going to manually
step through each part.
Running command 1 will return results similar to the output below. This example only uses 16 files for brevity.
Always use 32 for Windows 2008 and later operating systems and 9 for Windows 2003 R2
Example Data returned by PowerShell
Name Length
File5.zip 10286089216
archive.zip 6029853696
BACKUP.zip 5751522304
file9.zip 5472683008
MENTOS.zip 5241586688
File7.zip 4321264640
file2.zip 4176765952
frd2.zip 4176765952
BACKUP.zip 4078994432
File44.zip 4058424320
file11.zip 3858056192
Backup2.zip 3815138304
BACKUP3.zip 3815138304
Current.zip 3576931328
Backup8.zip 3307488256
File999.zip 3274982400
How to use this data to determine the minimum staging area size:
Name = Name of the file.
Length = bytes
One Gigabyte = 1073741824 Bytes
First, you need to sum the total number of bytes. Next divide the total by 1073741824. I suggest using Excel or your
spreadsheet of choice to do the math.
Example
From the example above the total number of bytes = 75241684992. To get the minimum staging area quota
needed I need to divide 75241684992 by 1073741824.
Based on this data I would set my staging area to 71 GB if I round up to the nearest whole number.
Real World Scenario:
While a manual walkthrough is interesting it is likely not the best use of your time to do the math yourself. To
automate the process, use command 3 from the examples above. The results will look like this
Using the example command 3 without any extra effort except for rounding to the nearest whole number, I can
determine that I need a 6 GB staging area quota for d:\docs.
This article discusses the absence of a multi-host distributed file locking mechanism within Windows, and
specifically within folders replicated by DFSR.
Some Background
Distributed File Locking – this refers to the concept of having multiple copies of a file on several computers and
when one file is opened for writing, all other copies are locked. This prevents a file from being modified on
multiple servers at the same time by several users.
Distributed File System Replication – DFSR operates in a multi-master, state-based design. In state-based
replication, each server in the multi-master system applies updates to its replica as they arrive, without
exchanging log files (it instead uses version vectors to maintain “up-to-dateness” information). No one server is
ever arbitrarily authoritative after initial sync, so it is highly available and very flexible on various network
topologies.
Server Message Block - SMB is the common protocol used in Windows for accessing files over the network. In
simplified terms, it's a client-server protocol that makes use of a redirector to have remote file systems appear
to be local file systems. It is not specific to Windows and is quite common – a well known non-Microsoft
example is Samba, which allows Linux, Mac, and other operating systems to act as SMB clients/servers and
participate in Windows networks.
It's important to make a clear delineation of where DFSR and SMB live in your replicated data environment. SMB
allows users to access their files, and it has no awareness of DFSR. Likewise, DFSR (using the RPC protocol) keeps
files in sync between servers and has no awareness of SMB. Don't confuse distributed locking as defined in this
post and Opportunistic Locking.
So here's where things can go pear-shaped, as the Brits say.
Since users can modify data on multiple servers, and since each Windows server only knows about a file lock on
itself, and since DFSR doesn't know anything about those locks on other servers, it becomes possible for users to
overwrite each other's changes. DFSR uses a “last writer wins” conflict algorithm, so someone has to lose and the
person to save last gets to keep their changes. The losing file copy is chucked into the ConflictAndDeleted folder.
Now, this is far less common than people like to believe. Typically, true shared files are modified in a local
environment; in the branch office or in the same row of cubicles. They are usually worked on by people on the
same team, so people are generally aware of colleagues modifying data. And since they are usually in the same site,
the odds are much higher that all the users working on a shared doc will be using the same server. Windows SMB
handles the situation here. When a user has a file locked for modification and his coworker tries to edit it, the other
user will get an error like:
And if the application opening the file is really clever, like Word 2007, it might give you:
DFSR does have a mechanism for locked files, but it is only within the server's own context. DFSR will not replicate
a file in or out if its local copy has an exclusive lock. But this doesn't prevent anyone on another server from
modifying the file.
Back on topic, the issue of shared data being modified geographically does exist, and for some folks it's pretty
gnarly. We're occasionally asked why DFSR doesn't handle this locking and take of everything with a wave of the
magic wand. It turns out this is an interesting and difficult scenario to solve for a multi-master replication system.
Let's explore.
Third-Party Solutions
There are some vendor solutions that take on this problem, which they typically tackle through one or more of the
following methods*:
Use of a broker mechanism
Having a central ‘traffic cop' allows one server to be aware of all the other servers and which files they have
locked by users. Unfortunately this also means that there is often a single point of failure in the distributed
locking system.
Some solutions limit the topology to a pair of servers in order to simplify their distributed locking mechanism.
For larger environments this is may not be feasible.
Deeper Thoughts
As you think further about this issue, some fundamental issues start to crop up. For example, if we have four
servers with data that can be modified by users in four sites, and the WAN connection to one of them goes offline,
what do we do? The users can still access their individual servers – but should we let them? We don't want them to
make changes that conflict, but we definitely want them to keep working and making our company money. If we
arbitrarily block changes at that point, no users can work even though there may not actually be any conflicts
happening! There's no way to tell the other servers that the file is in use and you're back at square one.
Then there's SMB itself and the error handling of reporting locks. We can't really change how SMB reports sharing
violations as we'd break a ton of applications and clients wouldn't understand new extended error messages
anyways. Applications like Word 2007 do some undercover trickery to figure out who is locking files, but the vast
majority of applications don't know who has a file in use (or even that SMB exists. Really.). So when a user gets the
message ‘This file is in use' it's not particularly actionable – should they all call the help desk? Does the help desk
have access to all the file servers to see which users are accessing files? Messy.
Since we want multi-master for high availability, a broker system is less desirable; we might need to have
something running on all servers that allows them all to communicate even through non-fully routed networks.
This will require very complex synchronization techniques. It will add some overhead on the network (although
probably not much) and it will need to be lightning fast to make sure that we are not holding up the user in their
work; it needs to outrun file replication itself - in fact, it might need to actually be tied to replication somehow. It will
also have to account for server outages that are network related and not server crashes, somehow.
And then we're back to special client software for this scenario that better understands the locks and can give the
user some useful info (“Go call Susie in accounting and tell her to release that doc”, “Sorry, the file locking topology
is broken and your administrator is preventing you from opening this file until it's fixed”, etc). Getting this to play
nicely with the millions of applications running in Windows will definitely be interesting. There are plenty of OS's
that would not be supported or get the software – Windows 2000 is out of mainstream support and XP soon will
be. Linux and Mac clients wouldn't have this software until they felt it was important, so the customer would have
to hope their vendors made something analogous.
More inforamtion
Right now the easiest way to control this situation in DFSR is to use DFS Namespaces to guide users to predictable
locations, with a consistent namespace. By correctly configuring your DFSN site topology and server links, you
force users to all share the same local server and only allow them to access remote computers when their ‘main'
server is down. For most environments, this works quite well. Alternative to DFSR, SharePoint is an option because
of its check-out/check-in system. BranchCache (coming in Windows Server 2008 R2 and Windows 7) may be an
option for you as it is designed for easing the reading of files in a branch scenario, but in the end the authoritative
data will still live on one server only – more on this here. And again, those vendors have their solutions.
Overview of Disk Management
8/18/2020 • 2 minutes to read • Edit Online
Applies To: Windows 10, Windows 8.1, Windows 7, Windows Server (Semi-Annual Channel), Windows Server
2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Disk Management is a system utility in Windows that enables you to perform advanced storage tasks. Here are
some of the things Disk Management is good for:
To setup a new drive, see Initializing a new drive.
To extend a volume into space that's not already part of a volume on the same drive, see Extend a basic volume.
To shrink a partition, usually so that you can extend a neighboring partition, see Shrink a basic volume.
To change a drive letter or assign a new drive letter, see Change a drive letter.
TIP
If you get an error or something doesn't work when following these procedures, take a peek at the Troubleshooting Disk
Management topic. If that doesn't help - don't panic! There's a ton of info on the Microsoft community site - try searching
the Files, folders, and storage section, and if you still need help, post a question there and Microsoft or other members of the
community will try to help. If you have feedback on how to improve these topics, we'd love to hear from you! Just answer the
Is this page helpful? prompt, and leave any comments there or in the public comments thread at the bottom of this topic.
Here are some common tasks you might want to do but that use other tools in Windows:
To free up disk space, see Free up drive space in Windows 10.
To defragment your drives, see Defragment your Windows 10 PC.
To take multiple hard drives and pool them together, similar to a RAID, see Storage Spaces.
EFI system par tition - This is used by modern PCs to start (boot) your PC and your operating system.
Windows operating system drive (C:) - This is where Windows is installed, and usually where you put the
rest of your apps and files.
Recover y par tition - This is where special tools are stored to help you recover Windows in case it has trouble
starting or runs into other serious issues.
Although Disk Management might show the EFI system partition and the recovery partition as 100% free, it's lying.
These partitions are generally pretty full with really important files your PC needs to operate properly. It's best to
just leave them alone to do their jobs starting your PC and helping you recover from problems.
Additional References
Manage disks
Manage basic volumes
Troubleshooting Disk Management
Recovery options in Windows 10
Find lost files after the update to Windows 10
Back up and restore your files
Create a recovery drive
Create a system restore point
Find my BitLocker recovery key
Overview of file sharing using the SMB 3 protocol in
Windows Server
8/18/2020 • 11 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
This topic describes the SMB 3 feature in Windows Server 2019, Windows Server 2016, Windows Server 2012 R2,
and Windows Server 2012—practical uses for the feature, the most significant new or updated functionality in this
version compared to previous versions, and the hardware requirements. SMB is also a fabric protocol used by
software-defined data center (SDDC) solutions such as Storage Spaces Direct, Storage Replica, and others. SMB
version 3.0 was introduced with Windows Server 2012 and has been incrementally improved in subsequent
releases.
Feature description
The Server Message Block (SMB) protocol is a network file sharing protocol that allows applications on a computer
to read and write to files and to request services from server programs in a computer network. The SMB protocol
can be used on top of its TCP/IP protocol or other network protocols. Using the SMB protocol, an application (or
the user of an application) can access files or other resources at a remote server. This allows applications to read,
create, and update files on the remote server. SMB can also communicate with any server program that is set up to
receive an SMB client request. SMB is a fabric protocol that is used by Software-defined Data Center (SDDC)
computing technologies, such as Storage Spaces Direct, Storage Replica. For more information, see Windows
Server software-defined datacenter.
Practical applications
This section discusses some new practical ways to use the new SMB 3.0 protocol.
File storage for vir tualization (Hyper-V™ over SMB) . Hyper-V can store virtual machine files, such as
configuration, Virtual hard disk (VHD) files, and snapshots, in file shares over the SMB 3.0 protocol. This can be
used for both stand-alone file servers and clustered file servers that use Hyper-V together with shared file
storage for the cluster.
Microsoft SQL Ser ver over SMB . SQL Server can store user database files on SMB file shares. Currently, this
is supported with SQL Server 2008 R2 for stand-alone SQL servers. Upcoming versions of SQL Server will add
support for clustered SQL servers and system databases.
Traditional storage for end-user data . The SMB 3.0 protocol provides enhancements to the Information
Worker (or client) workloads. These enhancements include reducing the application latencies experienced by
branch office users when accessing data over wide area networks (WAN) and protecting data from
eavesdropping attacks.
Features added in Windows Server 2019 and Windows 10, version 1809
F EAT URE/ F UN C T IO N A L IT Y N EW O R UP DAT ED SUM M A RY
Ability to require write-through to disk New To provide some added assurance that
on file shares that aren't continuously writes to a file share make it all the way
available through the software and hardware
stack to the physical disk prior to the
write operation returning as completed,
you can enable write-through on the
file share using either the
NET USE /WRITETHROUGH command or
the
New-SMBMapping -UseWriteThrough
PowerShell cmdlet. There's some
amount of performance hit to using
write-through; see the blog post
Controlling write-through behaviors in
SMB for further discussion.
Guest access to file shares is disabled New The SMB client no longer allows the
following actions: Guest account access
to a remote server; Fallback to the
Guest account after invalid credentials
are provided. For details, see Guest
access in SMB2 disabled by default in
Windows.
SMB dialect control New You can now set registry values to
control the minimum SMB version
(dialect) and maximum SMB version
used. For details, see Controlling SMB
Dialects.
Features added in SMB 3.11 with Windows Server 2016 and Windows
10, version 1607
F EAT URE/ F UN C T IO N A L IT Y N EW O R UP DAT ED SUM M A RY
Native support for New Adds native support for querying the
FileNormalizedNameInformation API normalized name of a file. For details,
calls see FileNormalizedNameInformation.
For additional details, see the blog post What’s new in SMB 3.1.1 in the Windows Server 2016 Technical Preview 2.
For more information on new and changed SMB functionality in Windows Server 2012 R2, see What's New in SMB
in Windows Server.
Features added in SMB 3.0 with Windows Server 2012 and Windows 8
F EAT URE/ F UN C T IO N A L IT Y N EW O R UP DAT ED SUM M A RY
F EAT URE/ F UN C T IO N A L IT Y N EW O R UP DAT ED SUM M A RY
Performance Counters for server New The new SMB performance counters
applications provide detailed, per-share information
about throughput, latency, and I/O per
second (IOPS), allowing administrators
to analyze the performance of SMB file
shares where their data is stored. These
counters are specifically designed for
server applications, such as Hyper-V
and SQL Server, which store files on
remote file shares.
F EAT URE/ F UN C T IO N A L IT Y N EW O R UP DAT ED SUM M A RY
Performance optimizations Updated Both the SMB client and server have
been optimized for small random
read/write I/O, which is common in
server applications such as SQL Server
OLTP. In addition, large Maximum
Transmission Unit (MTU) is turned on
by default, which significantly enhances
performance in large sequential
transfers, such as SQL Server data
warehouse, database backup or restore,
deploying or copying virtual hard disks.
Hardware requirements
SMB Transparent Failover has the following requirements:
A failover cluster running Windows Server 2012 or Windows Server 2016 with at least two nodes configured.
The cluster must pass the cluster validation tests included in the validation wizard.
File shares must be created with the Continuous Availability (CA) property, which is the default.
File shares must be created on CSV volume paths to attain SMB Scale-Out.
Client computers must be running Windows® 8 or Windows Server 2012, both of which include the updated
SMB client that supports continuous availability.
NOTE
Down-level clients can connect to file shares that have the CA property, but transparent failover will not be supported for
these clients.
More information
The following list provides additional resources on the web about SMB and related technologies in Windows
Server 2012 R2, Windows Server 2012, and Windows Server 2016.
Storage in Windows Server
Scale-Out File Server for Application Data
Improve Performance of a File Server with SMB Direct
Deploy Hyper-V over SMB
Deploy SMB Multichannel
Deploying Fast and Efficient File Servers for Server Applications
SMB: Troubleshooting Guide
SMB Direct
8/18/2020 • 5 minutes to read • Edit Online
Applies to: Windows Server 2012 R2, Windows Server 2012, Windows Server 2016
Windows Server 2012 R2, Windows Server 2012, and Windows Server 2016 include a feature called SMB Direct,
which supports the use of network adapters that have Remote Direct Memory Access (RDMA) capability. Network
adapters that have RDMA can function at full speed with very low latency, while using very little CPU. For
workloads such as Hyper-V or Microsoft SQL Server, this enables a remote file server to resemble local storage.
SMB Direct includes:
Increased throughput: Leverages the full throughput of high speed networks where the network adapters
coordinate the transfer of large amounts of data at line speed.
Low latency: Provides extremely fast responses to network requests, and, as a result, makes remote file storage
feel as if it is directly attached block storage.
Low CPU utilization: Uses fewer CPU cycles when transferring data over the network, which leaves more power
available to server applications.
SMB Direct is automatically configured by Windows Server 2012 R2 and Windows Server 2012.
NOTE
You should not team RDMA-capable network adapters if you intend to use the RDMA capability of the network adapters.
When teamed, the network adapters will not support RDMA. After at least one RDMA network connection is created, the
TCP/IP connection used for the original protocol negotiation is no longer used. However, the TCP/IP connection is retained in
case the RDMA network connections fail.
Requirements
SMB Direct requires the following:
At least two computers running Windows Server 2012 R2 or Windows Server 2012
One or more network adapters with RDMA capability.
Considerations when using SMB Direct
You can use SMB Direct in a failover cluster; however, you need to make sure that the cluster networks used for
client access are adequate for SMB Direct. Failover clustering supports using multiple networks for client access,
along with network adapters that are RSS (Receive Side Scaling)-capable and RDMA-capable.
You can use SMB Direct on the Hyper-V management operating system to support using Hyper-V over SMB,
and to provide storage to a virtual machine that uses the Hyper-V storage stack. However, RDMA-capable
network adapters are not directly exposed to a Hyper-V client. If you connect an RDMA-capable network
adapter to a virtual switch, the virtual network adapters from the switch will not be RDMA-capable.
If you disable SMB Multichannel, SMB Direct is also disabled. Since SMB Multichannel detects network adapter
capabilities and determines whether a network adapter is RDMA-capable, SMB Direct cannot be used by the
client if SMB Multichannel is disabled.
SMB Direct is not supported on Windows RT. SMB Direct requires support for RDMA-capable network adapters,
which is available only on Windows Server 2012 R2 and Windows Server 2012.
SMB Direct is not supported on down-level versions of Windows Server. It is supported only on Windows
Server 2012 R2 and Windows Server 2012.
Disable-NetAdapterRdma <name>
When you disable RDMA on either the client or the server, the systems cannot use it. Network Direct is the internal
name for Windows Server 2012 R2 and Windows Server 2012 basic networking support for RDMA interfaces.
Re -enable SMB Direct
After disabling RDMA, you can re-enable it by running one of the following Windows PowerShell scripts.
To re-enable RDMA for a specific interface, type:
Enable-NetAdapterRDMA <name>
You need to enable RDMA on both the client and the server to start using it again.
NOTE
To avoid failures of a workload that does not use SMB Direct, make sure there are no other workloads using the
disconnected network path.
More information
Server Message Block overview
Increasing Server, Storage, and Network Availability: Scenario Overview
Deploy Hyper-V over SMB
SMB security enhancements
8/18/2020 • 6 minutes to read • Edit Online
Applies to: Windows Server 2012 R2, Windows Server 2012, Windows Server 2016
This topic explains the SMB security enhancements in Windows Server 2012 R2, Windows Server 2012, and
Windows Server 2016.
SMB Encryption
SMB Encryption provides end-to-end encryption of SMB data and protects data from eavesdropping occurrences
on untrusted networks. You can deploy SMB Encryption with minimal effort, but it may require small additional
costs for specialized hardware or software. It has no requirements for Internet Protocol security (IPsec) or WAN
accelerators. SMB Encryption can be configured on a per share basis or for the entire file server, and it can be
enabled for a variety of scenarios where data traverses untrusted networks.
NOTE
SMB Encryption does not cover security at rest, which is typically handled by BitLocker Drive Encryption.
SMB Encryption should be considered for any scenario in which sensitive data needs to be protected from man-in-
the-middle attacks. Possible scenarios include:
An information worker's sensitive data is moved by using the SMB protocol. SMB Encryption offers an end-to-
end privacy and integrity assurance between the file server and the client, regardless of the networks traversed,
such as wide area network (WAN) connections that are maintained by non-Microsoft providers.
SMB 3.0 enables file servers to provide continuously available storage for server applications, such as SQL
Server or Hyper-V. Enabling SMB Encryption provides an opportunity to protect that information from snooping
attacks. SMB Encryption is simpler to use than the dedicated hardware solutions that are required for most
storage area networks (SANs).
IMPORTANT
You should note that there is a notable performance operating cost with any end-to-end encryption protection when
compared to non-encrypted.
2. To enable SMB Encryption for the entire file server, type the following script on the server:
Set-SmbServerConfiguration –EncryptData $true
3. To create a new SMB file share with SMB Encryption enabled, type the following script:
The secure dialect negotiation capability described in the next section prevents a man-in-the-middle attack from
downgrading a connection from SMB 3.0 to SMB 2.0 (which would use unencrypted access). However, it does not
prevent a downgrade to SMB 1.0, which would also result in unencrypted access. To guarantee that SMB 3.0 clients
always use SMB Encryption to access encrypted shares, you must disable the SMB 1.0 server. (For instructions, see
the section Disabling SMB 1.0.) If the –RejectUnencr yptedAccess setting is left at its default setting of $true ,
only encryption-capable SMB 3.0 clients are allowed to access the file shares (SMB 1.0 clients will also be rejected).
NOTE
SMB Encryption uses the Advanced Encryption Standard (AES)-CCM algorithm to encrypt and decrypt the data. AES-CCM
also provides data integrity validation (signing) for encrypted file shares, regardless of the SMB signing settings. If you
want to enable SMB signing without encryption, you can continue to do this. For more information, see The Basics of SMB
Signing.
You may encounter issues when you attempt to access the file share or server if your organization uses wide area network
(WAN) acceleration appliances.
With a default configuration (where there is no unencrypted access allowed to encrypted file shares), if clients that do not
support SMB 3.0 attempt to access an encrypted file share, Event ID 1003 is logged to the Microsoft-Windows-
SmbServer/Operational event log, and the client will receive an Access denied error message.
SMB Encryption and the Encrypting File System (EFS) in the NTFS file system are unrelated, and SMB Encryption does not
require or depend on using EFS.
SMB Encryption and the BitLocker Drive Encryption are unrelated, and SMB Encryption does not require or depend on
using BitLocker Drive Encryption.
NOTE
SMB 2.0 was introduced in Windows Server 2008 and Windows Vista. Older clients, such as computers running Windows
Server 2003 or Windows XP, do not support SMB 2.0; and therefore, they will not be able to access file shares or print shares
if the SMB 1.0 server is disabled. In addition, some non-Microsoft SMB clients may not be able to access SMB 2.0 file shares
or print shares (for example, printers with “scan-to-share” functionality).
Before you start disabling SMB 1.0, you'll need to find out if your SMB clients are currently connected to the server
running SMB 1.0. To do this, enter the following cmdlet in Windows PowerShell:
NOTE
You should run this script repeatedly over the course of a week (multiple times each day) to build an audit trail. You could also
run this as a scheduled task.
NOTE
If an SMB client connection is denied because the server running SMB 1.0 has been disabled, event ID 1001 will be logged in
the Microsoft-Windows-SmbServer/Operational event log.
More information
Here are some additional resources about SMB and related technologies in Windows Server 2012.
Server Message Block
Storage in Windows Server
Scale-Out File Server for Application Data
SMB: File and printer sharing ports should be open
8/18/2020 • 2 minutes to read • Edit Online
Severity Error
Categor y Configuration
Issue
The firewall ports necessary for file and printer sharing are not open (ports 445 and 139).
Impact
Computers will not be able to access shared folders and other Server Message Block (SMB)-based network
services on this server.
Resolution
Enable File and Printer Sharing to communicate through the computer's firewall.
Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure.
Applies to: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
This topic describes the Network File System role service and features included with the File and Storage Services
server role in Windows Server. Network File System (NFS) provides a file sharing solution for enterprises that have
heterogeneous environments that include both Windows and non-Windows computers.
Feature description
Using the NFS protocol, you can transfer files between computers running Windows and other non-Windows
operating systems, such as Linux or UNIX.
NFS in Windows Server includes Server for NFS and Client for NFS. A computer running Windows Server can use
Server for NFS to act as a NFS file server for other non-Windows client computers. Client for NFS allows a
Windows-based computer running Windows Server to access files stored on a non-Windows NFS server.
Windows Server 2012, Windows Server NFSv2, NFSv3, NFSv4.1 NFSv2, NFSv3
2012 R2, Windows Server 2016,
Windows Server 2019
Practical applications
Here are some ways you can use NFS:
Use a Windows NFS file server to provide multi-protocol access to the same file share over both SMB and NFS
protocols from multi-platform clients.
Deploy a Windows NFS file server in a predominantly non-Windows operating system environment to provide
non-Windows client computers access to NFS file shares.
Migrate applications from one operating system to another by storing the data on file shares accessible through
both SMB and NFS protocols.
NFS infrastructure
Improvements to the overall NFS infrastructure in Windows Server 2012 are detailed below:
The Remote Procedure Call (RPC)/External Data Representation (XDR) transport infrastructure,
powered by the WinSock network protocol, is available for both Server for NFS and Client for NFS. This replaces
Transport Device Interface (TDI), offers better support, and provides better scalability and Receive Side Scaling
(RSS).
The RPC por t multiplexer feature is firewall-friendly (less ports to manage) and simplifies deployment of
NFS.
Auto-tuned caches and thread pools are resource management capabilities of the new RPC/XDR
infrastructure that are dynamic, automatically tuning caches and thread pools based on workload. This
completely removes the guesswork involved when tuning parameters, providing optimal performance as soon
as NFS is deployed.
New Kerberos privacy implementation and authentication options with the addition of Kerberos
privacy (Krb5p) support along with the existing krb5 and krb5i authentication options.
Identity Mapping Windows PowerShell module cmdlets make it easier to manage identity mapping,
configure Active Directory Lightweight Directory Services (AD LDS), and set up UNIX and Linux passwd and flat
files.
Volume mount point lets you access volumes mounted under an NFS share with NFS version 4.1.
The Por t Multiplexing feature supports the RPC port multiplexer (port 2049), which is firewall-friendly and
simplifies NFS deployment.
Additional information
The following table provides additional resources for evaluating NFS.
C O N T EN T T Y P E REF EREN C ES
Applies to: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Network File System (NFS) provides a file sharing solution that lets you transfer files between computers running
Windows Server and UNIX operating systems using the NFS protocol. This topic describe the steps you should
follow to deploy NFS.
System requirements
Server for NFS can be installed on any version of Windows Server 2012. You can use NFS with UNIX-based
computers that are running an NFS server or NFS client if these NFS server and client implementations comply
with one of the following protocol specifications:
1. NFS Version 4.1 Protocol Specification (as defined in RFC 5661)
2. NFS Version 3 Protocol Specification (as defined in RFC 1813)
3. NFS Version 2 Protocol Specification (as defined in RFC 1094)
Import-Module ServerManager
Add-WindowsFeature FS-NFS-Service
Import-Module NFS
Known issue
NFS version 4.1 allows the file names to be created or copied using illegal characters. If you attempt to open the
files with vi editor, it shows as being corrupt. You cannot save the file from vi, rename, move it or change
permissions. Avoid using illegal characters.
NTFS overview
8/18/2020 • 5 minutes to read • Edit Online
Applies to: Windows 10, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows
Server 2012, Windows Server 2008 R2, Windows Server 2008
NTFS—the primary file system for recent versions of Windows and Windows Server—provides a full set of
features including security descriptors, encryption, disk quotas, and rich metadata, and can be used with Cluster
Shared Volumes (CSV) to provide continuously available volumes that can be accessed simultaneously from
multiple nodes of a failover cluster.
To learn more about new and changed functionality in NTFS in Windows Server 2012 R2, see What's New in NTFS.
For additional feature information, see the Additional information section of this topic. To learn more about the
newer Resilient File System (ReFS), see Resilient File System (ReFS) overview.
Practical applications
Increased reliability
NTFS uses its log file and checkpoint information to restore the consistency of the file system when the computer is
restarted after a system failure. After a bad-sector error, NTFS dynamically remaps the cluster that contains the bad
sector, allocates a new cluster for the data, marks the original cluster as bad, and no longer uses the old cluster. For
example, after a server crash, NTFS can recover data by replaying its log files.
NTFS continuously monitors and corrects transient corruption issues in the background without taking the volume
offline (this feature is known as self-healing NTFS, introduced in Windows Server 2008). For larger corruption
issues, the Chkdsk utility, in Windows Server 2012 and later, scans and analyzes the drive while the volume is
online, limiting time offline to the time required to restore data consistency on the volume. When NTFS is used with
Cluster Shared Volumes, no downtime is required. For more information, see NTFS Health and Chkdsk.
Increased security
Access Control List (ACL)-based security for files and folders —NTFS allows you to set permissions
on a file or folder, specify the groups and users whose access you want to restrict or allow, and select access
type.
Suppor t for BitLocker Drive Encr yption —BitLocker Drive Encryption provides additional security for
critical system information and other data stored on NTFS volumes. Beginning in Windows Server 2012 R2
and Windows 8.1, BitLocker provides support for device encryption on x86 and x64-based computers with a
Trusted Platform Module (TPM) that supports connected stand-by (previously available only on Windows RT
devices). Device encryption helps protect data on Windows-based computers, and it helps block malicious
users from accessing the system files they rely on to discover the user's password, or from accessing a drive
by physically removing it from the PC and installing it on a different one. For more information, see What's
new in BitLocker.
Suppor t for large volumes —NTFS can support volumes as large as 256 terabytes. Supported volume
sizes are affected by the cluster size and the number of clusters. With (232 – 1) clusters (the maximum
number of clusters that NTFS supports), the following volume and file sizes are supported.
4 KB (default size) 16 TB 16 TB
C L UST ER SIZ E L A RGEST VO L UM E L A RGEST F IL E
8 KB 32 TB 32 TB
16 KB 64 TB 64 TB
32 KB 128 TB 128 TB
IMPORTANT
Services and apps might impose additional limits on file and volume sizes. For example, the volume size limit is 64 TB if you're
using the Previous Versions feature or a backup app that makes use of Volume Shadow Copy Service (VSS) snapshots (and
you're not using a SAN or RAID enclosure). However, you might need to use smaller volume sizes depending on your
workload and the performance of your storage.
PA RA M ET ER DESC RIP T IO N
-UseLargeFRS Enables support for large file record segments (FRS). This is
needed to increase the number of extents allowed per file on
the volume. For large FRS records, the limit increases from
about 1.5 million extents to about 6 million extents.
For example, the following cmdlet formats drive D as an NTFS volume, with FRS enabled and an allocation unit size
of 64 KB.
You also can use the format command. At a system command prompt, enter the following command, where /L
formats a large FRS volume and /A:64k sets a 64 KB allocation unit size:
format /L /A:64k
Additional information
Cluster size recommendations for ReFS and NTFS
Resilient File System (ReFS) overview
What's New in NTFS (Windows Server 2012 R2)
What's New in NTFS (Windows Server 2008 R2, Windows 7)
NTFS Health and Chkdsk
Self-Healing NTFS (introduced in Windows Server 2008)
Transactional NTFS (introduced in Windows Server 2008)
Storage in Windows Server
Volume Shadow Copy Service
8/18/2020 • 24 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, and
Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 8, Windows 7
Backing up and restoring critical business data can be very complex due to the following issues:
The data usually needs to be backed up while the applications that produce the data are still running. This
means that some of the data files might be open or they might be in an inconsistent state.
If the data set is large, it can be difficult to back up all of it at one time.
Correctly performing backup and restore operations requires close coordination between the backup applications,
the line-of-business applications that are being backed up, and the storage management hardware and software.
The Volume Shadow Copy Service (VSS), which was introduced in Windows Server® 2003, facilitates the
conversation between these components to allow them to work better together. When all the components support
VSS, you can use them to back up your application data without taking the applications offline.
VSS coordinates the actions that are required to create a consistent shadow copy (also known as a snapshot or a
point-in-time copy) of the data that is to be backed up. The shadow copy can be used as-is, or it can be used in
scenarios such as the following:
You want to back up application data and system state information, including archiving data to another hard
disk drive, to tape, or to other removable media.
You are data mining.
You are performing disk-to-disk backups.
You need a fast recovery from data loss by restoring data to the original LUN or to an entirely new LUN that
replaces an original LUN that failed.
Windows features and applications that use VSS include the following:
Windows Server Backup (https://go.microsoft.com/fwlink/?LinkId=180891)
Shadow Copies of Shared Folders (https://go.microsoft.com/fwlink/?LinkId=142874)
System Center Data Protection Manager (https://go.microsoft.com/fwlink/?LinkId=180892)
System Restore (https://go.microsoft.com/fwlink/?LinkId=180893)
NOTE
The shadow copy creation can be aborted if the writers are kept in the freeze state for longer than 60 seconds or if the
providers take longer than 10 seconds to commit the shadow copy.
9. The requester can retry the process (go back to step 1) or notify the administrator to retry at a later time.
10. If the shadow copy is successfully created, the Volume Shadow Copy Service returns the location
information for the shadow copy to the requester. In some cases, the shadow copy can be temporarily made
available as a read-write volume so that VSS and one or more applications can alter the contents of the
shadow copy before the shadow copy is finished. After VSS and the applications make their alterations, the
shadow copy is made read-only. This phase is called Auto-recovery, and it is used to undo any file-system or
application transactions on the shadow copy volume that were not completed before the shadow copy was
created.
How the Provider Creates a Shadow Copy
A hardware or software shadow copy provider uses one of the following methods for creating a shadow copy:
Complete copy This method makes a complete copy (called a "full copy" or "clone") of the original volume at a
given point in time. This copy is read-only.
Copy-on-write This method does not copy the original volume. Instead, it makes a differential copy by copying
all changes (completed write I/O requests) that are made to the volume after a given point in time.
Redirect-on-write This method does not copy the original volume, and it does not make any changes to the
original volume after a given point in time. Instead, it makes a differential copy by redirecting all changes to a
different volume.
Complete copy
A complete copy is usually created by making a "split mirror" as follows:
1. The original volume and the shadow copy volume are a mirrored volume set.
2. The shadow copy volume is separated from the original volume. This breaks the mirror connection.
After the mirror connection is broken, the original volume and the shadow copy volume are independent. The
original volume continues to accept all changes (write I/O requests), while the shadow copy volume remains an
exact read-only copy of the original data at the time of the break.
Copy-on-write method
In the copy-on-write method, when a change to the original volume occurs (but before the write I/O request is
completed), each block to be modified is read and then written to the volume's shadow copy storage area (also
called its "diff area"). The shadow copy storage area can be on the same volume or a different volume. This
preserves a copy of the data block on the original volume before the change overwrites it.
NOTE
The shadow copy must be a transportable hardware shadow copy.
Most arrays allow production I/O operations to resume shortly after the resync operation begins. While the resync
operation is in progress, read requests are redirected to the shadow copy LUN, and write requests to the
destination LUN. This allows arrays to recover very large data sets and resume normal operations in several
seconds.
LUN resynchronization is different from LUN swapping. A LUN swap is a fast recovery scenario that VSS has
supported since Windows Server 2003 SP1. In a LUN swap, the shadow copy is imported and then converted into
a read-write volume. The conversion is an irreversible operation, and the volume and underlying LUN cannot be
controlled with the VSS APIs after that. The following list describes how LUN resynchronization compares with LUN
swapping:
In LUN resynchronization, the shadow copy is not altered, so it can be used several times. In LUN swapping,
the shadow copy can be used only once for a recovery. For the most safety-conscious administrators, this is
important. When LUN resynchronization is used, the requester can retry the entire restore operation if
something goes wrong the first time.
At the end of a LUN swap, the shadow copy LUN is used for production I/O requests. For this reason, the
shadow copy LUN must use the same quality of storage as the original production LUN to ensure that
performance is not impacted after the recovery operation. If LUN resynchronization is used instead, the
hardware provider can maintain the shadow copy on storage that is less expensive than production-quality
storage.
If the destination LUN is unusable and needs to be recreated, LUN swapping may be more economical
because it doesn't require a destination LUN.
WARNING
All of the operations listed are LUN-level operations. If you attempt to recover a specific volume by using LUN
resynchronization, you are unwittingly going to revert all the other volumes that are sharing the LUN.
NOTE
A transportable shadow copy that is created on Windows Server 2003 cannot be imported onto a server that is running
Windows Server 2008 or Windows Server 2008 R2. A transportable shadow copy that was created on Windows Server 2008
or Windows Server 2008 R2 cannot be imported onto a server that is running Windows Server 2003. However, a shadow
copy that is created on Windows Server 2008 can be imported onto a server that is running Windows Server 2008 R2 and
vice versa.
Shadow copies are read-only. If you want to convert a shadow copy to a read/write LUN, you can use a Virtual Disk
Service-based storage-management application (including some requesters) in addition to the Volume Shadow
Copy Service. By using this application, you can remove the shadow copy from Volume Shadow Copy Service
management and convert it to a read/write LUN.
Volume Shadow Copy Service transport is an advanced solution on computers running Windows Server 2003
Enterprise Edition, Windows Server 2003 Datacenter Edition, Windows Server 2008, or Windows Server 2008 R2.
It works only if there is a hardware provider on the storage array. Shadow copy transport can be used for a number
of purposes, including tape backups, data mining, and testing.
It can delete files from a shadow copy that was created by using the Diskshadow utility, but it cannot delete files from a
shadow copy that was created by using the Vssadmin utility.
Files are deleted from a shadow copy on a best-effort basis. This means that they are not guaranteed to be deleted.
For more information, see Excluding Files from Shadow Copies (https://go.microsoft.com/fwlink/?LinkId=180904)
on MSDN.
My non-Microsoft backup program failed with a VSS error. What can I do?
Check the product support section of the Web site of the company that created the backup program. There may be
a product update that you can download and install to fix the problem. If not, contact the company's product
support department.
System administrators can use the VSS troubleshooting information on the following Microsoft TechNet Library
Web site to gather diagnostic information about VSS-related issues.
For more information, see Volume Shadow Copy Service (https://go.microsoft.com/fwlink/?LinkId=180905) on
TechNet.
What is the "diff area"?
The shadow copy storage area (or "diff area") is the location where the data for the shadow copy that is created by
the system software provider is stored.
Where is the diff area located?
The diff area can be located on any local volume. However, it must be located on an NTFS volume that has enough
space to store it.
How is the diff area location determined?
The following criteria are evaluated, in this order, to determine the diff area location:
If a volume already has an existing shadow copy, that location is used.
If there is a preconfigured manual association between the original volume and the shadow copy volume
location, then that location is used.
If the previous two criteria do not provide a location, the shadow copy service chooses a location based on
available free space. If more than one volume is being shadow copied, the shadow copy service creates a list
of possible snapshot locations based on the size of free space, in descending order. The number of locations
provided is equal to the number of volumes being shadow copied.
If the volume being shadow copied is one of the possible locations, then a local association is created.
Otherwise an association with the volume with the most available space is created.
Can VSS create shadow copies of non-NTFS volumes?
Yes. However, persistent shadow copies can be made only for NTFS volumes. In addition, at least one volume
mounted on the system must be an NTFS volume.
What's the maximum number of shadow copies I can create at one time?
The maximum number of shadow copied volumes in a single shadow copy set is 64. Note that this is not the same
as the number of shadow copies.
What's the maximum number of software shadow copies created by the system provider that I can maintain for a
volume?
The max number is of software shadow copies for each volume is 512. However, by default you can only maintain
64 shadow copies that are used by the Shadow Copies of Shared Folders feature. To change the limit for the
Shadow Copies of Shared Folders feature, use the following registry key: MaxShadowCopies .
How can I control the space that is used for shadow copy storage space?
Type the vssadmin resize shadowstorage command.
For more information, see Vssadmin resize shadowstorage (https://go.microsoft.com/fwlink/?LinkId=180906) on
TechNet.
What happens when I run out of space?
Shadow copies for the volume are deleted, beginning with the oldest shadow copy.
Transportable shadow copies None supported Windows Server 2003 with SP1
Fast recovery using LUN swap None supported Windows Server 2003 with SP1
N OT E
Shadow Copies for Shared Folders None supported Windows Server 2003
Single restore session concurrent Windows Vista Windows Server 2003 with SP2
with backups
Additional References
Volume Shadow Copy Service in Windows Developer Center
Using Disk Cleanup on Windows Server
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server 2008 R2
The Disk Cleanup tool clears unnecessary files in a Windows Server environment. This tool is available by default
on Windows Server 2019 and Windows Server 2016, but you might have to take a few manual steps to enable it
on earlier versions of Windows Server.
To start the Disk Cleanup tool, either run the Cleanmgr.exe command, or select Star t , select Windows
Administrative Tools , and then select Disk Cleanup .
You can also run Disk Cleanup by using the cleanmgr Windows command and use command-line options to
specify that Disk Cleanup cleans up certain files.
O P ERAT IN G SY ST EM A RC H IT EC T URE F IL E LO C AT IO N
Additional references
Free up drive space in Windows 10
cleanmgr
Advanced Troubleshooting Server Message Block
(SMB)
7/22/2020 • 5 minutes to read • Edit Online
Server Message Block (SMB) is a network transport protocol for file systems operations to enable a client to access
resources on a server. The primary purpose of the SMB protocol is to enable remote file system access between
two systems over TCP/IP.
SMB troubleshooting can be extremely complex. This article is not an exhaustive troubleshooting guide Instead, it is
a short primer to understand the basics of how to effectively troubleshoot SMB.
NOTE
The SMB Server (SRV) refers to the system that is hosting the file system, also known as the file server. The SMB Client (CLI)
refers to the system that is trying to access the file system, regardless of the OS version or edition.
For example, if you use Windows Server 2016 to reach an SMB share that is hosted on Windows 10, Windows
Server 2016 is the SMB Client and Windows 10 the SMB Server.
Collect data
Before you troubleshoot SMB issues, we recommend that you first collect a network trace on both the client and
server sides. The following guidelines apply:
On Windows systems, you can use netshell (netsh), Network Monitor, Message Analyser, or Wireshark to
collect a network trace.
Third-party devices generally have an in-box packet capture tool, such as tcpdump (Linux/FreeBSD/Unix), or
pktt (NetApp). For example, if the SMB client or SMB server is a Unix host, you can collect data by running
the following command:
NOTE
A Netsh trace creates an ETL file. ETL files can be opened only in Message Analyzer (MA) and Network Monitor 3.4 (set the
parser to Network Monitor Parsers > Windows).
1. On both the SMB server and SMB client, create a Temp folder on drive C . Then, run the following command:
netsh trace start capture=yes report=yes scenario=NetConnection level=5 maxsize=1024
tracefile=c:\\Temp\\%computername%\_nettrace.etl**
Start-NetEventSession trace
Stop-NetEventSession trace
Remove-NetEventSession trace
NOTE
You should trace only a minimum amount of the data that's transferred. For performance issues, always take both a good and
bad trace, if the situation allows it.
NOTE
Only Message Analyzer can parse SMBv3 and later version commands.
NOTE
Optionally, you might also temporarily uninstall the antivirus program during troubleshooting.
Event logs
Both SMB Client and SMB Server have a detailed event log structure, as shown in the following screenshot. Collect
the event logs to help find the root cause of the issue.
SMB-related system files
This section lists the SMB-related system files. To keep the system files updated, make sure that the latest update
rollup is installed.
SMB Client binaries that are listed under %windir%\system32\Drivers :
RDBSS.sys
MRXSMB.sys
MRXSMB10.sys
MRXSMB20.sys
MUP.sys
SMBdirect.sys
SMB Server binaries that are listed under %windir%\system32\Drivers :
SRVNET.sys
SRV.sys
SRV2.sys
SMBdirect.sys
Under %windir%\system32
srvsvc.dll
Update suggestions
We recommend that you update the following components before you troubleshoot SMB issues:
A file server requires file storage. If your storage has iSCSI component, update those components.
Update the network components.
For better performance and stability, update Windows Core.
Reference
Microsoft SMB Protocol Packet Exchange Scenario
How to detect, enable and disable SMBv1, SMBv2,
and SMBv3 in Windows
7/22/2020 • 8 minutes to read • Edit Online
Summary
This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2
(SMBv2), and SMB version 3 (SMBv3) on the SMB client and server components.
IMPORTANT
We recommend that you do not disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting
measure. Do not leave SMBv2 or SMBv3 disabled.
In Windows 7 and Windows Server 2008 R2, disabling SMBv2 deactivates the following functionality:
Request compounding - allows for sending multiple SMB 2 requests as a single network request
Larger reads and writes - better use of faster networks
Caching of folder and file properties - clients keep local copies of folders and files
Durable handles - allow for connection to transparently reconnect to the server if there is a temporary
disconnection
Improved message signing - HMAC SHA-256 replaces MD5 as hashing algorithm
Improved scalability for file sharing - number of users, shares, and open files per server greatly increased
Support for symbolic links
Client oplock leasing model - limits the data transferred between the client and server, improving performance
on high-latency networks and increasing SMB server scalability
Large MTU support - for full use of 10-gigabye (GB) Ethernet
Improved energy efficiency - clients that have open files to a server can sleep
In Windows 8, Windows 8.1, Windows 10, Windows Server 2012, Windows Server 2012 R2, Windows Server
2016, and Windows Server 2019, disabling SMBv3 deactivates the following functionality (and also the SMBv2
functionality that's described in the previous list):
Transparent Failover - clients reconnect without interruption to cluster nodes during maintenance or failover
Scale Out – concurrent access to shared data on all file cluster nodes
Multichannel - aggregation of network bandwidth and fault tolerance if multiple paths are available between
client and server
SMB Direct – adds RDMA networking support for very high performance, with low latency and low CPU
utilization
Encryption – Provides end-to-end encryption and protects from eavesdropping on untrustworthy networks
Directory Leasing - Improves application response times in branch offices through caching
Performance Optimizations - optimizations for small random read/write I/O
More Information
The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008.
The SMBv3 protocol was introduced in Windows 8 and Windows Server 2012.
For more information about the capabilities of SMBv2 and SMBv3 capabilities, see the following articles:
Server Message Block overview
What's New in SMB
Detect:
Get-WindowsFeature FS-SMB1
Disable:
Enable:
Windows Server 2012 R2, Windows Server 2016, Windows Server 2019: Server Manager method for disabling SMB
SM B v 1
Detect:
Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol
Disable:
Enable:
SM B v 2 / v 3 P r o t o c o l (o n l y d i sa b l e s SM B v 2 / v 3 Se r v e r )
Detect:
Disable:
Enable:
How to detect status, enable, and disable SMB protocols on the SMB
Server
For Windows 8 and Windows Server 2012
Windows 8 and Windows Server 2012 introduce the new Set-SMBSer verConfiguration Windows PowerShell
cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server
component.
NOTE
When you enable or disable SMBv2 in Windows 8 or Windows Server 2012, SMBv3 is also enabled or disabled. This behavior
occurs because these protocols share the same stack.
You do not have to restart the computer after you run the Set-SMBSer verConfiguration cmdlet.
SM B v 1 o n SM B Se r v e r
Detect:
Disable:
Enable:
Detect:
Disable:
Enable:
For Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008
To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2,
Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.
PowerShell methods
NOTE
This method requires PowerShell 2.0 or later version of PowerShell.
SM B v 1 o n SM B Se r v e r
Detect:
Enable:
Note You must restart the computer after you make these changes. For more information, see Server storage at
Microsoft.
SM B v 2 / v 3 o n SM B Se r v e r
Detect:
Disable:
Enable:
NOTE
You must restart the computer after you make these changes.
Registry Editor
IMPORTANT
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you
modify it, back up the registry for restoration in case problems occur.
To enable or disable SMBv1 on the SMB server, configure the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\LanmanSer ver\Parameters
To enable or disable SMBv2 on the SMB server, configure the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\LanmanSer ver\Parameters
NOTE
You must restart the computer after you make these changes.
How to detect status, enable, and disable SMB protocols on the SMB
Client
For Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows
Server 2012
NOTE
When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled or disabled. This
behavior occurs because these protocols share the same stack.
SM B v 1 o n SM B C l i e n t
Detect
sc.exe qc lanmanworkstation
Disable:
Enable:
Detect:
sc.exe qc lanmanworkstation
Disable:
Enable:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb20 start= auto
NOTE
You must run these commands at an elevated command prompt.
You must restart the computer after you make these changes.
In the New Registr y Proper ties dialog box, select the following:
Action : Create
Hive : HKEY_LOCAL_MACHINE
Key Path : SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Value name : SMB1
Value type : REG_DWORD
Value data : 0
This disables the SMBv1 Server components. This Group Policy must be applied to all necessary workstations,
servers, and domain controllers in the domain.
NOTE
WMI filters can also be set to exclude unsupported operating systems or selected exclusions, such as Windows XP.
IMPORTANT
Be careful when you make these changes on domain controllers on which legacy Windows XP or older Linux and third-party
systems (that do not support SMBv2 or SMBv3) require access to SYSVOL or other file shares where SMB v1 is being
disabled.
NOTE
The default included MRxSMB10 which is now removed as dependency.
5. Then remove the dependency on the MRxSMB10 that was just disabled.
In the New Registr y Proper ties dialog box, select the following:
Action : Replace
Hive : HKEY_LOCAL_MACHINE
Key Path : SYSTEM\CurrentControlSet\Services\LanmanWorkstation
Value name : DependOnService
Value type : REG_MULTI_SZ
Value data :
Bowser
MRxSmb20
NSI
NOTE
These three strings will not have bullets (see the following screen shot).
The default value includes MRxSMB10 in many versions of Windows, so by replacing them with this multi-
value string, it is in effect removing MRxSMB10 as a dependency for LanmanSer ver and going from four
default values down to just these three values above.
NOTE
When you use Group Policy Management Console, you don't have to use quotation marks or commas. Just type the
each entry on individual lines.
Summary
In Windows 10 Fall Creators Update and Windows Server, version 1709 (RS3) and later versions, the Server
Message Block version 1 (SMBv1) network protocol is no longer installed by default. It was superseded by SMBv2
and later protocols starting in 2007. Microsoft publicly deprecated the SMBv1 protocol in 2014.
SMBv1 has the following behavior in Windows 10 and Windows Server starting in version 1709 (RS3):
SMBv1 now has both client and server sub-features that can be uninstalled separately.
Windows 10 Enterprise, Windows 10 Education, and Windows 10 Pro for Workstations no longer contain the
SMBv1 client or server by default after a clean installation.
Windows Server 2016 no longer contains the SMBv1 client or server by default after a clean installation.
Windows 10 Home and Windows 10 Pro no longer contain the SMBv1 server by default after a clean
installation.
Windows 10 Home and Windows 10 Pro still contain the SMBv1 client by default after a clean installation. If the
SMBv1 client is not used for 15 days in total (excluding the computer being turned off), it automatically
uninstalls itself.
In-place upgrades and Insider flights of Windows 10 Home and Windows 10 Pro do not automatically remove
SMBv1 initially. If the SMBv1 client or server is not used for 15 days in total (excluding the time during which the
computer is off), they each automatically uninstall themselves.
In-place upgrades and Insider flights of the Windows 10 Enterprise, Windows 10 Education, and Windows 10
Pro for Workstations editions do not automatically remove SMBv1. An administrator must decide to uninstall
SMBv1 in these managed environments.
Automatic removal of SMBv1 after 15 days is a one-time operation. If an administrator re-installs SMBv1, no
further attempts will be made to uninstall it.
The SMB version 2.02, 2.1, 3.0, 3.02, and 3.1.1 features are still fully supported and included by default as part of
the SMBv2 binaries.
Because the Computer Browser service relies on SMBv1, the service is uninstalled if the SMBv1 client or server
is uninstalled. This means that Explorer Network can no longer display Windows computers through the legacy
NetBIOS datagram browsing method.
SMBv1 can still be reinstalled in all editions of Windows 10 and Windows Server 2016.
SMBv1 has the following additional behaviors in Windows 10 starting in version 1809 (RS5). All other behaviors
from version 1709 still apply:
Windows 10 Pro no longer contains the SMBv1 client by default after a clean installation.
In Windows 10 Enterprise, Windows 10 Education, and Windows 10 Pro for Workstations an administrator
can activate automatic removal of SMBv1 by turning on the "SMB 1.0/CIFS Automatic Removal" feature.
NOTE
Windows 10, version 1803 (RS4) Pro handles SMBv1 in the same manner as Windows 10, version 1703 (RS2) and
Windows 10, version 1607 (RS1). This issue was fixed in Windows 10, version 1809 (RS5). You can still uninstall SMBv1
manually. However, Windows will not automatically uninstall SMBv1 after 15 days in the following scenarios:
You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol,
which is unsafe and could expose your system to attack.
Your system requires SMB2 or higher. For more info on resolving this issue, see:
https://go.microsoft.com/fwlink/?linkid=852747
System Error 64
Error 58
The following events appear when a remote server required an SMBv1 connection from this client, but SMBv1 is
uninstalled or disabled on the client.
Dialect:
SecurityMode
Server name:
Guidance:
SMB1 is deprecated and should not be installed nor enabled. For more information, see
https://go.microsoft.com/fwlink/?linkid=852747.
Log Name: Microsoft-Windows-SmbClient/Security
Source: Microsoft-Windows-SMBClient
Date: Date/Time
Event ID: 32000
Task Category: None
Level: Info
Keywords: (128)
User: NETWORK SERVICE
Computer: junkle.contoso.com
Description:
SMB1 negotiate response received from remote device when SMB1 cannot be negotiated by the local computer.
Dialect:
Server name:
Guidance:
The client has SMB1 disabled or uninstalled. For more information: https://go.microsoft.com/fwlink/?
linkid=852747.
These devices are not likely running Windows. They are more likely running older versions of Linux, Samba, or
other types of third-party software to provide SMB services. Often, these versions of Linux and Samba are,
themselves, no longer supported.
NOTE
Windows 10, version 1709 is also known as "Fall Creators Update."
More Information
To work around this issue, contact the manufacturer of the product that supports only SMBv1, and request a
software or firmware update that support SMBv2.02 or a later version. For a current list of known vendors and
their SMBv1 requirements, see the following Windows and Windows Server Storage Engineering Team Blog article:
SMBv1 Product Clearinghouse
Leasing mode
If SMBv1 is required to provide application compatibility for legacy software behavior, such as a requirement to
disable oplocks, Windows provides a new SMB share flag that's known as Leasing mode. This flag specifies
whether a share disables modern SMB semantics such as leases and oplocks.
You can specify a share without using oplocks or leasing to allow a legacy application to work with SMBv2 or a later
version. To do this, use the New-SmbShare or Set-SmbShare PowerShell cmdlets together with the -
LeasingMode None parameter.
NOTE
You should use this option only on shares that are required by a third-party application for legacy support if the vendor
states that it is required. Do not specify Leasing mode on user data shares or CA shares that are used by Scale-Out File
Servers. This is because the removal of oplocks and leases causes instability and data corruption in most applications. Leasing
mode works only in Share mode. It can be used by any client operating system.
NOTE
We recommend that you map drives and printers instead of enabling this feature, which still requires searching and browsing
for their devices. Mapped resources are easier to locate, require less training, and are safer to use. This is especially true if
these resources are provided automatically through Group Policy. An administrator can configure printers for location by
methods other than the legacy Computer Browser service by using IP addresses, Active Directory Domain Services (AD DS),
Bonjour, mDNS, uPnP, and so on.
If you cannot use any of these workarounds, or if the application manufacturer cannot provide supported versions
of SMB, you can re-enable SMBv1 manually by following the steps in How to detect, enable and disable SMBv1,
SMBv2, and SMBv3 in Windows.
IMPORTANT
We strongly recommend that you don't reinstall SMBv1. This is because this older protocol has known security issues
regarding ransomware and other malware.
You should ignore this specific BPA rule's guidance, it's deprecated. We repeat: don't enable SMB 1.0.
Additional references
Stop using SMB1
SMB known issues
4/7/2020 • 2 minutes to read • Edit Online
The following topics describe some common troubleshooting issues that can occur when you use Server Message
Block (SMB). These topics also provide possible solutions to those issues.
TCP three-way handshake failure
Negotiate, Session Setup, and Tree Connect Failures
TCP connection is aborted during Validate Negotiate
Slow files transfer speed
High CPU usage issue on the SMB server
Troubleshoot the Event ID 50 Error Message
SMB Multichannel troubleshooting
TCP three-way handshake failure during SMB
connection
4/7/2020 • 2 minutes to read • Edit Online
When you analyze a network trace, you notice that there is a Transmission Control Protocol (TCP) three-way
handshake failure that causes the SMB issue to occur. This article describes how to troubleshoot this situation.
Troubleshooting
Generally, the cause is a local or infrastructure firewall that blocks the traffic. This issue can occur in either of the
following scenarios.
Scenario 1
The TCP SYN packet arrives on the SMB server, but the SMB server does not return a TCP SYN-ACK packet.
To troubleshoot this scenario, follow these steps.
Step 1
Run netstat or Get-NetTcpConnection to make sure that there is a listener on TCP port 445 that should be
owned by the SYSTEM process.
Step 2
Make sure that the Server service is started and running.
Step 3
Take a Windows Filtering Platform (WFP) capture to determine which rule or program is dropping the traffic. To do
this, run the following command in a Command Prompt window:
Run a scenario trace, and look for WFP drops in SMB traffic (on TCP port 445).
Optionally, you could remove the anti-virus programs because they are not always WFP-based.
Step 4
If Windows Firewall is enabled, enable firewall logging to determine whether it records a drop in traffic.
Make sure that the appropriate "File and Printer Sharing (SMB-In)" rules are enabled in Windows Firewall with
Advanced Security > Inbound Rules .
NOTE
Depending on how your computer is set up, "Windows Firewall" might be called "Windows Defender Firewall."
Scenario 2
The TCP SYN packet never arrives at the SMB server.
In this scenario, you have to investigate the devices along the network path. You may analyze network traces that
are captured on each device to determine which device is blocking the traffic.
Negotiate, Session Setup, and Tree Connect Failures
7/22/2020 • 2 minutes to read • Edit Online
This article describes how to troubleshoot the failures that occur during an SMB Negotiate, Session Setup, and Tree
Connect request.
Negotiate fails
The SMB server receives an SMB NEGOTIATE request from an SMB client. The connection times out and is reset
after 60 seconds. There may be an ACK message after about 200 microseconds.
This problem is most often caused by antivirus program.
If you are using Windows Server 2008 R2, there are hotfixes for this problem. Make sure that the SMB client and
the SMB server are up to date.
NOTE
The errors that occur during the Kerberos Pre-Authentication are OK. The errors that occur after the Kerberos Pre-
Authentication (instances in which authentication does not work), are the errors that caused the SMB problem.
If EncryptData is true on the share, and RejectUnencryptedAccess is true on the server, encryption is
required by the share
Follow these guidelines as you troubleshoot:
Windows 8, Windows Server 2012, and later versions of Windows support client-side encryption (SMBv3
and later).
Windows 7, Windows Server 2008 R2 and earlier versions of Windows do not support client-side
encryption.
Samba and third-party device may not support encryption. You may have to consult product documentation
for more information.
References
For more information, see the following articles.
3.3.5.4 Receiving an SMB2 NEGOTIATE Request
3.3.5.5 Receiving an SMB2 SESSION_SETUP Request
3.3.5.7 Receiving an SMB2 TREE_CONNECT Request
TCP connection is aborted during Validate Negotiate
7/22/2020 • 2 minutes to read • Edit Online
In the network trace for the SMB issue, you notice that a TCP Reset abort occurred during the Validate Negotiate
process. This article describes how to troubleshoot the situation.
Cause
This issue can be caused by a failed negotiation validation. This typically occurs because a WAN accelerator
modifies the original SMB NEGOTIATE packet.
Microsoft no longer allows modification of the Validate Negotiate packet for any reason. This is because this
behavior creates a serious security risk.
The following requirements apply to the Validate Negotiate packet:
The Validate Negotiate process uses the FSCTL_VALIDATE_NEGOTIATE_INFO command.
The Validate Negotiate response must be signed. Otherwise, the connection is aborted.
You should compare the FSCTL_VALIDATE_NEGOTIATE_INFO messages to the Negotiate messages to make
sure that nothing was changed.
Workaround
You can temporarily disable the Validate Negotiate process. To do this, locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\LanmanWorkstation\Parameters
Under the Parameters key, set RequireSecureNegotiate to 0 .
In Windows PowerShell, you can run the following command to set this value:
NOTE
The Validate Negotiate process cannot be disabled in Windows 10, Windows Server 2016, or later versions of Windows.
If either the client or server cannot support the Validate Negotiate command, you can work around this issue by
setting SMB signing to be required. SMB signing is considered more secure than Validate Negotiate. However, there
can also be performance degradation if signing is required.
Reference
For more information, see the following articles:
3.3.5.15.12 Handling a Validate Negotiate Info Request
3.2.5.14.12 Handling a Validate Negotiate Info Response
Slow SMB files transfer speed
7/22/2020 • 3 minutes to read • Edit Online
This article provides suggested troubleshooting procedures for slow file transfer speeds through SMB.
NOTE
After you set this registry key, SMB2 leases are no longer granted, but oplocks are still available. This setting is used
primarily for troubleshooting.
2. Restart the file server or restart the Ser ver service. To restart the service, run the following commands:
To avoid this issue, you can also replicate the file to a local file server. For more information, see aving Office
documents to a network server is slow when using EFS.
High CPU usage issue on the SMB server
4/7/2020 • 5 minutes to read • Edit Online
This article discusses how to troubleshoot the high CPU usage issue on the SMB server.
NOTE
Do not confuse these counters with Avg. Disk Transfers/sec. These are completely different counters.
Symptoms
When information is being written to the physical disk, the following two event messages may be logged in the
system event log:
Event ID: 50
Event Type: Warning
Event Source: Ftdisk
Description: {Lost Delayed-Write Data} The system was attempting to transfer file data from buffers to
\Device\HarddiskVolume4. The write operation failed, and only some of the data may have been written to the
file.
Data:
0000: 00 00 04 00 02 00 56 00
0008: 00 00 00 00 32 00 04 80
0010: 00 00 00 00 00 00 00 00
0018: 00 00 00 00 00 00 00 00
0020: 00 00 00 00 00 00 00 00
0028: 11 00 00 80
Event ID: 26
Event Type: Information
Event Source: Application Popup
Description: Windows - Delayed Write Failed : Windows was unable to save all the data for the file
\Device\HarddiskVolume4\Program Files\Microsoft SQL Server\MSSQL$INSTANCETWO\LOG\ERRORLOG. The data has been
lost. This error may be caused by a failure of your computer hardware or network connection.
These event ID messages mean exactly the same thing and are generated for the same reasons. For the purposes of
this article, only the event ID 50 message is described.
NOTE
The device and path in the description and the specific hexadecimal data will vary.
More Information
An event ID 50 message is logged if a generic error occurs when Windows is trying to write information to the
disk. This error occurs when Windows is trying to commit data from the file system Cache Manager (not hardware
level cache) to the physical disk. This behavior is part of the memory management of Windows. For example, if a
program sends a write request, the write request is cached by Cache Manager and the program is told the write is
completed successfully. At a later point in time, Cache Manager tries to lazy write the data to the physical disk.
When Cache Manager tries to commit the data to disk, an error occurs writing the data, and the data is flushed
from the cache and discarded. Write-back caching improves system performance, but data loss and volume
integrity loss can occur as a result of lost delayed-write failures.
It is important to remember that not all I/O is buffered I/O by Cache Manager. Programs can set a
FILE_FLAG_NO_BUFFERING flag that bypasses Cache Manager. When SQL performs critical writes to a database,
this flag is set to guarantee that the transaction is completed directly to disk. For example, non-critical writes to log
files perform buffered I/O to improve overall performance. An event ID 50 message never results from non-
buffered I/O.
There are several different sources for an event ID 50 message. For example, an event ID 50 message logged from
a MRxSmb source occurs if there is a network connectivity problem with the redirector. To avoid performing
incorrect troubleshooting steps, make sure to review the event ID 50 message to confirm that it refers to a disk I/O
issue and that this article applies.
An event ID 50 message is similar to an event ID 9 and an event ID 11 message. Although the error is not as
serious as the error indicated by the event ID 9 and an event ID 11 message, you can use the same troubleshooting
techniques for a event ID 50 message as you do for an event ID 9 and an event ID 11 message. However, remember
that anything in the stack can cause lost-delay writes, such as filter drivers and mini-port drivers.
You can use the binary data that is associated with any accompanying "DISK" error (indicated by an event ID 9, 11,
51 error message or other messages) to help you in identifying the problem.
How to Decode the Data Section of an Event ID 50 Event Message
When you decode the data section in the example of an event ID 50 message that is included in the "Summary"
section, you see that the attempt to perform a write operation failed because the device was busy and the data was
lost. This section describes how to decode this event ID 50 message.
The following table describes what each offset of this message represents:
0028: 11 00 00 80
In this case, the final status equals 0x80000011.This status code maps to STATUS_DEVICE_BUSY and implies that
the device is currently busy.
NOTE
When you are converting the hexadecimal data in the event ID 50 message to the status code, remember that the values are
represented in the little-endian format. Because the status code is the only piece of information that you are interested in, it
may be easier to view the data in WORDS format instead of BYTES. If you do so, the bytes will be in the correct format and
the data may be easier to interpret quickly.
To do so, click Words in the Event Proper ties window. In the Data Words view, the example in the "Symptoms"
section would read as follows: Data:
() Bytes (.)
Words 0000: 00040000 00560002 00000000 80040032 0010: 00000000 00000000 00000000 00000000 0020: 00000000
00000000 80000011
To obtain a list of Windows NT status codes, see NTSTATUS.H in the Windows Software Developers Kit (SDK).
SMB Multichannel troubleshooting
7/22/2020 • 2 minutes to read • Edit Online
This article describes how to troubleshoot issues that are related to SMB Multichannel.
After that, make sure the network interface is listed in the output of the following commands:
Get-SmbServerNetworkInterface
Get-SmbClientNetworkInterface
You can also run the Get-NetAdapter command to view the interface index to verify the result. The interface index
shows all the active SMB adapters that are actively bound to the appropriate interface.
You can also enable File and Printer Sharing in the Network and Sharing Center window. To do this, select
Change advanced sharing settings in the menu on the left, and then select Turn on file and printer sharing
for the profile. This option enables the File and Printer Sharing firewall rules.
Capture client and server sided traffic for troubleshooting
You need the SMB connection tracing information that starts from the TCP three-way handshake. We recommend
that you close all applications (especially Windows Explorer) before you start the capture. Restart the Workstation
service on the SMB client, start the packet capture, and then reproduce the issue.
Make sure that the SMBv3.x connection is being negotiated, and that nothing in between the server and the client
is affecting dialect negotiation. SMBv2 and earlier versions don't support multichannel.
Look for the NETWORK_INTERFACE_INFO packets. This is where the SMB client requests a list of adapters from the
SMB server. If these packets aren't exchanged, multichannel doesn't work.
The server responds by returning a list of valid network interfaces. Then, the SMB client adds those to the list of
available adapters for multichannel. At this point, multichannel should start and, at least, try to start the connection.
For more information, see the following articles:
3.2.4.20.10 Application Requests Querying Server's Network Interfaces
2.2.32.5 NETWORK_INTERFACE_INFO Response
3.2.5.14.11 Handling a Network Interfaces Response
In the following scenarios, an adapter cannot be used:
There is a routing issue on the client. This is typically caused by an incorrect routing table that forces traffic
over the wrong interface.
Multichannel constraints have been set. For more information, see New-SmbMultichannelConstraint.
Something blocked the network interface request and response packets.
The client and server can't communicate over the extra network interface. For example, the TCP three-way
handshake failed, the connection is blocked by a firewall, session setup failed, and so on.
If the adapter and its IPv6 address are on the list that is sent by the server, the next step is to see whether
communications are tried over that interface. Filter the trace by the link-local address and SMB traffic, and look for
a connection attempt. If this is a NetConnection trace, you can also examine Windows Filtering Platform (WFP)
events to see whether the connection is being blocked.
File Server Resource Manager (FSRM) overview
8/18/2020 • 4 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server 2008 R2, Windows Server (Semi-Annual Channel),
File Server Resource Manager (FSRM) is a role service in Windows Server that enables you to manage and classify
data stored on file servers. You can use File Server Resource Manager to automatically classify files, perform tasks
based on these classifications, set quotas on folders, and create reports monitoring storage usage.
It's a small point, but we also added the ability to disable change journals in Windows Server, version 1803.
Features
File Server Resource Manager includes the following features:
Quota management allows you to limit the space that is allowed for a volume or folder, and they can be
automatically applied to new folders that are created on a volume. You can also define quota templates that can
be applied to new volumes or folders.
File Classification Infrastructure provides insight into your data by automating classification processes so that
you can manage your data more effectively. You can classify files and apply policies based on this classification.
Example policies include dynamic access control for restricting access to files, file encryption, and file expiration.
Files can be classified automatically by using file classification rules or manually by modifying the properties of
a selected file or folder.
File Management Tasks enables you to apply a conditional policy or action to files based on their classification.
The conditions of a file management task include the file location, the classification properties, the date the file
was created, the last modified date of the file, or the last time the file was accessed. The actions that a file
management task can take include the ability to expire files, encrypt files, or run a custom command.
File screening management helps you control the types of files that user can store on a file server. You can limit
the extension that can be stored on your shared files. For example, you can create a file screen that does not
allow files with an MP3 extension to be stored in personal shared folders on a file server.
Storage reports help you identify trends in disk usage and how your data is classified. You can also monitor a
selected group of users for attempts to save unauthorized files.
The features included with File Server Resource Manager can be configured and managed by using the File Server
Resource Manager app or by using Windows PowerShell.
IMPORTANT
File Server Resource Manager supports volumes formatted with the NTFS file system only. The Resilient File System isn't
supported.
Practical applications
Some practical applications for File Server Resource Manager include:
Use File Classification Infrastructure with the Dynamic Access Control scenario to create a policy that grants
access to files and folders based on the way files are classified on the file server.
Create a file classification rule that tags any file that contains at least 10 social security numbers as having
personally identifiable information.
Expire any file that has not been modified in the last 10 years.
Create a 200 megabyte quota for each user's home directory and notify them when they are using 180
megabytes.
Do not allow any music files to be stored in personal shared folders.
Schedule a report that runs every Sunday night at midnight that generates a list of the most recently
accessed files from the previous two days. This can help you determine the weekend storage activity and
plan your server downtime accordingly.
2. Delete the USN journal for the volumes you want to conserve space on by using the fsutil command:
3. Open Registry Editor, for example, by typing regedit in the same PowerShell session.
4. Navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Ser vices\SrmSvc\Settings
5. To optionally skip change journal creation for the entire server (skip this step if you want to disable it only
on specific volumes):
a. Right-click the Settings key and then select New > DWORD (32-bit) Value .
b. Name the value SkipUSNCreationForSystem .
c. Set the value to 1 (in hexidecimal).
6. To optionally skip change journal creation for specific volumes:
a. Get the volume paths you want to skip by using the fsutil volume list command or the following
PowerShell command:
\\?\Volume{8d3c9e8a-0000-0000-0000-100000000000}\
\\?\Volume{8d3c9e8a-0000-0000-0000-501f00000000}\
NOTE
Registry Editor might tell you that it removed empty strings, displaying this warning that you can safely
disregard: Data of type REG_MULTI_SZ cannot contain empty strings. Registry Editor will remove all empty
strings found.
7. Start the SRMSVC service. For example, in a PowerShell session enter Start-Service SrmSvc .
Additional References
Dynamic Access Control
Checklist: Apply a Quota to a volume or folder
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server 2008 R2, Windows Server (Semi-Annual Channel)
1. Configure e-mail settings if you plan to send threshold notifications or storage reports by e-mail. Configure
E-Mail Notifications
2. Assess storage requirements on the volume or folder. You can use reports on the Storage Repor ts
Management node to provide data. (For example, run a Files by Owner report on demand to identify users
who use large amounts of disk space.) Generate Reports on Demand
3. Review available pre-configured quota templates. (In Quota Management , click the Quota Templates
node.) Edit Quota Template Properties
-Or-
Create a new quota template to enforce a storage policy in your organization. Create a Quota Template
4. Create a quota based on the template on the volume or folder. Create a Quota
-Or-
Create an auto apply quota to automatically generate quotas for subfolders on the volume or folder. Create
an Auto Apply Quota
5. Schedule a report task that contains a Quota Usage report to monitor quota usage periodically. Schedule a
Set of Reports
NOTE
If you want to screen files on a volume or folder, see Checklist: Apply a File Screen to a Volume or Folder.
Checklist - Apply a file screen to a volume or folder
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
NOTE
To limit storage on a volume or folder, see Checklist: Apply a Quota to a Volume or Folder
Setting File Server Resource Manager Options
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
The general File Server Resource Manager options can be set in the File Ser ver Resource Manager Options
dialog box. These settings are used throughout the nodes, and some of them can be modified when you work
with quotas, screen files, or generate storage reports.
This section includes the following topics:
Configure E-Mail Notifications
Configure Notification Limits
Configure Storage Reports
Configure File Screen Audit
Configure E-Mail Notifications
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
When you create quotas and file screens, you have the option of sending e-mail notifications to users when their
quota limit is approaching or after they have attempted to save files that have been blocked. When you generate
storage reports, you have the option of sending the reports to specific recipients by e-mail. If you want to routinely
notify certain administrators about quota and file screening events, or send storage reports, you can configure one
or more default recipients.
To send these notifications and storage reports, you must specify the SMTP server to be used for forwarding the e-
mail messages.
Additional References
Setting File Server Resource Manager Options
Configure Notification Limits
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
To reduce the number of notifications that accumulate for repeatedly exceeding a quota threshold or attempting to
save an unauthorized file, File Server Resource Manager applies time limits to the following notification types:
E-mail
Event log
Command
Report
Each limit specifies a period of time before another configured notification of the same type is generated for an
identical issue.
A default 60-minute limit is set for each notification type, but you can change these limits. The limit applies to all
the notifications of a given type, whether they are generated by quota thresholds or by file screening events.
NOTE
To customize time limits that are associated with notifications for a specific quota or file screen, you can use the File Server
Resource Manager command-line tools Dirquota.exe and Filescrn.exe , or use the File Server Resource Manager cmdlets.
Additional References
Setting File Server Resource Manager Options
Command-Line Tools
Configure Storage Reports
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
You can configure the default parameters for storage reports. These default parameters are used for the incident
reports that are generated when a quota or file screening event occurs. They are also used for scheduled and on-
demand reports, and you can override the default parameters when you define the specific properties of these
reports.
IMPORTANT
When you change the default parameters for a type of report, changes affect all incident reports and any existing scheduled
report tasks that use the defaults.
Additional References
Setting File Server Resource Manager Options
Storage Reports Management
Configure File Screen Audit
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
By using File Server Resource Manager, you can record file screening activity in an auditing database. The
information saved in this database is used to generate the File Screening Audit report.
IMPORTANT
If the Record file screening activity in the auditing database check box is cleared, the File Screening Audit Reports
will not contain any information.
Additional References
Setting File Server Resource Manager Options
Storage Reports Management
Quota Management
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
On the Quota Management node of the File Server Resource Manager Microsoft® Management Console
(MMC) snap-in, you can perform the following tasks:
Create quotas to limit the space allowed for a volume or folder, and generate notifications when the quota
limits are approached or exceeded.
Generate auto apply quotas that apply to all existing subfolders in a volume or folder and to any subfolders
that are created in the future.
Define quota templates that can be easily applied to new volumes or folders and then used across an
organization.
For example, you can:
Place a 200 megabyte (MB) limit on users' personal server folders, with an email notification sent to you and
the user when 180 MB of storage has been exceeded.
Set a flexible 500 MB quota on a group's shared folder. When this storage limit is reached, all users in the group
are notified by e-mail that the storage quota has been temporarily extended to 520 MB so that they can delete
unnecessary files and comply with the preset 500 MB quota policy.
Receive a notification when a temporary folder reaches 2 gigabytes (GB) of usage, yet not limit that folder's
quota because it is necessary for a service running on your server.
This section includes the following topics:
Create a Quota
Create an Auto Apply Quota
Create a Quota Template
Edit Quota Template Properties
Edit Auto Apply Quota Properties
NOTE
To set e-mail notifications and reporting capabilities, you must first configure the general File Server Resource Manager
options.
Additional References
Setting File Server Resource Manager Options
Create a Quota
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
Quotas can be created from a template or with custom properties. The following procedure describes how to
create a quota that is based on a template (recommended). If you need to create a quota with custom properties,
you can save these properties as a template to re-use at a later date.
When you create a quota, you choose a quota path, which is a volume or folder that the storage limit applies to. On
a given quota path, you can use a template to create one of the following types of quota:
A single quota that limits the space for an entire volume or folder.
An auto apply quota, which assigns the quota template to a folder or volume. Quotas based on this template
are automatically generated and applied to all subfolders. For more information about creating auto apply
quotas, see Create an Auto Apply Quota.
NOTE
By creating quotas exclusively from templates, you can centrally manage your quotas by updating the templates instead of
the individual quotas. Then, you can apply changes to all quotas based on the modified template. This feature simplifies the
implementation of storage policy changes by providing one central point where all updates can be made.
NOTE
To create an auto apply quota, click the Auto apply template and create quotas on existing and new
subfolders option. For more information about auto apply quotas, see Create an Auto Apply Quota
6. Under Derive proper ties from this quota template , the template you used in step 2 to create your new
quota is pre-selected (or you can select another template from the list). Note that the template's properties
are displayed under Summar y of quota proper ties .
7. Click Create .
Additional References
Quota Management
Create an Auto Apply Quota
Create a Quota Template
Create an Auto Apply Quota
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
By using auto apply quotas, you can assign a quota template to a parent volume or folder. Then File Server
Resource Manager automatically generates quotas that are based on that template. Quotas are generated for each
of the existing subfolders and for subfolders that you create in the future.
For example, you can define an auto apply quota for subfolders that are created on demand, for roaming profile
users, or for new users. Every time a subfolder is created, a new quota entry is automatically generated by using
the template from the parent folder. These automatically generated quota entries can then be viewed as individual
quotas under the Quotas node. Each quota entry can be maintained separately.
NOTE
You can verify all automatically generated quotas by selecting the Quotas node and then selecting Refresh . An individual
quota for each subfolder and the auto apply quota profile in the parent volume or folder are listed.
Additional References
Quota Management
Edit Auto Apply Quota Properties
Create a Quota Template
8/18/2020 • 4 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
A quota template defines a space limit, the type of quota (hard or soft) and optionally, a set of notifications that will
be generated automatically when quota usage reaches defined threshold levels.
By creating quotas exclusively from templates, you can centrally manage your quotas by updating the templates
instead of replicating changes in each quota. This feature simplifies the implementation of storage policy changes
by providing one central point where you can make all updates.
IMPORTANT
To send e-mail notifications and configure the storage reports with parameters that are appropriate for your server
environment, you must first set the general File Server Resource Manager options. For more information, see Setting File
Server Resource Manager Options
To configure notifications that File Ser ver Resource Manager will generate at a quota threshold
1. In the Create Quota Template dialog box, under Notification thresholds , click Add . The Add
Threshold dialog box appears.
2. To set a quota limit percentage that will generate a notification:
In the Generate notifications when usage reaches (%) text box, enter a percentage of the quota limit
for the notification threshold. (The default percentage for the first notification threshold is 85 percent.)
3. To configure e-mail notifications:
On the E-mail Message tab, set the following options:
To notify administrators when a threshold is reached, select the Send e-mail to the following
administrators check box, and then enter the names of the administrative accounts that will receive the
notifications. Use the format account@domain, and use semicolons to separate multiple accounts.
To send e-mail to the person who saved the file that reached the quota threshold, select the Send e-
mail to the user who exceeded the threshold check box.
To configure the message, edit the default subject line and message body that are provided. The text that
is in brackets inserts variable information about the quota event that caused the notification. For
example, the [Source Io Owner] variable inserts the name of the user who saved the file that reached
the quota threshold. To insert additional variables in the text, click Inser t Variable .
To configure additional headers (including From, Cc, Bcc, and Reply-to), click Additional E-mail
Headers .
4. To log an event:
On the Event Log tab, select the Send warning to event log check box, and edit the default log entry.
5. To run a command or script:
On the Command tab, select the Run this command or script check box. Then type the command, or
click Browse to search for the location where the script is stored. You can also enter command arguments,
select a working directory for the command or script, or modify the command security setting.
6. To generate one or more storage reports:
On the Repor t tab, select the Generate repor ts check box, and then select which reports to generate. (You
can choose one or more administrative e-mail recipients for the report or e-mail the report to the user who
reached the threshold.)
The report is saved in the default location for incident reports, which you can modify in the File Ser ver
Resource Manager Options dialog box.
7. Click OK to save your notification threshold.
8. Repeat these steps if you want to configure additional notification thresholds for the quota template.
Additional References
Quota Management
Setting File Server Resource Manager Options
Edit Quota Template Properties
Command-Line Tools
Edit Quota Template Properties
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
When you make changes to a quota template, you have the option of extending those changes to quotas that were
created from the original quota template. You can choose to modify only those quotas that still match the original
template or all quotas that were derived from the original template, regardless of any modifications that were
made to the quotas since they were created. This feature simplifies the process of updating the properties of your
quotas by providing one central point where you can make all the changes.
NOTE
If you choose to apply the changes to all quotas that were derived from the original template, you will overwrite any custom
quota properties that you created.
Additional References
Quota Management
Create a Quota Template
Edit Auto Apply Quota Properties
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
When you make changes to an auto apply quota, you have the option of extending those changes to existing
quotas in the auto apply quota path. You can choose to modify only those quotas that still match the original auto
apply quota or all quotas in the auto apply quota path, regardless of any modifications that were made to the
quotas since they were created. This feature simplifies the process of updating the properties of quotas that were
derived from an auto apply quota by providing one central point where you can make all the changes.
NOTE
If you choose to apply the changes to all quotas in the auto apply quota path, you will overwrite any custom quota
properties that you have created.
Additional References
Quota Management
Create an Auto Apply Quota
File Screening Management
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
On the File Screening Management node of the File Server Resource Manager MMC snap-in, you can perform
the following tasks:
Create file screens to control the types of files that users can save, and generate notifications when users
attempt to save unauthorized files.
Define file screening templates that can be applied to new volumes or folders and that can be used across an
organization.
Create file screening exceptions that extend the flexibility of the file screening rules.
For example, you can:
Ensure that no music files are stored on personal folders on a server, yet you could allow storage of specific
types of media files that support legal rights management or comply with company policies. In the same
scenario, you might want to give a vice president in the company special privileges to store any type of files in
his personal folder.
Implement a screening process to notify you by e-mail when an executable file is stored on a shared folder,
including information about the user who stored the file and the file's exact location, so that you can take the
appropriate precautionary steps.
This section includes the following topics:
Define File Groups for Screening
Create a File Screen
Create a File Screen Exception
Create a File Screen Template
Edit File Screen Template Properties
NOTE
To set e-mail notifications and certain reporting capabilities, you must first configure the general File Server Resource
Manager options.
Additional References
Setting File Server Resource Manager Options
Define File Groups for Screening
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
A file group is used to define a namespace for a file screen, file screen exception, or Files by File Group storage
report. It consists of a set of file name patterns, which are grouped by the following:
Files to include : files that belong in the group
Files to exclude : files that do not belong in the group
NOTE
For convenience, you can create and edit file groups while you edit the properties of file screens, file screen exceptions, file
screen templates, and Files by File Group reports. Any file group changes that you make from these property sheets are
not limited to the current item that you are working on.
Additional References
File Screening Management
Create a File Screen
Create a File Screen Exception
Create a File Screen Template
Storage Reports Management
Create a File Screen
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
When creating a new file screen, you can choose to save a file screen template that is based on the custom file
screen properties that you define. The advantage of this is that a link is maintained between file screens and the
template that is used to create them, so that in the future, changes to the template can be applied to all file screens
that derive from it. This is a feature that simplifies the implementation of storage policy changes by providing one
central point where you can make all updates.
Additional References
File Screening Management
Define File Groups for Screening
Create a File Screen Template
Edit File Screen Template Properties
Create a File Screen Exception
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
Occasionally, you need to allow exceptions to file screening. For example, you might want to block video files from
a file server, but you need to allow your training group to save the video files for their computer-based training. To
allow files that other file screens are blocking, create a file screen exception.
A file screen exception is a special type of file screen that over-rides any file screening that would otherwise apply
to a folder and all its subfolders in a designated exception path. That is, it creates an exception to any rules derived
from a parent folder.
NOTE
You cannot create a file screen exception on a parent folder where a file screen is already defined. You must assign the
exception to a subfolder or make changes to the existing file screen.
You assign file groups to determine which file types will be allowed in the file screen exception.
Additional References
File Screening Management
Define File Groups for Screening
Create a File Screen Template
8/18/2020 • 4 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
A file screen template defines a set of file groups to screen, the type of screening to perform (active or passive),
and optionally, a set of notifications that will be generated automatically when a user saves, or attempts to save,
an unauthorized file.
File Server Resource Manager can send e-mail messages to administrators or specific users, log an event, execute
a command or a script, or generate reports. You can configure more than one type of notification for a file screen
event.
By creating file screens exclusively from templates, you can centrally manage your file screens by updating the
templates instead of replicating changes in each file screen. This feature simplifies the implementation of storage
policy changes by providing one central point where you can make all updates.
IMPORTANT
To send e-mail notifications and to configure the storage reports with parameters that are appropriate for your server
environment, you must first set the general File Server Resource Manager options. For more information, see Setting File
Server Resource Manager Options.
Additional References
File Screening Management
Setting File Server Resource Manager Options
Edit File Screen Template Properties
Edit File Screen Template Properties
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
When you make changes to a file screen template, you have the option of extending those changes to file screens
that were created with the original file screen template. You can choose to modify only those file screens that
match the original template or all file screens that derive from the original template, regardless of any
modifications that you made to the file screens since they were created. This feature simplifies the process of
updating the properties of file screens by providing one central point where you make all the changes.
NOTE
If you apply the changes to all file screens that derive from the original template, you will overwrite any custom file screen
properties that you created.
Additional References
File Screening Management
Create a File Screen Template
Storage Reports Management
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
On the Storage Repor ts Management node of the File Server Resource Manager Microsoft® Management
Console (MMC) snap-in, you can perform the following tasks:
Schedule periodic storage reports that allow you to identify trends in disk usage.
Monitor attempts to save unauthorized files for all users or a selected group of users.
Generate storage reports instantly.
For example, you can:
Schedule a report that will run every Sunday at midnight, generating a list that includes the most recently
accessed files from the previous two days. With this information, you can monitor weekend storage activity
and plan server down-time that will have less impact on users who are connecting from home over the
weekend.
Run a report at any time to identify all duplicate files in a volume on a server so that disk space can be quickly
reclaimed without losing any data.
Run a Files by File Group report to identify how storage resources are segmented across different file groups
Run a Files by Owner report to analyze how individual users are using shared storage resources.
This section includes the following topics:
Schedule a Set of Reports
Generate Reports on Demand
NOTE
To set e-mail notifications and certain reporting capabilities, you must first configure the general File Server Resource
Manager options.
Additional References
Setting File Server Resource Manager Options
Schedule a Set of Reports
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
To generate a set of reports on a regular schedule, you schedule a report task. The report task specifies which
reports to generate and what parameters to use; which volumes and folders to report on; how often to generate
the reports and which file formats to save them in.
Scheduled reports are saved in a default location, which you can specify in the File Ser ver Resource Manager
Options dialog box. You also have the option of delivering the reports by e-mail to a group of administrators.
NOTE
To minimize the impact of report processing on performance, generate multiple reports on the same schedule so that the
data is only gathered once. To quickly add reports to existing report tasks, you can use the Add or Remove Repor ts for a
Repor t Task action. This allows you to add or remove reports from multiple report tasks and to edit the report parameters.
To change schedules or delivery addresses, you must edit individual report tasks.
Additional References
Storage Reports Management
Setting File Server Resource Manager Options
Generate Reports on Demand
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
During daily operations, you can use the Generate Repor ts Now option to generate one or more reports on
demand. With these reports, you can analyze the different aspects of current disk usage on the server. Current data
is gathered before the reports are generated.
When you generate reports on demand, the reports are saved in a default location that you specify in the File
Ser ver Resource Manager Option dialog box, but no report task is created for later use. You can view the
reports immediately after they are generated or e-mail the reports to a group of administrators.
NOTE
If you choose to open the reports immediately, you must wait while the reports are generated. Processing time varies,
depending on the types of reports and the scope of the data.
Additional References
Storage Reports Management
Setting File Server Resource Manager Options
Classification Management
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
Classification properties are used to categorize files and can be used to select files for scheduled file management
tasks.
There are many ways to classify a file. One way is to create a classification property that assigns a value to all files
within a specified directory. Another way is to create rules to decide what value to set for a given property.
This section includes the following topics:
Create a Classification Property
Create an Automatic Classification Rule
NOTE
To set e-mail notifications and certain reporting capabilities, you must first configure the general File Server Resource
Manager options.
Additional References
Setting File Server Resource Manager Options
Create an Automatic Classification Rule
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
The following procedure guides you through the process of creating a classification rule. Each rule sets the value
for a single property. By default, a rule is run only once and ignores files that already have a property value
assigned. However, you can configure a rule to evaluate files regardless of whether a value is already assigned to
the property.
Additional References
Create a Classification Property
Classification Management
Create a Classification Property
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
Classification properties are used to assign values to files within a specified folder or volume. There are many
property types that you can choose from, depending on your needs. The following table defines the available
property types.
Ordered List A list of fixed values. Only one value can be assigned to a
property at a time. When combining multiple values during
classification or from file content, the value highest in the list
will be used.
The following procedure guides you through the process of creating a classification property.
Additional References
Create an Automatic Classification Rule
Classification Management
File Management Tasks
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
File management tasks automate the process of finding subsets of files on a server and applying simple
commands. These tasks can be scheduled to occur periodically to reduce repetitive costs. Files that will be
processed by a file management task can be defined through any of the following properties:
Location
Classification properties
Creation time
Modification time
Last accessed time
File management tasks can also be configured to notify file owners of any impending policy that will be applied to
their files.
NOTE
Individual File Management tasks are run on independent schedules.
NOTE
To set e-mail notifications and certain reporting capabilities, you must first configure the general File Server Resource
Manager options.
Additional References
Setting File Server Resource Manager Options
Create a File Expiration Task
8/18/2020 • 5 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
The following procedure guides you through the process of creating a file management task for expiring files. File
expiration tasks are used to automatically move all files that match certain criteria to a specified expiration
directory, where an administrator can then back those files up and delete them.
When a file expiration task is run, a new directory is created within the expiration directory, grouped by the server
name on which the task was run.
The new directory name is based on the name of the file management task and the time it was run. When an
expired file is found it is moved into the new directory, while preserving its original directory structure.
WARNING
Do not select a directory that is within the scope of the task, as defined in the previous step. Doing so could
cause an iterative loop that could lead to system instability and data loss.
5. Optionally, on the Notification tab, click Add to send e-mail notifications, log an event, or run a command
or script a specified minimum number of days before the task performs an action on a file.
In the Number of days before task is executed to send notification combo box, type or select
a value to specify the minimum number of days prior to a file being acted on that a notification will
be sent.
NOTE
Notifications are sent only when a task is run. If the specified minimum number of days to send a notification
does not coincide with a scheduled task, the notification will be sent on the day of the previous scheduled
task.
To configure e-mail notifications, click the E-mail Message tab and enter the following information:
To notify administrators when a threshold is reached, select the Send e-mail to the
following administrators check box, and then enter the names of the administrative
accounts that will receive the notifications. Use the format account@domain, and use
semicolons to separate multiple accounts.
To send e-mail to the person whose files are about to expire, select the Send e-mail to the
user whose files are about to expire check box.
To configure the message, edit the default subject line and message body that are provided.
The text that is in brackets inserts variable information about the quota event that caused the
notification. For example, the [Source File Owner] variable inserts the name of the user
whose file is about to expire. To insert additional variables in the text, click Inser t Variable .
To attach a list of the files that are about to expire, click Attach to the e-mail list of files on
which action will be performed , and type or select a value for Maximum number of
files in the list .
To configure additional headers (including From, Cc, Bcc, and Reply-to), click Additional E-
mail Headers .
To log an event, click the Event Log tab and select the Send warning to event log check box, and
then edit the default log entry.
To run a command or script, click the Command tab and select the Run this command or script
check box. Then type the command, or click Browse to search for the location where the script is
stored. You can also enter command arguments, select a working directory for the command or
script, or modify the command security setting.
6. Optionally, use the Repor t tab to generate one or more logs or storage reports.
To generate logs, select the Generate log check box and then select one or more available logs.
To generate reports, select the Generate a repor t check box and then select one or more available
report formats.
To create e-mail generated logs or storage reports, select the Send repor ts to the following
administrators check box and type one or more administrative e-mail recipients using the format
account@domain. Use a semicolon to separate multiple addresses.
NOTE
The report is saved in the default location for incident reports, which you can modify in the File Ser ver
Resource Manager Options dialog box.
7. Optionally, use the Condition tab to run this task only on files that match a defined set of conditions. The
following settings are available:
Proper ty conditions . Click Add to create a new condition based on the file's classification. This will
open the Proper ty Condition dialog box, which allows you to select a property, an operator to
perform on the property, and the value to compare the property against. After clicking OK , you can
then create additional conditions, or edit or remove an existing condition.
Days since file was last modified . Click the check box and then enter a number of days into the
spin box. This will result in the file management task only being applied to files that have not been
modified for more than the specified number of days.
Days since file was last accessed . Click the check box and then enter a number of days into the
spin box. If the server is configured to track timestamps for when files were last accessed, this will
result in the file management task only being applied to files that have not been accessed for more
than the specified number of days. If the server is not configured to track accessed times, this
condition will be ineffective.
Days since file was created . Click the check box and then enter a number of days into the spin box.
This will result in the task only being applied to files that were created at least the specified number of
days ago.
Effective star ting . Set a date when this file management task should start processing files. This
option is useful for delaying the task until you have had a chance to notify users or make other
preparations in advance.
8. On the Schedule tab, click Create Schedule , and then in the Schedule dialog box, click New . This
displays a default schedule set for 9:00 A.M. daily, but you can modify the default schedule. When you have
finished configuring the schedule, click OK and then click OK again.
Additional References
Classification Management
File Management Tasks
Create a Custom File Management Task
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
Expiration is not always a desired action to be performed on files. File management tasks allow you to run custom
commands as well.
NOTE
This procedure assumes that you are familiar with file management tasks, and therefore only covers the Action tab where
custom settings are configured.
Additional References
Classification Management
File Management Tasks
Managing Remote Storage Resources
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
NOTE
File Server Resource Manager can manage resources on either the local computer or a remote computer, but not both at the
same time.
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
To manage storage resources on a remote computer, you can connect to the computer from File Server Resource
Manager. While you are connected, File Server Resource Manager allows you to manage quotas, screen files,
manage classifications, schedule file management tasks, and generate reports with those remote resources.
NOTE
File Server Resource Manager can manage resources on either the local computer or a remote computer, but not both at the
same time.
IMPORTANT
The Connect to Another Computer command is available only when you open File Server Resource Manager from
Administrative Tools . When you access File Server Resource Manager from Server Manager, the command is not available.
Additional considerations
To manage remote resources with File Server Resource Manager:
You must be logged on to the local computer with a domain account that is a member of the Administrators
group on the remote computer.
The remote computer must be running Windows Server, and File Server Resource Manager must be installed.
The Remote File Ser ver Resource Manager Management exception on the remote computer must be
enabled. Enable this exception by using Windows Firewall in Control Panel.
Additional References
Managing Remote Storage Resources
File Server Resource Manager command-line tools
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows Server 2012, Windows Server 2008 R2
File Server Resource Manager installs the FileServerResourceManager PowerShell cmdlets as well as the following
command-line tools:
Dirquota.exe . Use to create and manage quotas, auto apply quotas, and quota templates.
Filescrn.exe . Use to create and manage file screens, file screen templates, file screen exceptions, and file
groups.
Storrept.exe . Use to configure report parameters and generate storage reports on demand. Also use to create
report tasks, which you can schedule by using schtasks.exe .
You can use these tools to manage storage resources on a local computer or a remote computer. For more
information about these command-line tools, see the following references:
Dirquota : https://go.microsoft.com/fwlink/?LinkId=92741
Filescrn : https://go.microsoft.com/fwlink/?LinkId=92742
Storrept : https://go.microsoft.com/fwlink/?LinkId=92743
NOTE
To see command syntax and the available parameters for a command, run the command with the /? parameter.
NOTE
When you run the command-line tools with the /remote :ComputerName parameter to perform a template export (or
import) on a remote computer, the templates are written to (or copied from) an XML file on the local computer.
Additional considerations
To manage remote resources with the command-line tools:
You must be logged on with a domain account that is a member of the Administrators group on the local
computer and on the remote computer.
You must run the command-line tools from an elevated Command Prompt window. To open an elevated
Command Prompt window, click Star t , point to All Programs , click Accessories , right-click Command
Prompt , and then click Run as administrator .
The remote computer must be running Windows Server, and File Server Resource Manager must be installed.
The Remote File Ser ver Resource Manager Management exception on the remote computer must be
enabled. Enable this exception by using Windows Firewall in Control Panel.
Additional References
Managing Remote Storage Resources
Troubleshooting File Server Resource Manager
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2
This section lists common issues that you might encounter when using File Server Resource Manager.
NOTE
A good troubleshooting option is to look for event logs that have been generated by File Server Resource Manager. All event
log entries for File Server Resource Manager can be found in theApplication event log under the source SRMSVC
I am only receiving one e-mail notification, even though the event that
triggered that notification happened several times in a row.
Cause : When a user attempts several times to save a file that is blocked or to save a file that exceeds a quota
threshold, and there is an e-mail notification configured for that file screening or quota event, only one e-
mail is sent to the administrator over a 60-minute period by default. This prevents an abundance of
redundant messages in the administrator's e-mail account.
Solution : On the Notification Limits tab, in the File Ser ver Resource Manager Options dialog box,
you can set a time limit for each of the notification types: e-mail, event log, command, and report. Each limit
specifies a time period that must pass before another notification of the same type is generated for the same
issue. For more information see Configure Notification Limits.
The "Used" and "Available" values for some of the quotas I have created
do not correspond to the actual "Limit" setting.
Cause : You may have a nested quota, where the quota of a subfolder derives a more restrictive limit from
the quota of its parent folder. For example, you might have a quota limit of 100 megabytes (MB) applied to a
parent folder and a quota of 200 MB applied separately to each of its subfolders. If the parent folder has a
total of 50 MB of data stored in it (the sum of the data stored in its subfolders), each of the subfolders will list
only 50 MB of available space.
Solution : Under Quota Management , click Quotas . In the Results pane, select the quota entry that you
are troubleshooting. In the Actions pane, click View Quotas Affecting Folder , and then look for quotas
that are applied to the parent folders. This will allow you to identify which parent folder quotas have a lower
storage limit setting than the quota you have selected.
Folder Redirection, Offline Files, and Roaming User
Profiles overview
8/18/2020 • 9 minutes to read • Edit Online
Applies to: Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows
Server 2012, Windows Server 2012 R2
This topic discusses the Folder Redirection, Offline Files (client-side caching or CSC), and Roaming User Profiles
(sometimes known as RUP) technologies, including what's new and where to find additional information.
Technology description
Folder Redirection and Offline Files are used together to redirect the path of local folders (such as the Documents
folder) to a network location, while caching the contents locally for increased speed and availability. Roaming User
Profiles is used to redirect a user profile to a network location. These features used to be referred to as
Intellimirror.
Folder Redirection enables users and administrators to redirect the path of a known folder to a new location,
manually or by using Group Policy. The new location can be a folder on the local computer or a directory on a
file share. Users interact with files in the redirected folder as if it still existed on the local drive. For example, you
can redirect the Documents folder, which is usually stored on a local drive, to a network location. The files in the
folder are then available to the user from any computer on the network.
Offline Files makes network files available to a user, even if the network connection to the server is
unavailable or slow. When working online, file access performance is at the speed of the network and server.
When working offline, files are retrieved from the Offline Files folder at local access speeds. A computer
switches to Offline Mode when:
Always Offline mode has been enabled
The server is unavailable
The network connection is slower than a configurable threshold
The user manually switches to Offline Mode by using the Work offline button in Windows Explorer
Roaming User Profiles redirects user profiles to a file share so that users receive the same operating system
and application settings on multiple computers. When a user signs in to a computer by using an account that is
set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged
with the local profile (if present). When the user signs out of the computer, the local copy of their profile,
including any changes, is merged with the server copy of the profile. Typically, a network administrator enables
Roaming User Profiles on domain accounts.
Practical applications
Administrators can use Folder Redirection, Offline Files, and Roaming User Profiles to centralize storage for user
data and settings and to provide users with the ability to access their data while offline or in the event of a network
or server outage. Some specific applications include:
Centralize data from client computers for administrative tasks, such as using a server-based backup tool to
back up user folders and settings.
Enable users to continue accessing network files, even if there is a network or server outage.
Optimize bandwidth usage and enhance the experience of users in branch offices who access files and folders
that are hosted by corporate servers located offsite.
Enable mobile users to access network files while working offline or over slow networks.
Always Offline mode New Provides faster access to files and lower
bandwidth usage by always working
offline, even when connected through a
high-speed network connection.
Cost-aware synchronization New Helps users avoid high data usage costs
from synchronization while using
metered connections that have usage
limits, or while roaming on another
provider's network.
Primary Computer support New Enables you to limit the use of Folder
Redirection, Roaming User Profiles, or
both to only a user's primary
computers.
Cost-aware synchronization
With cost-aware synchronization, Windows disables background synchronization when the user is using a
metered network connection, such as a 4G mobile network, and the subscriber is near or over their bandwidth
limit, or roaming on another provider's network.
NOTE
Metered network connections usually have round-trip network latencies that are slower than the default 35 millisecond
latency value for transitioning to Offline (Slow Connection) mode in Windows 8, Windows Server 2019, Windows Server
2016, and Windows Server 2012. Therefore, these connections usually transition to Offline (Slow Connection) mode
automatically.
Hardware requirements
Folder Redirection, Offline Files, and Roaming User Profiles require an x64-based or x86-based computer, and they
are not supported by Windows on ARM (WOA)-based computers.
Software requirements
To designate primary computers, your environment must meet the following requirements:
The Active Directory Domain Services (AD DS) schema must be updated to include Windows Server 2012
schema and conditions (installing a Windows Server 2012 or later domain controller automatically updates the
schema). For more information about upgrading the AD DS schema, see Upgrade Domain Controllers to
Windows Server 2016.
Client computers must run Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server
2016, Windows Server 2012 R2, or Windows Server 2012 and be joined to the Active Directory domain that
you are managing.
More information
For additional related information, see the following resources.
C O N T EN T T Y P E REF EREN C ES
Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016,
Windows Server (Semi-annual Channel), Windows Server 2012 R2, Windows Server 2012, Windows Server
2008 R2
This topic describes how to use Windows Server to deploy Roaming User Profiles to Windows client computers.
Roaming User Profiles redirects user profiles to a file share so that users receive the same operating system and
application settings on multiple computers.
For a list of recent changes to this topic, see the Change history section of this topic.
IMPORTANT
Due to the security changes made in MS16-072, we updated Step 4: Optionally create a GPO for Roaming User Profiles in
this topic so that Windows can properly apply the Roaming User Profiles policy (and not revert to local policies on affected
PCs).
IMPORTANT
User customizations to Start is lost after an OS in-place upgrade in the following configuration:
Users are configured for a roaming profile
Users are allowed to make changes to Start
As a result, the Start menu is reset to the default of the new OS version after the OS in-place upgrade. For workarounds, see
Appendix C: Working around reset Start menu layouts after upgrades.
Prerequisites
Hardware requirements
Roaming User Profiles requires an x64-based or x86-based computer; it isn't supported by Windows RT.
Software requirements
Roaming User Profiles has the following software requirements:
If you are deploying Roaming User Profiles with Folder Redirection in an environment with existing local
user profiles, deploy Folder Redirection before Roaming User Profiles to minimize the size of roaming
profiles. After the existing user folders have been successfully redirected, you can deploy Roaming User
Profiles.
To administer Roaming User Profiles, you must be signed in as a member of the Domain Administrators
security group, the Enterprise Administrators security group, or the Group Policy Creator Owners security
group.
Client computers must run Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows
Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.
Client computers must be joined to the Active Directory Domain Services (AD DS) that you are managing.
A computer must be available with Group Policy Management and Active Directory Administration Center
installed.
A file server must be available to host roaming user profiles.
If the file share uses DFS Namespaces, the DFS folders (links) must have a single target to prevent users
from making conflicting edits on different servers.
If the file share uses DFS Replication to replicate the contents with another server, users must be able to
access only the source server to prevent users from making conflicting edits on different servers.
If the file share is clustered, disable continuous availability on the file share to avoid performance issues.
To use primary computer support in Roaming User Profiles, there are additional client computer and Active
Directory schema requirements. For more information, see Deploy Primary Computers for Folder
Redirection and Roaming User Profiles.
The layout of a user's Start menu won't roam on Windows 10, Windows Server 2019, or Windows Server
2016 if they're using more than one PC, Remote Desktop Session Host, or Virtualized Desktop Infrastructure
(VDI) server. As a workaround, you can specify a Start layout as described in this topic. Or you can make use
of user profile disks, which properly roam Start menu settings when used with Remote Desktop Session
Host servers or VDI servers. For more info, see Easier User Data Management with User Profile Disks in
Windows Server 2012.
Considerations when using Roaming User Profiles on multiple versions of Windows
If you decide to use Roaming User Profiles across multiple versions of Windows, we recommend taking the
following actions:
Configure Windows to maintain separate profile versions for each operating system version. This helps prevent
undesirable and unpredictable issues such as profile corruption.
Use Folder Redirection to store user files such as documents and pictures outside of user profiles. This enables
the same files to be available to users across operating system versions. It also keeps profiles small and sign-ins
quick.
Allocate sufficient storage for Roaming User Profiles. If you support two operating system versions, profiles will
double in number (and thus total space consumed) because a separate profile is maintained for each operating
system version.
Don't use Roaming User Profiles across computers running Windows Vista/Windows Server 2008 and
Windows 7/Windows Server 2008 R2. Roaming between these operating system versions isn't supported due
to incompatibilities in their profile versions.
Inform your users that changes made on one operating system version won't roam to another operating
system version.
When moving your environment to a version of Windows that uses a different profile version (such as from
Windows 10 to Windows 10, version 1607—see Appendix B: Profile version reference information for a list),
users receive a new, empty roaming user profile. You can minimize the impact of getting a new profile by using
Folder Redirection to redirect common folders. There isn't a supported method of migrating roaming user
profiles from one profile version to another.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters\UseProfilePathExtensionVersion
WARNING
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should
back up any valued data on the computer.
NOTE
Some functionality might differ or be unavailable depending on the version of Windows Server you're using.
TIP
When creating the share, hide the share by putting a $ after the share name. This hides the share from casual
browsers.
6. On the Other Settings page, clear the Enable continuous availability checkbox, if present, and
optionally select the Enable access-based enumeration and Encr ypt data access checkboxes.
7. On the Permissions page, select Customize permissions… . The Advanced Security Settings dialog box
appears.
8. Select Disable inheritance , and then select Conver t inherited permissions into explicit permission
on this object .
9. Set the permissions as described in Required permissions for the file share hosting roaming user profiles
and shown in the following screen shot, removing permissions for unlisted groups and accounts, and
adding special permissions to the Roaming User Profiles Users and Computers group that you created in
Step 1.
Figure 1 Setting the permissions for the roaming user profiles share
10. If you chose the SMB Share - Advanced profile, on the Management Proper ties page, select the User
Files Folder Usage value.
11. If you chose the SMB Share - Advanced profile, on the Quota page, optionally select a quota to apply to
users of the share.
12. On the Confirmation page, select Create.
Required permissions for the file share hosting roaming user profiles
USER A C C O UN T A C C ESS A P P L IES TO
Security group of users needing to put List folder / read data (Advanced This folder only
data on share (Roaming User Profiles permissions)
Users and Computers) Create folders / append data (Advanced
permissions)
IMPORTANT
Due to the security changes made in MS16-072A, you now must give the Authenticated Users group delegated Read
permissions to the GPO - otherwise the GPO won't get applied to users, or if it's already applied, the GPO is removed,
redirecting user profiles back to the local PC. For more info, see Deploying Group Policy Security Update MS16-072.
NOTE
If you set up Roaming User Profiles on user accounts by using Active Directory and on computers by using Group Policy, the
computer-based policy setting takes precedence.
To specify a mandatory roaming user profile, specify the path to the NTuser.man file that you created
previously, for example, fs1.corp.contoso.comUser Profiles$default . For more information, see Create
mandatory user profiles.
4. Select OK .
NOTE
By default, deployment of all Windows® Runtime-based (Windows Store) apps is allowed when using Roaming User
Profiles. However, when using a special profile, apps are not deployed by default. Special profiles are user profiles where
changes are discarded after the user signs out:
To remove restrictions on app deployment for special profiles, enable the Allow deployment operations in special
profiles policy setting (located in Computer Configuration\Policies\Administrative Templates\Windows Components\App
Package Deployment). However, deployed apps in this scenario will leave some data stored on the computer, which could
accumulate, for example, if there are hundreds of users of a single computer. To clean up apps, locate or develop a tool that
uses the CleanupPackageForUserAsync API to clean up app packages for users who no longer have a profile on the
computer.
For additional background information about Windows Store apps, see Manage Client Access to the Windows Store.
NOTE
If you set up Roaming User Profiles on computers by using Group Policy and on user accounts by using Active Directory, the
computer-based policy setting takes precedence.
To specify a mandatory roaming user profile, which is a preconfigured profile to which users cannot make
permanent changes (changes are reset when the user signs out), specify the path to the NTuser.man file that
you created previously, for example, \\fs1.corp.contoso.com\User Profiles$\default . For more information,
see Creating a Mandatory User Profile.
8. Select OK .
A C T IO N UP DAT E
Hive HKEY_LOCAL_MACHINE
Base Decimal
5. (Optional) Enable first-time logon optimizations to make signing in faster for users. To do so, see Apply policies
to improve sign-in time.
6. (Optional) Further decrease sign-in times by removing unnecessary apps from the Windows 10 base image
you use to deploy client PCs. Windows Server 2019 and Windows Server 2016 don't have any pre-provisioned
apps, so you can skip this step on server images.
To remove apps, use the Remove-AppxProvisionedPackage cmdlet in Windows PowerShell to
uninstall the following applications. If your PCs are already deployed you can script the removal of
these apps using the Remove-AppxPackage.
Microsoft.windowscommunicationsapps_8wekyb3d8bbwe
Microsoft.BingWeather_8wekyb3d8bbwe
Microsoft.DesktopAppInstaller_8wekyb3d8bbwe
Microsoft.Getstarted_8wekyb3d8bbwe
Microsoft.Windows.Photos_8wekyb3d8bbwe
Microsoft.WindowsCamera_8wekyb3d8bbwe
Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe
Microsoft.WindowsStore_8wekyb3d8bbwe
Microsoft.XboxApp_8wekyb3d8bbwe
Microsoft.XboxIdentityProvider_8wekyb3d8bbwe
Microsoft.ZuneMusic_8wekyb3d8bbwe
NOTE
Uninstalling these apps decreases sign-in times, but you can leave them installed if your deployment needs any of them.
TIP
If you plan to implement primary computer support, do so now, before you enable the GPO. This prevents user data from
being copied to non-primary computers before primary computer support is enabled. For the specific policy settings, see
Deploy Primary Computers for Folder Redirection and Roaming User Profiles.
GpUpdate /Force
3. To confirm that the user profile is roaming, open Control Panel , select System and Security , select
System , select Advanced System Settings , select Settings in the User Profiles section and then look for
Roaming in the Type column.
☐ 1. Prepare domain
☐ - Join computers to domain
☐ - Enable the use of separate profile versions
☐ - Create user accounts
☐ - (Optional) Deploy Folder Redirection
Windows 10 \\<servername>\<fileshare>\<username>.V5
NOTE
Importing a StartLayout modifies the Default User profile. All user profiles created after the import has
occurred will get the imported Start-Layout.
IT Admins can opt to manage Start's Layout with Group Policy. Using Group Policy provides a centralized
management solution to apply a standardized Start Layout to users. There are 2 modes to modes to using
Group Policy for Start management. Full Lockdown and Partial Lockdown. The full lockdown scenario
prevents the user from making any changes to Start's layout. The partial lockdown scenario allows user to
make changes to a specific area of Start. For more info, see Customize and export Start layout.
NOTE
User made changes in the partial lockdown scenario will still be lost during upgrade.
Let the Start layout reset occur and allow end users to reconfigure Start. A notification email or other
notification can be sent to end users to expect their Start layouts to be reset after the OS upgrade to
minimized impact.
Change history
The following table summarizes some of the most important changes to this topic.
April 10th, 2018 Added discussion of when user Callout known issue.
customizations to Start are lost after an
OS in-place upgrade
March 13th, 2018 Updated for Windows Server 2016 Moved out of Previous Versions library
and updated for current version of
Windows Server.
April 13th, 2017 Added profile information for Windows Customer feedback.
10, version 1703, and clarified how
roaming profile versions work when
upgrading operating systems—see
Considerations when using Roaming
User Profiles on multiple versions of
Windows.
March 14th, 2017 Added optional step for specifying a Feature changes in latest Windows
mandatory Start layout for Windows 10 update.
PCs in Appendix A: Checklist for
deploying Roaming User Profiles.
January 23rd, 2017 Added a step to Step 4: Optionally Security changes to Group Policy
create a GPO for Roaming User Profiles processing.
to delegate Read permissions to
Authenticated Users, which is now
required because of a Group Policy
security update.
December 29th, 2016 Added a link in Step 8: Enable the Customer feedback.
Roaming User Profiles GPO to make it
easier to get info on how to set Group
Policy for primary computers. Also fixed
a couple references to steps 5 and 6
that had the numbers wrong.
December 5th, 2016 Added info explaining a Start menu Customer feedback.
settings roaming issue.
DAT E DESC RIP T IO N REA SO N
July 6th, 2016 Added Windows 10 profile version Updates for the new versions of
suffixes in Appendix B: Profile version Windows, and removed info about
reference information. Also removed versions of Windows that are no longer
Windows XP and Windows Server 2003 supported.
from the list of supported operating
systems.
July 7th, 2015 Added requirement and step to disable Clustered file shares have better
continuous availability when using a performance for small writes (which are
clustered file server. typical with roaming user profiles) when
continuous availability is disabled.
March 19th, 2014 Capitalized profile version suffixes (.V2, Although Windows is case insensitive, if
.V3, .V4) in Appendix B: Profile version you use NFS with the file share, it's
reference information. important to have the correct
(uppercase) capitalization for the profile
suffix.
October 9th, 2013 Revised for Windows Server 2012 R2 Updates for new version; customer
and Windows 8.1, clarified a few things, feedback.
and added the Considerations when
using Roaming User Profiles on multiple
versions of Windows and Appendix B:
Profile version reference information
sections.
More information
Deploy Folder Redirection, Offline Files, and Roaming User Profiles
Deploy Primary Computers for Folder Redirection and Roaming User Profiles
Implementing User State Management
Microsoft's Support Statement Around Replicated User Profile Data
Sideload Apps with DISM
Troubleshooting packaging, deployment, and query of Windows Runtime-based apps
Deploy Folder Redirection with Offline Files
8/18/2020 • 10 minutes to read • Edit Online
Applies to: Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows Server 2019,
Windows Server 2016, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008 R2, Windows
Server (Semi-annual Channel)
This topic describes how to use Windows Server to deploy Folder Redirection with Offline Files to Windows client
computers.
For a list of recent changes to this topic, see Change history.
IMPORTANT
Due to the security changes made in MS16-072, we updated Step 3: Create a GPO for Folder Redirection of this topic so
that Windows can properly apply the Folder Redirection policy (and not revert redirected folders on affected PCs).
Prerequisites
Hardware requirements
Folder Redirection requires an x64-based or x86-based computer; it is not supported by Windows® RT.
Software requirements
Folder Redirection has the following software requirements:
To administer Folder Redirection, you must be signed in as a member of the Domain Administrators security
group, the Enterprise Administrators security group, or the Group Policy Creator Owners security group.
Client computers must run Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2019,
Windows Server 2016, Windows Server (Semi-annual Channel), Windows Server 2012 R2, Windows Server
2012, Windows Server 2008 R2, or Windows Server 2008.
Client computers must be joined to the Active Directory Domain Services (AD DS) that you are managing.
A computer must be available with Group Policy Management and Active Directory Administration Center
installed.
A file server must be available to host redirected folders.
If the file share uses DFS Namespaces, the DFS folders (links) must have a single target to prevent users
from making conflicting edits on different servers.
If the file share uses DFS Replication to replicate the contents with another server, users must be able to
access only the source server to prevent users from making conflicting edits on different servers.
When using a clustered file share, disable continuous availability on the file share to avoid performance
issues with Folder Redirection and Offline Files. Additionally, Offline Files might not transition to offline
mode for 3-6 minutes after a user loses access to a continuously available file share, which could
frustrate users who aren't yet using the Always Offline mode of Offline Files.
NOTE
Some newer features in Folder Redirection have additional client computer and Active Directory schema requirements. For
more info, see Deploy primary computers, Disable Offline Files on folders, Enable Always Offline mode, and Enable
optimized folder moving.
NOTE
Some functionality might differ or be unavailable if you create the file share on a server running another version of
Windows Server.
Here's how to create a file share on Windows Server 2019, Windows Server 2016, and Windows Server 2012:
1. In the Server Manager navigation pane, select File and Storage Ser vices , and then select Shares to
display the Shares page.
2. In the Shares tile, select Tasks , and then select New Share . The New Share Wizard appears.
3. On the Select Profile page, select SMB Share – Quick . If you have File Server Resource Manager
installed and are using folder management properties, instead select SMB Share - Advanced .
4. On the Share Location page, select the server and volume on which you want to create the share.
5. On the Share Name page, type a name for the share (for example, Users$ ) in the Share name box.
TIP
When creating the share, hide the share by putting a $ after the share name. This will hide the share from casual
browsers.
6. On the Other Settings page, clear the Enable continuous availability checkbox, if present, and optionally
select the Enable access-based enumeration and Encr ypt data access checkboxes.
7. On the Permissions page, select Customize permissions… . The Advanced Security Settings dialog box
appears.
8. Select Disable inheritance , and then select Conver t inherited permissions into explicit permission
on this object .
9. Set the permissions as described Table 1 and shown in Figure 1, removing permissions for unlisted groups
and accounts, and adding special permissions to the Folder Redirection Users group that you created in
Step 1.
Security group of users needing to put List folder / read data (Advanced This folder only
data on share (Folder Redirection permissions)
Users) Create folders / append data
(Advanced permissions)
Read attributes (Advanced
permissions)
Read extended attributes
(Advanced permissions)
Read permissions (Advanced
permissions)
IMPORTANT
Due to the security changes made in MS16-072, you now must give the Authenticated Users group delegated Read
permissions to the Folder Redirection GPO - otherwise the GPO won't get applied to users, or if it's already applied, the
GPO is removed, redirecting folders back to the local PC. For more info, see Deploying Group Policy Security Update MS16-
072.
Step 4: Configure folder redirection with Offline Files
After creating a GPO for Folder Redirection settings, edit the Group Policy settings to enable and configure Folder
Redirection, as discussed in the following procedure.
NOTE
Offline Files is enabled by default for redirected folders on Windows client computers, and disabled on computers running
Windows Server, unless changed by the user. To use Group Policy to control whether Offline Files is enabled, use the Allow
or disallow use of the Offline Files feature policy setting. For information about some of the other Offline Files Group
Policy settings, see Enable Advanced Offline Files Functionality, and Configuring Group Policy for Offline Files.
NOTE
To apply Folder Redirection to client computers running Windows XP or Windows Server 2003, select the Settings
tab and select the Also apply redirection policy to Windows 2000, Windows 2000 Ser ver, Windows XP,
and Windows Ser ver 2003 operating systems checkbox.
5. In the Target folder location section, select Create a folder for each user under the root path and
then in the Root Path box, type the path to the file share storing redirected folders, for example:
\\fs1.corp.contoso.com\users$
6. Select the Settings tab, and in the Policy Removal section, optionally select Redirect the folder back
to the local userprofile location when the policy is removed (this setting can help make Folder
Redirection behave more predictably for administrators and users).
7. Select OK , and then select Yes in the Warning dialog box.
TIP
If you plan to implement primary computer support or other policy settings, do so now, before you enable the GPO. This
prevents user data from being copied to non-primary computers before primary computer support is enabled.
gpupdate /force
☐ 1. Prepare domain
☐ - Join computers to domain
☐ - Create user accounts
Change history
The following table summarizes some of the most important changes to this topic.
January 18, 2017 Added a step to Step 3: Create a GPO Customer feedback
for Folder Redirection to delegate Read
permissions to Authenticated Users,
which is now required because of a
Group Policy security update.
More information
Folder Redirection, Offline Files, and Roaming User Profiles
Deploy Primary Computers for Folder Redirection and Roaming User Profiles
Enable Advanced Offline Files Functionality
Microsoft's Support Statement Around Replicated User Profile Data
Sideload Apps with DISM
Troubleshooting packaging, deployment, and query of Windows Runtime-based apps
Deploy primary computers for Folder Redirection
and Roaming User Profiles
8/18/2020 • 6 minutes to read • Edit Online
Applies to: Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows
Server 2012, Windows Server 2012 R2
This topic describes how to enable primary computer support and designate primary computers for users. Doing
so enables you to control which computers use Folder Redirection and Roaming User Profiles.
IMPORTANT
When enabling primary computer support for Roaming User Profiles, always enable primary computer support for Folder
Redirection as well. This keeps documents and other user files out of the user profiles, which helps profiles remain small and
sign on times stay fast.
Prerequisites
Software requirements
Primary computer support has the following requirements:
The Active Directory Domain Services (AD DS) schema must be updated to include Windows Server 2012
schema additions (installing a Windows Server 2012 domain controller automatically updates the schema).
For information about updating the AD DS schema, see Adprep.exe integration and Running Adprep.exe.
Client computers must run Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server
2016, Windows Server 2012 R2, or Windows Server 2012.
TIP
Although primary computer support requires Folder Redirection and/or Roaming User Profiles, if you are deploying these
technologies for the first time, it is best to set up primary computer support before enabling the GPOs that configure
Folder Redirection and Roaming User Profiles. This prevents user data from being copied to non-primary computers before
primary computer support is enabled. For configuration information, see Deploy Folder Redirection and Deploy Roaming
User Profiles.
TIP
To use Windows PowerShell to work with primary computers, see the blog post Digging a little deeper into Windows 8
Primary Computer.
Here's how to specify the primary computers for users:
1. Open Server Manager on a computer with Active Directory Administration Tools installed.
2. On the Tools menu, select Active Director y Administration Center . Active Directory Administration
Center appears.
3. Navigate to the Computers container in the appropriate domain.
4. Right-click a computer that you want to designate as a primary computer and then select Proper ties .
5. In the Navigation pane, select Extensions .
6. Select the Attribute Editor tab, scroll to distinguishedName , select View , right-click the value listed, select
Copy , select OK , and then select Cancel .
7. Navigate to the Users container in the appropriate domain, right-click the user to which you want to assign
the computer, and then select Proper ties .
8. In the Navigation pane, select Extensions .
9. Select the Attribute Editor tab, select msDs-Primar yComputer and then select Edit . The Multi-valued
String Editor dialog box appears.
10. Right-click the text box, select Paste , select Add , select OK , and then select OK again.
Gpupdate /force
NOTE
If folders were redirected on a computer before you enabled primary computer support, the folders will remain redirected
unless the following setting is configured in each folder's folder redirection policy setting: Redirect the folder back to
the local userprofile location when the policy is removed . Similarly, profiles that were previously roaming on a
particular computer will show Roaming in the Type columns; however, the Status column will show Local.
More information
Deploy Folder Redirection with Offline Files
Deploy Roaming User Profiles
Folder Redirection, Offline Files, and Roaming User Profiles overview
Digging a little deeper into Windows 8 Primary Computer
Disable Offline Files on individual redirected folders
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows
Server 2012, Windows Server 2012 R2, Windows (Semi-annual Channel)
This topic describes how to disable Offline Files caching on individual folders that are redirected to network shares
by using Folder Redirection. This provides the ability to specify which folders to exclude from caching locally,
reducing the Offline Files cache size and time required to synchronize Offline Files.
NOTE
This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For
more information, see Windows PowerShell Basics.
Prerequisites
To disable Offline Files caching of specific redirected folders, your environment must meet the following
prerequisites.
An Active Directory Domain Services (AD DS) domain, with client computers joined to the domain. There are no
forest or domain functional-level requirements or schema requirements.
Client computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server
2016, Windows Server 2012 R2, Windows Server 2012 or Windows (Semi-annual Channel).
A computer with Group Policy Management installed.
NOTE
Only domain administrators, enterprise administrators, and members of the Group Policy creator owners group can create
GPOs.
New-GPO -Name "Offline Files Settings" | New-Gplink -Target "ou=MyOu,dc=contoso,dc=com" -LinkEnabled Yes
See the following table for a listing of registry key names (folder GUIDs) to use for each redirected folder.
AppData(Roaming) {3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
Desktop {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
Documents {FDD39AD0-238F-46AF-ADB4-6C85480369C7}
Pictures {33E28130-4E1E-4676-835A-98395C3BC3BB}
Music {4BD8D571-6D19-48D3-BE97-422220080E43}
Videos {18989B1D-99B5-455B-841C-AB7C74E4DDFC}
Favorites {1777F761-68AD-4D8A-87BD-30B759FA33DD}
Contacts {56784854-C6CB-462b-8169-88E350ACB882}
Downloads {374DE290-123F-4565-9164-39C4925E467B}
Links {BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}
Searches {7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}
More information
Folder Redirection, Offline Files, and Roaming User Profiles overview
Deploy Folder Redirection with Offline Files
Enable Always Offline mode for faster access to files
8/18/2020 • 2 minutes to read • Edit Online
Applies to: Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows
Server 2012, Windows Server 2012 R2, and Windows (Semi-annual Channel)
This document describes how to use the Always Offline mode of Offline Files to provide faster access to cached
files and redirected folders. Always Offline also provides lower bandwidth usage because users are always
working offline, even when they are connected through a high-speed network connection.
Prerequisites
To enable Always Offline mode, your environment must meet the following prerequisites.
An Active Directory Domain Services (AD DS) domain with client computers joined to the domain. There are no
forest or domain functional-level requirements or schema requirements.
Client computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server
2012 R2, or Windows Server 2012. (Client computers running earlier versions of Windows might continue to
transition to Online mode on very high-speed network connections.)
A computer with Group Policy Management installed.
NOTE
Computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008 might continue to
transition to the Online mode if the latency of the network connection drops below one millisecond.
More information
Folder Redirection, Offline Files, and Roaming User Profiles overview
Deploy Folder Redirection with Offline Files
Enable optimized moves of redirected folders
8/18/2020 • 4 minutes to read • Edit Online
Applies to: Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, Windows Server (Semi-annual Channel)
This topic describes how to perform an optimized move of redirected folders (Folder Redirection) to a new file
share. If you enable this policy setting, when an administrator moves the file share hosting redirected folders and
updates the target path of the redirected folders in Group Policy, the cached content is simply renamed in the local
Offline Files cache without any delays or potential data loss for the user.
Previously, administrators could change the target path of the redirected folders in Group Policy and let the client
computers copy the files at the affected user's next sign in, causing a delayed sign in. Alternatively, administrators
could move the file share and update the target path of the redirected folders in Group Policy. However, any
changes made locally on the client computers between the start of the move and the first sync after the move
would be lost.
Prerequisites
Optimized move has the following requirements:
Folder Redirection must be setup. For more information see Deploy Folder Redirection with Offline Files.
Client computers must run Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server
2016, Windows Server 2012 R2, Windows Server 2012 or Windows Server (Semi-annual Channel).
1. Notify users in advance that the server hosting their redirected folders will change and recommend that
they perform the following actions:
Synchronize the contents of their Offline Files cache and resolve any conflicts.
Open an elevated command prompt, enter GpUpdate /Target:User /Force , and then sign out and
sign back in to ensure that the latest Group Policy settings are applied to the client computer
NOTE
By default, client computers update Group Policy every 90 minutes, so if you allow sufficient time for client
computers to receive updated policy, you do not need to ask users to use GpUpdate .
2. Remove the file share from the server to ensure that no files in the file share are in use. To do so in Server
Manager, on the Shares page of File and Storage Services, right-click the appropriate file share, then select
Remove .
Users will work offline using Offline Files until the move is complete and they receive the updated Folder
Redirection settings from Group Policy.
3. Using an account with backup privileges, move the contents of the file share to the new location using a
method that preserves file timestamps, such as a backup and restore utility. To use the Robocopy
command, open an elevated command prompt, and then type the following command, where <Source> is
the current location of the file share, and <Destination> is the new location:
NOTE
The Xcopy command does not preserve all of the file state.
4. Edit the Folder Redirection policy settings, updating the target folder location for each redirected folder that
you want to relocate. For more information, see Step 4 of Deploy Folder Redirection with Offline Files.
5. Notify users that the server hosting their redirected folders has changed, and that they should use the
GpUpdate /Target:User /Force command, and then sign out and sign back in to get the updated
configuration and resume proper file synchronization.
Users should sign on to all machines at least once to ensure that the data gets properly relocated in each
Offline Files cache.
More information
Deploy Folder Redirection with Offline Files
Deploy Roaming User Profiles
Folder Redirection, Offline Files, and Roaming User Profiles overview
Troubleshoot user profiles with events
8/18/2020 • 4 minutes to read • Edit Online
Applies to: Windows 10, Windows 8, Windows 8.1, Windows Server 2019, Windows Server 2016, Windows
Server 2012 R2, Windows Server 2012, and Windows Server (Semi-annual Channel).
This topic discusses how to troubleshoot problems loading and unloading user profiles by using events and trace
logs. The following sections describe how to use the three event logs that record user profile information.
NOTE
You can safely ignore User Profile Service event 1530 "Windows detected your registry file is still in use by other applications
or services."
Step 2: View the Operational log for the User Profile Service
If you cannot resolve the issue using the Application log alone, use the following procedure to view User Profile
Service events in the Operational log. This log shows some of the inner workings of the service, and can help
pinpoint where in the profile load or unload process the problem is occurring.
Both the Windows Application log and the User Profile Service Operational log are enabled by default in all
Windows installations.
Here's how to view the Operational log for the User Profile Service:
1. In the Event Viewer console tree, navigate to Applications and Ser vices Logs , then Microsoft , then
Windows , then User Profile Ser vice , and then Operational .
2. Examine the events that occurred around the time of the Error or Warning events that you noted in the
Application log.
Step 3: Enable and view analytic and debug logs
If you require more detail than the Operational log provides, you can enable analytic and debug logs on the
affected computer. This level of logging is much more detailed and should be disabled except when trying to
troubleshoot an issue.
Here's how to enable and view analytic and debug logs:
1. In the Actions pane of Event Viewer, select View , and then select Show Analytic and Debug Logs .
2. Navigate to Applications and Ser vices Logs , then Microsoft , then Windows , then User Profile Ser vice ,
and then Diagnostic .
3. Select Enable Log and then select Yes . This enables the Diagnostic log, which will start logging.
4. If you require even more detailed information, see Step 4: Creating and decoding a trace for more information
about how to create a trace log.
5. When you are finished troubleshooting the issue, navigate to the Diagnostic log, select Disable Log , select
View and then clear the Show Analytic and Debug Logs checkbox to hide analytic and debug logging.
3. From the Start screen, select the user name, and then select Switch account , being careful not to log off the
administrator. If you are using Remote Desktop, close the Administrator session to establish the user session.
4. Reproduce the problem. The procedure to reproduce the problem is typically to sign on as the user
experiencing the issue, sign the user off, or both.
5. After reproducing the problem, sign on as the local administrator again.
6. From an elevated command prompt run the following command to save the log into an ETL file:
7. Type the following command to export the ETL file into a human-readable file in the current directory (likely
your home folder or the %WINDIR%\System32 folder):
Tracerpt <path>\RUP.etl
8. Open the Summar y.txt file and Dumpfile.xml file (you can open them in Microsoft Excel to more easily
view the complete details of the log). Look for events that include fail or failed ; you can safely ignore lines
that include the Unknown event name.
More information
Deploy Roaming User Profiles
iSCSI Target Server overview
8/18/2020 • 2 minutes to read • Edit Online
Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
This topic provides a brief overview of iSCSI Target Server, a role service in Windows Server that enables you to
make storage available via the iSCSI protocol. This is useful for providing access to storage on your Windows
server for clients that can't communicate over the native Windows file sharing protocol, SMB.
iSCSI Target Server is ideal for the following:
Network and diskless boot By using boot-capable network adapters or a software loader, you can
deploy hundreds of diskless servers. With iSCSI Target Server, the deployment is fast. In Microsoft internal
testing, 256 computers deployed in 34 minutes. By using differencing virtual hard disks, you can save up to
90% of the storage space that was used for operating system images. This is ideal for large deployments of
identical operating system images, such as on virtual machines running Hyper-V or in high-performance
computing (HPC) clusters.
Ser ver application storage Some applications require block storage. iSCSI Target Server can provide
these applications with continuously available block storage. Because the storage is remotely accessible, it
can also consolidate block storage for central or branch office locations.
Heterogeneous storage iSCSI Target Server supports non-Microsoft iSCSI initiators, making it easy to
share storage on servers in a mixed software environment.
Development, test, demonstration, and lab environments When iSCSI Target Server is enabled, a
computer running the Windows Server operating system becomes a network-accessible block storage
device. This is useful for testing applications prior to deployment in a storage area network (SAN).
See Also
iSCSI Target Block Storage, How To What's New in iSCSI Target Server in Windows Server
iSCSI Target Server Scalability Limits
8/18/2020 • 5 minutes to read • Edit Online
Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
This topic provides the supported and tested Microsoft iSCSI Target Server limits on Windows Server. The following
tables display the tested support limits and, where applicable, whether the limits are enforced.
General limits
IT EM SUP P O RT L IM IT EN F O RC ED? C O M M EN T
MPIO paths 4 No
Network limits
IT EM SUP P O RT L IM IT EN F O RC ED? C O M M EN T
Logical Unit cloning Not supported N/A You can rapidly clone
disk data by using
differencing VHDs.
Snapshot limits
IT EM SUP P O RT L IM IT C O M M EN T
We've also tested the following iSCSI initiators performing a diskless boot from virtual disks hosted by iSCSI Target
Server:
Windows Server 2012 R2
Windows Server 2012
PCIe NIC with iPXE
CD or USB disk with iPXE
Additional References
The following list provides additional resources about iSCSI Target Server and related technologies.
iSCSI Target Block Storage Overview
iSCSI Target Boot Overview
Storage in Windows Server
iSCSI target boot overview
8/18/2020 • 2 minutes to read • Edit Online
iSCSI Target Server in Windows Server can boot hundreds of computers from a single operating system image that
is stored in a centralized location. This improves efficiency, manageability, availability, and security.
Feature description
By using differencing virtual hard disks (VHDs), you can use a single operating system image (the "master image")
to boot up to 256 computers. As an example, let's assume that you deployed Windows Server with an operating
system image of approximately 20 GB, and you used two mirrored disk drives to act as the boot volume. You would
have needed approximately 10 TB of storage for only the operating system image to boot 256 computers. With
iSCSI Target Server, you will use 40 GB for the operating system base image, and 2 GB for differencing virtual hard
disks per server instance, totaling 552 GB for the operating system images. This provides a savings of over 90% on
storage for the operating system images alone.
Practical applications
Using a controlled operating system image provides the following benefits:
More secure and easier to manage. Some enterprises require that data be secured by physically locking
storage in a centralized location. In this scenario, servers access the data remotely, including the operating system
image. With iSCSI Target Server, administrators can centrally manage the operating system boot images, and
control which applications to use for the master image.
Rapid deployment. Because the master image is prepared by using Sysprep, when computers boot from the
master image, they skip the file copying and installation phase that occurs during Windows Setup, and they go
straight to the customization phase. In Microsoft internal testing, 256 computers were deployed in 34 minutes.
Fast recover y. Because the operating system images are hosted on the computer running iSCSI Target Server, if a
diskless client needs to be replaced, the new computer can point to the operating system image, and boot up
immediately.
NOTE
Various vendors provide a storage area network (SAN) boot solution, which can be used by the iSCSI Target Server in
Windows Server on commodity hardware.
Hardware requirements
iSCSI Target Server does not require special hardware for functional verification. In data centers with large-scale
deployments, the design should be validated against specific hardware. For reference, Microsoft internal testing
indicated that a 256 computer deployment required 24x15k-RPM disks in a RAID 10 configuration for storage. A
network bandwidth of 10 GB is optimal. A general estimate is 60 iSCSI boot servers per 1 GB network adapter.
A network adapter is not required for this scenario, and a software boot loader can be used (such as iPXE open
source boot firmware).
Software requirements
iSCSI Target Server can be installed as part of the File and iSCSI Services role service in Server Manager.
NOTE
Booting Nano Server from iSCSI (either from the Windows iSCSI Target Server, or a 3rd party target implementation) is not
supported.
Additional References
iSCSI Target Server
iSCSI initiator cmdlets
iSCSI Target Server cmdlets
Resilient File System (ReFS) overview
8/18/2020 • 6 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server (Semi-Annual Channel)
The Resilient File System (ReFS) is Microsoft's newest file system, designed to maximize data availability, scale
efficiently to large data sets across diverse workloads, and provide data integrity by means of resiliency to
corruption. It seeks to address an expanding set of storage scenarios and establish a foundation for future
innovations.
Key benefits
Resiliency
ReFS introduces new features that can precisely detect corruptions and also fix those corruptions while remaining
online, helping provide increased integrity and availability for your data:
Integrity-streams - ReFS uses checksums for metadata and optionally for file data, giving ReFS the ability to
reliably detect corruptions.
Storage Spaces integration - When used in conjunction with a mirror or parity space, ReFS can
automatically repair detected corruptions using the alternate copy of the data provided by Storage Spaces.
Repair processes are both localized to the area of corruption and performed online, requiring no volume
downtime.
Salvaging data - If a volume becomes corrupted and an alternate copy of the corrupted data doesn't exist,
ReFS removes the corrupt data from the namespace. ReFS keeps the volume online while it handles most non-
correctable corruptions, but there are rare cases that require ReFS to take the volume offline.
Proactive error correction - In addition to validating data before reads and writes, ReFS introduces a data
integrity scanner, known as a scrubber. This scrubber periodically scans the volume, identifying latent
corruptions and proactively triggering a repair of corrupt data.
Performance
In addition to providing resiliency improvements, ReFS introduces new features for performance-sensitive and
virtualized workloads. Real-time tier optimization, block cloning, and sparse VDL are good examples of the
evolving capabilities of ReFS, which are designed to support dynamic and diverse workloads:
Mirror-accelerated parity - Mirror-accelerated parity delivers both high performance and also capacity
efficient storage for your data.
To deliver both high performance and capacity efficient storage, ReFS divides a volume into two
logical storage groups, known as tiers. These tiers can have their own drive and resiliency types,
allowing each tier to optimize for either performance or capacity. Some example configurations
include:
Once these tiers are configured, ReFS use them to deliver fast storage for hot data and capacity-
efficient storage for cold data:
All writes will occur in the performance tier, and large chunks of data that remain in the
performance tier will be efficiently moved to the capacity tier in real-time.
If using a hybrid deployment (mixing flash and HDD drives), the cache in Storage Spaces Direct
helps accelerate reads, reducing the effect of data fragmentation characteristic of virtualized
workloads. Otherwise, if using an all-flash deployment, reads also occur in the performance tier.
NOTE
For Server deployments, mirror-accelerated parity is only supported on Storage Spaces Direct. We recommend using mirror-
accelerated parity with archival and backup workloads only. For virtualized and other high performance random workloads,
we recommend using three-way mirrors for better performance.
Accelerated VM operations - ReFS introduces new functionality specifically targeted to improve the
performance of virtualized workloads:
Block cloning - Block cloning accelerates copy operations, enabling quick, low-impact VM checkpoint
merge operations.
Sparse VDL - Sparse VDL allows ReFS to zero files rapidly, reducing the time needed to create fixed
VHDs from 10s of minutes to mere seconds.
Variable cluster sizes - ReFS supports both 4K and 64K cluster sizes. 4K is the recommended cluster size
for most deployments, but 64K clusters are appropriate for large, sequential IO workloads.
Scalability
ReFS is designed to support extremely large data sets--millions of terabytes--without negatively impacting
performance, achieving greater scale than prior file systems.
Supported deployments
Microsoft has developed NTFS specifically for general-purpose use with a wide range of configurations and
workloads, however for customers specially requiring the availability, resiliency, and/or scale that ReFS provides,
Microsoft supports ReFS for use under the following configurations and scenarios.
NOTE
All ReFS supported configurations must use Windows Server Catalog certified hardware and meet application requirements.
NOTE
Storage Spaces supports local non-removable direct-attached via BusTypes SATA, SAS, NVME, or attached via HBA (aka
RAID controller in pass-through mode).
Basic disks
Deploying ReFS on basic disks is best suited for applications that implement their own software resiliency and
availability solutions.
Applications that introduce their own resiliency and availability software solutions can leverage integrity-
streams, block-cloning, and the ability to scale and support large data sets.
NOTE
Basic disks include local non-removable direct-attached via BusTypes SATA, SAS, NVME, or RAID. Basic disks do not include
Storage Spaces.
Backup target
Deploying ReFS as a backup target is best suited for applications and hardware that implement their own
resiliency and availability solutions.
Applications that introduce their own resiliency and availability software solutions can leverage integrity-
streams, block-cloning, and the ability to scale and support large data sets.
NOTE
Backup targets include the above supported configurations. Please contact application and storage array vendors for
support details on Fiber Channel and iSCSI SANs. For SANs, if features such as thin provisioning, TRIM/UNMAP, or
Offloaded Data Transfer (ODX) are required, NTFS must be used.
Feature comparison
Limits
F EAT URE REF S NT FS
Maximum file name length 255 Unicode characters 255 Unicode characters
Maximum path name length 32K Unicode characters 32K Unicode characters
F UN C T IO N A L IT Y REF S NT FS
F UN C T IO N A L IT Y REF S NT FS
F UN C T IO N A L IT Y REF S NT FS
Transactions No Yes
Bootable No Yes
Additional References
Cluster size recommendations for ReFS and NTFS
Storage Spaces Direct overview
ReFS block cloning
ReFS integrity streams
Troubleshoot ReFS with ReFSUtil
Mirror-accelerated parity
8/18/2020 • 7 minutes to read • Edit Online
Storage Spaces can provide fault tolerance for data using two fundamental techniques: mirror and parity. In
Storage Spaces Direct, ReFS introduces mirror-accelerated parity, which enables you to create volumes that use
both mirror and parity resiliencies. Mirror-accelerated parity offers inexpensive, space-efficient storage without
sacrificing performance.
Background
Mirror and parity resiliency schemes have fundamentally different storage and performance characteristics:
Mirror resiliency allows users to attain fast write performance, but replicating the data for each copy isn't space
efficient.
Parity, on the other hand, must re-compute parity for every write, causing random write performance to suffer.
Parity does, however, allow users to store their data with greater space efficiency. For more info, see Storage
Spaces fault tolerance.
Thus, mirror is predisposed to deliver performance-sensitive storage while parity offers improved storage capacity
utilization. In mirror-accelerated parity, ReFS leverages the benefits of each resiliency type to deliver both capacity-
efficient and performance-sensitive storage by combining both resiliency schemes within a single volume.
IO on mirror-accelerated parity
IO behavior
Writes: ReFS services incoming writes in three distinct ways:
1. Writes to Mirror :
1a. If the incoming write modifies existing data in mirror, ReFS will modify the data in place.
1b. If the incoming write is a new write, and ReFS can successfully find enough free space in mirror to
service this write, ReFS will write to mirror.
Reads: ReFS will read directly from the tier containing the relevant data. If parity is constructed with HDDs, the
cache in Storage Spaces Direct will cache this data to accelerate future reads.
NOTE
Reads never cause ReFS to rotate data back into the mirror tier.
IO performance
Writes: Each type of write described above has its own performance characteristics. Roughly speaking, writes to
the mirror tier are much faster than reallocated writes, and reallocated writes are significantly faster than writes
made directly to the parity tier. This relationship is illustrated by the inequality below:
Mirror Tier > Reallocated Writes >> Parity Tier
Reads: There is no meaningful, negative performance impact when reading from parity:
If mirror and parity are constructed with the same media type, read performance will be equivalent.
If mirror and parity are constructed with different media types—Mirrored SSDs, Parity HDDs, for example—the
cache in Storage Spaces Direct will help cache hot data to accelerate any reads from parity.
ReFS compaction
In this Fall's semi-annual release, ReFS introduces compaction, which substantially improves performance for
mirror-accelerated parity volumes that are 90+% full.
Background: Previously, as mirror-accelerated parity volumes became full, the performance of these volumes
could degrade. The performance degrades because hot and cold data become mixed throughout the volume
overtime. This means less hot data can be stored in mirror since cold data occupies space in mirror that could
otherwise be used by hot data. Storing hot data in mirror is critical to maintaining high performance because
writes directly to mirror are much faster than reallocated writes and orders of magnitude faster than writes directly
to parity. Thus, having cold data in mirror is bad for performance, as it reduces the likelihood that ReFS can make
writes directly to mirror.
ReFS compaction addresses these performance issues by freeing up space in mirror for hot data. Compaction first
consolidates all data—from both mirror and parity—into parity. This reduces fragmentation within the volume and
increases the amount of addressable space in mirror. More importantly, this process enables ReFS to consolidate
hot data back into mirror:
When new writes come in, they will be serviced in mirror. Thus, newly written, hot data resides in mirror.
When a modifying write is made to data in parity, ReFS makes a reallocated write, so this write is serviced in
mirror as well. Consequently, hot data that was moved into parity during compaction will be reallocated back
into mirror.
Performance optimizations
IMPORTANT
We recommend placing write-heavy VHDs in different subdirectories. This is because ReFS writes metadata changes at the
level of a directory and its files. So if you distribute write-heavy files across directories, metadata operations are smaller and
run in parallel, reducing latency for apps.
Performance counters
ReFS maintains performance counters to help evaluate the performance of mirror-accelerated parity.
As described above in the Write to Parity section, ReFS will write directly to parity when it can't find free
space in mirror. Generally, this occurs when the mirrored tier fills up faster than ReFS can rotate data to
parity. In other words, ReFS rotation is not able to keep up with the ingestion rate. The performance
counters below identify when ReFS writes directly to parity:
If these counters are non-zero, this indicates ReFS is not rotating data fast enough out of mirror. To help
alleviate this, one can either change the rotation aggressiveness or increase the size of the mirrored tier.
Rotation aggressiveness
ReFS begins rotating data once mirror has reached a specified capacity threshold.
Higher values of this rotation threshold cause ReFS to retain data in the mirror tier longer. Leaving hot data in
the mirror tier is optimal for performance, but ReFS will not be able to effectively service large amounts of
incoming IO.
Lower values enable ReFS to proactively destage data and better ingest incoming IO. This is applicable to ingest-
heavy workloads, such as archival storage. Lower values, however, could degrade performance for general
purpose workloads. Unnecessarily rotating data out of the mirror tier carries a performance penalty.
ReFS introduces a tunable parameter to adjust this threshold, which is configurable using a registry key. This
registry key must be configured on each node in a Storage Spaces Direct deployment , and a restart is
required for any changes to take effect.
Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies
ValueName (DWORD): DataDestageSsdFillRatioThreshold
ValueType: Percentage
If this registry key is not set, ReFS will use a default value of 85%. This default value is recommended for most
deployments, and values below 50% are not recommended. The PowerShell command below demonstrates how
to set this registry key with a value of 75%:
To configure this registry key across each node in a Storage Spaces Direct deployment, you can use the PowerShell
command below:
TIP
Make sure to resize the Par tition and Volume after you resize the StorageTier . For more information and examples, see
Resize-Volumes.
Additional References
ReFS overview
ReFS block cloning
ReFS integrity streams
Storage Spaces Direct overview
Block cloning on ReFS
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
Block cloning instructs the file system to copy a range of file bytes on behalf of an application, where the
destination file may be the same as, or different from, the source file. Copy operations, unfortunately, are
expensive, since they trigger expensive read and writes to the underlying, physical data.
Block cloning in ReFS, however, performs copies as a low-cost metadata operation rather than reading from and
writing to file data. Because ReFS enables multiple files to share the same logical clusters (physical locations on a
volume), copy operations only need to remap a region of a file to a separate physical location, converting an
expensive, physical operation to a quick, logical one. This allows copies to complete faster and generate less I/O to
the underlying storage. This improvement also benefits virtualization workloads, as .vhdx checkpoint merge
operations are dramatically accelerated when using block clone operations. Additionally, because multiple files can
share the same logical clusters, identical data isn't physically stored multiple times, improving storage capacity.
How it works
Block cloning on ReFS converts a file data operation into a metadata operation. In order to make this optimization,
ReFS introduces reference counts into its metadata for copied regions. This reference count records the number of
distinct file regions that reference the same physical regions. This allows multiple files to share the same physical
data:
By keeping a reference count for each logical cluster, ReFS doesn't break the isolation between files: writes to
shared regions trigger an allocate-on-write mechanism, where ReFS allocates a new region for the incoming write.
This mechanism preserves the integrity of the shared logical clusters.
Example
Suppose there are two files, X and Y, where each file is composed of three regions, and each region maps to
separate logical clusters.
Now suppose an application issues a block clone operation from File X to File Y, for regions A and B to be copied at
the offset of region E. The following file system state would result:
This file system state reveals a successful duplication of the block cloned region. Because ReFS performs this copy
operation by only updating VCN to LCN mappings, no physical data was read, nor was the physical data in File Y
overwritten. File X and Y now share logical clusters, reflected by the reference counts in the table. Because no data
was physically copied, ReFS reduces capacity consumption on the volume.
Now suppose the application attempts to overwrite region A in File X. ReFS will duplicate the shared region,
update the reference counts appropriately, and perform the incoming write to the newly duplicated region. This
ensures that isolation between the files is preserved.
After the modifying write, region B is still shared by both files. Note that if region A were larger than a cluster, only
the modified cluster would have been duplicated, and the remaining portion would have remained shared.
Additional References
ReFS overview
ReFS integrity streams
Storage Spaces Direct overview
DUPLICATE_EXTENTS_DATA
FSCTL_DUPLICATE_EXTENTS_TO_FILE
ReFS integrity streams
8/18/2020 • 3 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server (Semi-Annual Channel), Windows 10
Integrity streams is an optional feature in ReFS that validates and maintains data integrity using checksums. While
ReFS always uses checksums for metadata, ReFS doesn't, by default, generate or validate checksums for file data.
Integrity streams is an optional feature that allows users to utilize checksums for file data. When integrity streams
are enabled, ReFS can clearly determine if data is valid or corrupt. Additionally, ReFS and Storage Spaces can jointly
correct corrupt metadata and data automatically.
How it works
Integrity streams can be enabled for individual files, directories, or the entire volume, and integrity stream settings
can be toggled at any time. Additionally, integrity stream settings for files and directories are inherited from their
parent directories.
Once integrity streams is enabled, ReFS will create and maintain a checksum for the specified file(s) in that file's
metadata. This checksum allows ReFS to validate the integrity of the data before accessing it. Before returning any
data that has integrity streams enabled, ReFS will first calculate its checksum:
Then, this checksum is compared to the checksum contained in the file metadata. If the checksums match, then the
data is marked as valid and returned to the user. If the checksums don't match, then the data is corrupt. The
resiliency of the volume determines how ReFS responds to corruptions:
If ReFS is mounted on a non-resilient simple space or a bare drive, ReFS will return an error to the user without
returning the corrupted data.
If ReFS is mounted on a resilient mirror or parity space, ReFS will attempt to correct the corruption.
If the attempt is successful, ReFS will apply a corrective write to restore the integrity of the data, and it
will return the valid data to the application. The application remains unaware of any corruptions.
If the attempt is unsuccessful, ReFS will return an error.
ReFS will record all corruptions in the System Event Log, and the log will reflect whether the corruptions were
fixed.
Performance
Though integrity streams provides greater data integrity for the system, it also incurs a performance cost. There
are a couple different reasons for this:
If integrity streams are enabled, all write operations become allocate-on-write operations. Though this avoids
any read-modify-write bottlenecks since ReFS doesn't need to read or modify any existing data, file data
frequently becomes fragmented, which delays reads.
Depending on the workload and underlying storage of the system, the computational cost of computing and
validating the checksum can cause IO latency to increase.
Because integrity streams carries a performance cost, we recommend leaving integrity streams disabled on
performance sensitive systems.
Integrity scrubber
As described above, ReFS will automatically validate data integrity before accessing any data. ReFS also uses a
background scrubber, which enables ReFS to validate infrequently accessed data. This scrubber periodically scans
the volume, identifies latent corruptions, and proactively triggers a repair of any corrupt data.
NOTE
The data integrity scrubber can only validate file data for files where integrity streams is enabled.
By default, the scrubber runs every four weeks, though this interval can be configured within Task Scheduler under
Microsoft\Windows\Data Integrity Scan.
Examples
To monitor and change the file data integrity settings, ReFS uses the Get-FileIntegrity and Set-FileIntegrity
cmdlets.
Get-FileIntegrity
To see if integrity streams is enabled for file data, use the Get-FileIntegrity cmdlet.
You can also use the Get-Item cmdlet to get the integrity stream settings for all the files in a specified directory.
PS C:\> Get-Item -Path 'C:\Docs\*' | Get-FileIntegrity
Set-FileIntegrity
To enable/disable integrity streams for file data, use the Set-FileIntegrity cmdlet.
You can also use the Get-Item cmdlet to set the integrity stream settings for all the files in a specified folder.
The Set-FileIntegrity cmdlet can also be used on volumes and directories directly.
Additional References
ReFS overview
ReFS block cloning
Storage Spaces Direct overview
ReFSUtil
8/18/2020 • 4 minutes to read • Edit Online
ReFSUtil is a tool included in Windows and Windows Server that attempts to diagnose heavily damaged ReFS
volumes, identify remaining files, and copy those files to another volume. This comes in Windows 10 in the
%SystemRoot%\Windows\System32 folder or in Windows Server in the %SystemRoot%\System32 folder.
ReFS salvage is the primary function of ReFSUtil, and is useful for recovering data from volumes that show as RAW
in Disk Management. ReFS Salvage has two phases: Scan Phase and a Copy Phase. In automatic mode, the Scan
Phase and Copy Phase will run sequentially. In manual mode, each phase can be run separately. Progress and logs
are saved in a working directory to allow phases to be run separately as well as Scan Phase to be paused and
resumed. You shouldn't need to use the ReFSutil tool unless the volume is RAW. If read-only, then data is still
accessible.
Parameters
PA RA M ET ER DESC RIP T IO N
<source volume> Specifies the ReFS volume to process. The drive letter must be
formatted as "L:", or you must provide a path to the volume
mount point.
<working directory> Specifies the location to store temporary information and logs.
It must not be located on the <source volume> .
<target directory> Specifies the location where identified files are copied to. It
must not be located on the <source volume> .
refsutil salvage -FA <source volume> <working directory> <target directory> <options>
Additional References
Command-Line Syntax Key
Storage Migration Service overview
8/18/2020 • 6 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server (Semi-
Annual Channel)
Storage Migration Service makes it easier to migrate storage to Windows Server or to Azure. It provides a
graphical tool that inventories data on Windows and Linux servers and then transfers the data to newer servers or
to Azure virtual machines. Storage Migration Service also provides the option to transfer the identity of a server
to the destination server so that apps and users can access their data without changing links or paths.
This topic discusses why you'd want to use Storage Migration Service, how the migration process works, what the
requirements are for source and destination servers, and what's new in Storage Migration Service.
Requirements
To use Storage Migration Service, you need the following:
A source ser ver or failover cluster to migrate files and data from
A destination ser ver running Windows Server 2019 (clustered or standalone) to migrate to. Windows
Server 2016 and Windows Server 2012 R2 work as well but are around 50% slower
An orchestrator ser ver running Windows Server 2019 to manage the migration
If you're migrating only a few servers and one of the servers is running Windows Server 2019, you can use
that as the orchestrator. If you're migrating more servers, we recommend using a separate orchestrator server.
A PC or ser ver running Windows Admin Center to run the Storage Migration Service user interface,
unless you prefer using PowerShell to manage the migration. The Windows Admin Center and Windows
Server 2019 version must both be at least version 1809.
We strongly recommend that the orchestrator and destination computers have at least two cores or two vCPUs,
and at least 2 GB of memory. Inventory and transfer operations are significantly faster with more processors and
memory.
Security requirements, the Storage Migration Service proxy service, and firewall ports
A migration account that is an administrator on the source computers and the orchestrator computer.
A migration account that is an administrator on the destination computers and the orchestrator computer.
The orchestrator computer must have the File and Printer Sharing (SMB-In) firewall rule enabled inbound.
The source and destination computers must have the following firewall rules enabled inbound (though you
might already have them enabled):
File and Printer Sharing (SMB-In)
Netlogon Service (NP-In)
Windows Management Instrumentation (DCOM-In)
Windows Management Instrumentation (WMI-In)
TIP
Installing the Storage Migration Service Proxy service on a Windows Server 2019 computer automatically opens the
necessary firewall ports on that computer. To do so, connect to the destination server in Windows Admin Center
and then go to Ser ver Manager (in Windows Admin Center) > Roles and features , select Storage Migration
Ser vice Proxy , and then select Install.
If the computers belong to an Active Directory Domain Services domain, they should all belong to the
same forest. The destination server must also be in the same domain as the source server if you want to
transfer the source's domain name to the destination when cutting over. Cutover technically works across
domains, but the fully-qualified domain name of the destination will be different from the source...
Requirements for source servers
The source server must run one of the following operating systems:
Windows Server, Semi-Annual Channel
Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003 R2
Windows Server 2003
Windows Small Business Server 2003 R2
Windows Small Business Server 2008
Windows Small Business Server 2011
Windows Server 2012 Essentials
Windows Server 2012 R2 Essentials
Windows Server 2016 Essentials
Windows Server 2019 Essentials
Windows Storage Server 2008
Windows Storage Server 2008 R2
Windows Storage Server 2012
Windows Storage Server 2012 R2
Windows Storage Server 2016
Note: Windows Small Business Server and Windows Server Essentials are domain controllers. Storage Migration
Service can't yet cut over from domain controllers, but can inventory and transfer files from them.
You can migrate the following additional source types if the orchestrator is running Windows Server, version 1903
or later, or if the orchestrator is running an earlier version of Windows Server with KB4512534 installed:
Failover clusters running Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows
Server 2019
Linux servers that use Samba. We've tested the following:
CentOS 7
Debian GNU/Linux 8
RedHat Enterprise Linux 7.6
SUSE Linux Enterprise Server (SLES) 11 SP4
Ubuntu 16.04 LTS and 12.04.5 LTS
Samba 4.8, 4.7, 4.3, 4.2, and 3.6
Requirements for destination servers
The destination server must run one of the following operating systems:
Windows Server, Semi-Annual Channel
Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
TIP
Destination servers running Windows Server 2019 or Windows Server, Semi-Annual Channel or later have double the
transfer performance of earlier versions of Windows Server. This performance boost is due to the inclusion of a built-in
Storage Migration Service proxy service, which also opens the necessary firewall ports if they're not already open.
Azure VM Migration
Windows Admin Center version 1910 allows you to deploy Azure virtual machines. This integrates VM
deployment into Storage Migration Service. Instead of building new servers and VMs in the Azure Portal by hand
prior to deploying your workload - and possibly missing required steps and configuration - Windows Admin
Center can deploy the Azure VM, configure its storage, join it to your domain, install roles, and then set up your
distributed system.
Here's a video showing how to use Storage Migration Service to migrate to Azure VMs.
If you want to lift and shift virtual machines to Azure without migrating to a later operating system, consider
using Azure Migrate. For more info, see Azure Migrate overview.
Additional References
Migrate a file server by using Storage Migration Service
Storage Migration Services frequently asked questions (FAQ)
Storage Migration Service known issues
Use Storage Migration Service to migrate a server
8/18/2020 • 9 minutes to read • Edit Online
This topic discusses how to migrate a server, including its files and configuration, to another server by using
Storage Migration Service and Windows Admin Center. Migrating takes three steps once you've installed the
service and opened any necessary firewall ports: inventory your servers, transfer data, and cut over to the new
servers.
Step 1: Create a job and inventory your servers to figure out what to
migrate
In this step, you specify what servers to migrate and then scan them to collect info on their files and configurations.
1. Select New job , name the job, and then select whether to migrate Windows servers and clusters or Linux
servers that use Samba. Then select OK .
2. On the Enter credentials page, type admin credentials that work on the servers you want to migrate from,
and then select Next .
If you're migrating from Linux servers, instead enter credentials on the Samba credentials and Linux
credentials pages, including an SSH password or private key.
3. Select Add a device , type a source server name or the name of a clustered file server, and then select OK .
Repeat this for any other servers that you want to inventory.
4. Select Star t scan .
The page updates to shows when the scan is complete.
Storage Migration Service won't transfer files or folders that we know could interfere with Windows
operation, so in this release you'll see warnings for any shares located in the Windows system folder. You'll
have to skip these shares during the transfer phase. For more info, see What files and folders are excluded
from transfers.
6. Select Next to move on to transferring data.
Step 2: Transfer data from your old servers to the destination servers
In this step you transfer data after specifying where to put it on the destination servers.
1. On the Transfer data > Enter credentials page, type admin credentials that work on the destination
servers you want to migrate to, and then select Next .
2. On the Add a destination device and mappings page, the first source server is listed. Type the name of
the server or clustered file server to which you want to migrate and then select Scan device . If migrating
from a domain-joined source computer, the destination server must be joined to the same domain. You can
also click "Create a new Azure VM" then use the wizard to deploy a new destination server in Azure. This will
automatically size your VM, provision storage, format disks, join the domain, and add the Storage Migration
Service proxy to a Windows Server 2019 destination. You can choose from Windows Server 2019
(recommended), Windows Server 2016, and Windows Server 2012 R2 VMs of any size and use managed
disks.
NOTE
Using "Create a new Azure VM" requires that you have:
A valid Azure subscription.
An existing Azure Compute resource group where you have Create rights.
An existing Azure Virtual Network and subnet.
An Azure Express Route or VPN solution tied to the Virtual Network and subnet that allows connectivity from this
Azure IaaS VM to your on-premises clients, domain controllers, the Storage Migration Service orchestrator
computer, the Windows Admin Center computer, and the source computer to be migrated.
Here's a video showing how to use Storage Migration Service to migrate to Azure VMs.
3. Map the source volumes to destination volumes, clear the Include checkbox for any shares you don't want
to transfer (including any administrative shares located in the Windows system folder), and then select
Next .
Figure 3: A source ser ver and where its storage will be transferred to
4. Add a destination server and mappings for any more source servers, and then select Next .
5. On the Adjust transfer settings page, specify whether to migrate local users and groups on the source
servers and then select Next . This lets you recreate any local users and groups on the destination servers so
that file or share permissions set to local users and groups aren't lost. Here are the options when migrating
local users and groups:
Rename accounts with the same name is selected by default and migrates all local users and groups
on the source server. If it finds local users or groups with the same name on the source and destination,
it renames them on the destination unless they're built-in (for example, the Administrator user and the
Administrators group). Do not use this setting if your source or destination server is a domain controller.
Reuse accounts with the same name maps identically named users and groups on the source and
destination. Do not use this setting if your source or destination server is a domain controller.
Don't transfer users and groups skips migrating local users and groups, which is required when
your source or destination is a domain controller, or when seeding data for DFS Replication (DFS
Replication doesn't support local groups and users).
NOTE
Migrated user accounts are disabled on the destination and assigned a 127-character password that's both complex
and random, so you'll have to enable them and assign a new password when you're finished to keep using them. This
helps ensure any old accounts with forgotten and weak passwords on the source don't continue to be a security
problem on the destination. You might also want to check out Local Administrator Password Solution (LAPS) as a way
to manage local Administrator passwords.
NOTE
If you want to keep an audit trail of transfers or are planning to perform more than one transfer in a job, click
Transfer log or the other log save options to save a CSV copy. Every subsequent transfer overwrites the database
information of a previous run.
Figure 4: A source ser ver and how its network configuration will move to the destination
5. Specify how to rename the source server after the destination server takes over its name. You can use a
randomly generated name or type one yourself. Then select Next .
6. Select Next on the Adjust cutover settings page.
7. Select Validate on the Validate source and destination device page, and then select Next .
8. When you're ready to perform the cutover, select Star t cutover .
Users and apps might experience an interruption while the address and names are moved and the servers
restarted several times each, but will otherwise be unaffected by the migration. How long cutover takes
depends on how quickly the servers restart, as well as Active Directory and DNS replication times.
Additional References
Storage Migration Service overview
Storage Migration Services frequently asked questions (FAQ)
Planning for an Azure File Sync deployment
Storage Migration Service frequently asked questions
(FAQ)
8/18/2020 • 11 minutes to read • Edit Online
This topic contains answers to frequently asked questions (FAQs) about using Storage Migration Service to
migrate servers.
Additional References
Storage Migration Service overview
Storage Migration Service known issues
8/18/2020 • 21 minutes to read • Edit Online
This topic contains answers to known issues when using Storage Migration Service to migrate servers.
Storage Migration Service is released in two parts: the service in Windows Server, and the user interface in
Windows Admin Center. The service is available in Windows Server, Long-Term Servicing Channel, as well as
Windows Server, Semi-Annual Channel; while Windows Admin Center is available as a separate download. We also
periodically include changes in cumulative updates for Windows Server, released via Windows Update.
For example, Windows Server, version 1903 includes new features and fixes for Storage Migration Service, which
are also available for Windows Server 2019 and Windows Server, version 1809 by installing KB4512534.
Transfer Log - Please check file sharing is allowed in your firewall. : This request operation sent to
net.tcp://localhost:28940/sms/service/1/transfer did not receive a reply within the configured timeout
(00:01:00). The time allotted to this operation may have been a portion of a longer timeout. This may be
because the service is still processing the operation or because the service was unable to send a reply
message. Please consider increasing the operation timeout (by casting the channel/proxy to IContextChannel and
setting the OperationTimeout property) and ensure that the service is able to connect to the client.
This issue is caused by an extremely large number of transferred files that can't be filtered in the default one
minute timeout allowed by Storage Migration Service.
To work around this issue:
1. On the orchestrator computer, edit the
%SYSTEMROOT%\SMS\Microsoft.StorageMigration.Service.exe.config file using Notepad.exe to change the
"sendTimeout" from its 1 minute default to 10 minutes
<bindings>
<netTcpBinding>
<binding name="NetTcpBindingSms"
sendTimeout="00:10:00"
5. On the Edit menu, point to New, and then click DWORD Value.
6. Type "WcfOperationTimeoutInMinutes" for the name of the DWORD, and then press ENTER.
7. Right-click "WcfOperationTimeoutInMinutes", and then click Modify.
8. In the Base data box, click "Decimal"
9. In the Value data box, type "10", and then click OK.
10. Exit Registry Editor.
11. Attempt to download the errors-only CSV file again.
We intend to change this behavior in a later release of Windows Server 2019.
If you have not installed the Storage Migration Service Proxy service on the Windows Server 2019 destination
computer, or the destination computer is Windows Server 2016 or Windows Server 2012 R2, this behavior is by
design. We recommend migrating to a Windows Server 2019 computer with the proxy installed for significantly
improved transfer performance.
This issue is caused by a code defect in the Storage Migration Service where the backup privilege was not being
invoked.
To resolve this issue, install Windows Update April 2, 2019—KB4490481 (OS Build 17763.404) on the orchestrator
computer and the destination computer if the proxy service is installed there. Ensure that the source migration
user account is a local administrator on the source computer and the Storage Migration Service orchestrator.
Ensure that the destination migration user account is a local administrator on the destination computer and the
Storage Migration Service orchestrator.
DFSR hashes mismatch when using Storage Migration Service to
preseed data
When using the Storage Migration Service to transfer files to a new destination, then configuring DFS Replication
to replicate that data with an existing server through preseeded replication or DFS Replication database cloning, all
files experience a hash mismatch and are re-replicated. The data streams, security streams, sizes, and attributes all
appear to be perfectly matched after using Storage Migration Service to transfer them. Examining the files with
ICACLS or the DFS Replication database cloning debug log reveals:
Source file
icacls d:\test\Source:
Destination file
20190308 10:18:53.116 3948 DBCL 4045 [WARN] DBClone::IDTableImportUpdate Mismatch record was found.
This error is expected if your Windows Server 2008 R2 computer isn't fully patched with all Critical and Important
updates from Windows Update. It's especially important to keep a Windows Server 2008 R2 computer updated for
security purposes, as that operating system doesn't contain the security improvements of newer versions of
Windows Server.
Job: Job1
ID:
State: Failed
Error: 36931
Error Message:
Guidance: Check the detailed error and make sure the transfer requirements are met. The transfer job couldn't
transfer any source and destination computers. This could be because the orchestrator computer couldn't reach
any source or destination computers, possibly due to a firewall rule, or missing permissions.
07/02/2019-13:35:57.231 [Error] Transfer validation failed. ErrorCode: 40961, Source endpoint is not
reachable, or doesn't exist, or source credentials are invalid, or authenticated user doesn't have sufficient
permissions to access it.
at Microsoft.StorageMigration.Proxy.Service.Transfer.TransferOperation.Validate()
at Microsoft.StorageMigration.Proxy.Service.Transfer.TransferRequestHandler.ProcessRequest(FileTransferRequest
fileTransferRequest, Guid operationId)
This was a code defect that would manifest if your migration account does not have at least Read permissions to
the SMB shares. This issue was first fixed in cumulative update 4520062.
This error is caused by a code defect in Storage Migration Service when you provide migration credentials in the
form of a User Principal Name (UPN), such as 'meghan@contoso.com'. The Storage Migration Service orchestrator
service fails to parse this format correctly, which leads to a failure in a domain lookup that was added for cluster
migration support in KB4512534 and 19H1.
To work around this issue, provide credentials in the domain\user format, such as 'Contoso\Meghan'.
Make sure the proxy service is installed and running, and then try again. The proxy isn't currently available.
0x9006
ServiceError0x9006,Microsoft.StorageMigration.Commands.UnregisterSmsProxyCommand
This error is expected if the File Server resource moved from its original Windows Server 2019 cluster owner node
to a new node and the Storage Migration Service Proxy feature wasn't installed on that node.
As a workaround, move the destination File Server resource back to the original owner cluster node that was in
use when you first configured transfer pairings.
As an alternative workaround:
1. Install the Storage Migration Service Proxy feature on all nodes in a cluster.
2. Run the following Storage Migration Service PowerShell command on the orchestrator computer:
Error "Dll was not found" when running inventory from a cluster node
When attempting to run inventory with the Storage Migration Service and targeting a Windows Server failover
cluster general use file server source, you receive the following errors:
To work around this issue, install the "Failover Cluster Management Tools" (RSAT-Clustering-Mgmt) on the server
running the Storage Migration Service orchestrator.
TAKEOWN /d y /a /r /f c:\ProgramData\Microsoft\StorageMigrationService
MD c:\ProgramData\Microsoft\StorageMigrationService\backup
DEL c:\ProgramData\Microsoft\StorageMigrationService\* /q
2. Start the Storage Migration Service service, which will create a new database.
This issue is caused by a missing API in older versions of Windows Server. Currently there's no way to migrate
Windows Server 2008 and Windows Server 2003 clusters. You can perform inventory and transfer without issue
on Windows Server 2008 R2 clusters, then manually perform cutover by manually changing the cluster's source
file server resource netname and IP address, then changing the destination cluster netname and IP address to
match the original source.
Computer: fs12.corp.contoso.com
Adapter: microsoft hyper-v network adapter
IP address: 10.0.0.99
Network mask: 16
Error: 40970
Error Message: Unknown error (0xa00a)
Guidance: Confirm that the Netlogon service on the computer is reachable through RPC and that the credentials
provided are correct.
Examining the source computer shows that the original IP address fails to change.
This issue does not happen if you selected "Use DHCP" on the Windows Admin Center "configure cutover" screen,
only if you specify a new static IP address.
There are two solutions for this issue:
1. This issue was first resolved by the KB4537818 update. That earlier code defect prevented all use of static IP
addresses.
2. If you have not specified a default gateway IP address on the source computer's network interfaces, this
issue will occur even with the KB4537818 update. To work around this issue, set a valid default IP address
on the network interfaces using the Network Connections applet (NCPA.CPL) or Set-NetRoute Powershell
cmdlet.
Job: dctest3
Computer: dc02-2019.corp.contoso.com
Destination Computer: dc03-2019.corp.contoso.com
State: Failed
Error: 53251
Error Message: Local accounts migration failed with error System.Exception: -2147467259
at Microsoft.StorageMigration.Service.DeviceHelper.MigrateSecurity(IDeviceRecord
sourceDeviceRecord, IDeviceRecord destinationDeviceRecord, TransferConfiguration config, Guid proxyId,
CancellationToken cancelToken)
This is expected behavior if you attempted to migrate from or to a domain controller with Storage Migration
Service and used the "migrate users and groups" option to rename or reuse accounts. instead of selecting
"Don't transfer users and groups". DC migration is not supported with Storage Migration Service. Because a
DC doesn't have true local users and groups, Storage Migration Service treats these security principals as it
would when migrating between two member servers and attempts to adjust ACLs as instructed, leading to
the errors and mangled or copied accounts.
If you have already run transfer one ore more times:
1. Use the following AD PowerShell command against a DC to locate any modified users or groups (changing
SearchBase to match your domain distinguished name):
Get-ADObject -Filter 'Description -like "*storage migration service renamed*"' -SearchBase 'DC=
<domain>,DC=<TLD>' | ft name,distinguishedname
2. For any users returned with their original name, edit their "User Logon Name (pre-Windows 2000)" to
remove the random character suffix added by Storage Migration Service, so that this user can log on.
3. For any groups returned with their original name, edit their "Group Name (pre-Windows 2000)" to remove
the random character suffix added by Storage Migration Service.
4. For any disabled users or groups with names that now contain a suffix added by Storage Migration Service,
you can delete these accounts. You can confirm that user accounts were added later because they will only
contain the Domain Users group and will have a created date/time matching the Storage Migration Service
transfer start time.
If you wish to use Storage Migration Service with domain controllers for transfer purposes, ensure you
always select "Don't transfer users and groups" on the transfer settings page in Windows Admin Center.
01/16/2020-08:31:10.015 [Erro] Endpoint Scan failed. Error: (53) The network path was not found.
Stack trace:
at Microsoft.Win32.RegistryKey.Win32ErrorStatic(Int32 errorCode, String str)
at Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(RegistryHive hKey, String machineName, RegistryView view)
At this stage, Storage Migration Service orchestrator is attempting remote registry reads to determine source
machine configuration, but is being rejected by the source server saying the registry path does not exist. This can
be caused by:
The Remote Registry service isn't running on the source computer.
firewall does not allow remote registry connections to the source server from the Orchestrator.
The source migration account does not have remote registry permissions to connect to the source computer.
The source migration account does not have read permissions within the registry of the source computer, under
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" or under
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer"
Cutover hangs on "38% Mapping network interfaces on the source
computer..."
When attempting to run cut over of a source computer, the cut over gets stuck at phase "38% Mapping network
interfaces on the source computer..." and you receive the following error in the Storage Migration Service event
log:
Computer: 172.16.10.37
User Name: nedwardo\MsftSmsStorMigratSvc
Error: 40970
Error Message: Unknown error (0xa00a)
Guidance: Confirm that the Netlogon service on the computer is reachable through RPC and that the credentials
provided are correct.
This issue is caused by Group Policy that sets the following registry value on the source computer:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilte
rPolicy = 0"
This setting isn't part of standard Group Policy, it's an add-on configured using the Microsoft Security Compliance
Toolkit:
Windows Server 2012 R2: "Computer Configuration\Administrative Templates\SCM: Pass the Hash
Mitigations\Apply UAC restrictions to local accounts on network logons"
Widows Server 2016: "Computer Configuration\Administrative Templates\MS Security Guide\Apply UAC
restrictions to local accounts on network logons"
It can also be set using Group Policy Preferences with a custom registry setting. You can use the GPRESULT tool to
determine which policy is applying this setting to the source computer.
The Storage Migration Service temporarily enables the LocalAccountTokenFilterPolicy as part of the cut over
process, then removes it when done. When Group Policy applies a conflicting Group Policy Object (GPO), it
overrides the Storage Migration Service and prevents cut over.
To work around this issue, use one of the following options:
1. Temporarily move the source computer from the Active Directory OU that applies this conflicting GPO.
2. Temporarily disable the GPO that applies this conflicting policy.
3. Temporarily create a new GPO that sets this setting to Disabled and applies to specific OU of source servers,
with a higher precedence than any other GPOs.
The server was unable to process the request due to an internal error
04/28/2020-11:31:01.169 [Error] Failed device discovery stage SystemInfo with error: (0x490) Could not find
computer object 'myserver' in Active Directory
[d:\os\src\base\dms\proxy\discovery\discoveryproxy\DeviceDiscoveryOperation.cs::TryStage::1042]
Examining the logs further shows that the migration account and the server being migrated from or two are in
different domains:
GetOsVersion(fileserver75.**corp**.contoso.com)
[d:\os\src\base\dms\proxy\common\proxycommon\CimSessionHelper.cs::GetOsVersion::66] 06/25/2020-10:20:45.368
[Info] Computer 'fileserver75.corp.contoso.com': OS version
This issue is caused by a code defect in the Storage Migration Service. To work around this issue, use migration
credentials from the same domain that the source and destination computer belong to. For instance, if the source
and destination computer belong to the "corp.contoso.com" domain in the "contoso.com" forest, use
'corp\myaccount' to perform the migration, not a 'contoso\myaccount' credential.
Job: longnametest
Computer: iamaverylongcomputername.corp.contoso.com
State: Failed
Error: 1168
Error Message:
Guidance: Check the detailed error and make sure the inventory requirements are met. The inventory couldn't
determine any aspects of the specified source computer. This could be because of missing permissions or
privileges on the source or a blocked firewall port.
This issue is caused by a code defect in the Storage Migration Service. The only workaround currently is to rename
the computer to have the same name as the NetBIOS name, then use NETDOM COMPUTERNAME /ADD to add an
alternate computer name that contains the longer name that was in use prior to starting Inventory. Storage
Migration Service supports migrating alternate computer names.
See also
Storage Migration Service overview
Storage Replica overview
8/18/2020 • 12 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
Storage Replica is Windows Server technology that enables replication of volumes between servers or clusters
for disaster recovery. It also enables you to create stretch failover clusters that span two sites, with all nodes
staying in sync.
Storage Replica supports synchronous and asynchronous replication:
Synchronous replication mirrors data within a low-latency network site with crash-consistent volumes to
ensure zero data loss at the file-system level during a failure.
Asynchronous replication mirrors data across sites beyond metropolitan ranges over network links with
higher latencies, but without a guarantee that both sites have identical copies of the data at the time of a
failure.
Supported configurations
You can deploy Storage Replica in a stretch cluster, between cluster-to-cluster, and in server-to-server
configurations (see Figures 1-3).
Stretch Cluster allows configuration of computers and storage in a single cluster, where some nodes share one
set of asymmetric storage and some nodes share another, then synchronously or asynchronously replicate with
site awareness. This scenario can utilize Storage Spaces with shared SAS storage, SAN and iSCSI-attached LUNs.
It is managed with PowerShell and the Failover Cluster Manager graphical tool, and allows for automated
workload failover.
NOTE
You can also configure server-to-self replication, using four separate volumes on one computer. However, this guide does
not cover this scenario.
Type Host-based
Synchronous Yes
Asynchronous Yes
Transport SMB3
Replication network port firewall requirements Single IANA port (TCP 445 or 5445)
Background
This section includes information about high-level industry terms, synchronous and asynchronous replication,
and key behaviors.
High-level industry terms
Disaster Recovery (DR) refers to a contingency plan for recovering from site catastrophes so that the business
continues to operate. Data DR means multiple copies of production data in a separate physical location. For
example, a stretch cluster, where half the nodes are in one site and half are in another. Disaster Preparedness (DP)
refers to a contingency plan for preemptively moving workloads to a different location prior to an oncoming
disaster, such as a hurricane.
Service level agreements (SLAs) define the availability of a business' applications and their tolerance of down
time and data loss during planned and unplanned outages. Recovery Time Objective (RTO) defines how long the
business can tolerate total inaccessibility of data. Recovery Point Objective (RPO) defines how much data the
business can afford to lose.
Synchronous replication
Synchronous replication guarantees that the application writes data to two locations at once before completion of
the IO. This replication is more suitable for mission critical data, as it requires network and storage investments,
as well as a risk of degraded application performance.
When application writes occur on the source data copy, the originating storage does not acknowledge the IO
immediately. Instead, those data changes replicate to the remote destination copy and return an
acknowledgement. Only then does the application receive the IO acknowledgment. This ensures constant
synchronization of the remote site with the source site, in effect extending storage IOs across the network. In the
event of a source site failure, applications can failover to the remote site and resume their operations with
assurance of zero data loss.
M O DE DIA GRA M ST EP S
Asynchronous replication
Contrarily, asynchronous replication means that when the application writes data, that data replicates to the
remote site without immediate acknowledgment guarantees. This mode allows faster response time to the
application as well as a DR solution that works geographically.
When the application writes data, the replication engine captures the write and immediately acknowledges to the
application. The captured data then replicates to the remote location. The remote node processes the copy of the
data and lazily acknowledges back to the source copy. Since replication performance is no longer in the
application IO path, the remote site's responsiveness and distance are less important factors. There is risk of data
loss if the source data is lost and the destination copy of the data was still in buffer without leaving the source.
With its higher than zero RPO, asynchronous replication is less suitable for HA solutions like Failover Clusters, as
they are designed for continuous operation with redundancy and no loss of data.
M O DE DIA GRA M ST EP S
M O DE DIA GRA M ST EP S
Additional References
Stretch Cluster Replication Using Shared Storage
Server to Server Storage Replication
Cluster to Cluster Storage Replication
Storage Replica: Known Issues
Storage Replica: Frequently Asked Questions
Storage Spaces Direct in Windows Server 2016
Windows IT Pro Support
Stretch Cluster Replication Using Shared Storage
8/18/2020 • 30 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
In this evaluation example, you will configure these computers and their storage in a single stretch cluster, where
two nodes share one set of storage and two nodes share another set of storage, then replication keeps both sets of
storage mirrored in the cluster to allow immediate failover. These nodes and their storage should be located in
separate physical sites, although it is not required. There are separate steps for creating Hyper-V and File Server
clusters as sample scenarios.
IMPORTANT
In this evaluation, servers in different sites must be able to communicate with the other servers via a network, but not have
any physical connectivity to the other site's shared storage. This scenario does not make use of Storage Spaces Direct.
Terms
This walkthrough uses the following environment as an example:
Four servers, named SR-SRV01 , SR-SRV02 , SR-SRV03 , and SR-SRV04 formed into a single cluster
called SR-SRVCLUS .
A pair of logical "sites" that represent two different data centers, with one called Redmond and the other
called Bellevue.
NOTE
You can use only as few as two nodes, where one node each is in each site. However, you will not be able to perform intra-
site failover with only two servers. You can use as many as 64 nodes.
Prerequisites
Active Directory Domain Services forest (does not need to run Windows Server 2016).
2-64 servers running Windows Server 2019 or Windows Server 2016, Datacenter Edition. If you're running
Windows Server 2019, you can instead use Standard Edition if you're OK replicating only a single volume up to
2 TB in size.
Two sets of shared storage, using SAS JBODs (such as with Storage Spaces), Fibre Channel SAN, Shared VHDX,
or iSCSI Target. The storage should contain a mix of HDD and SSD media and must support Persistent
Reservation. You will make each storage set available to two of the servers only (asymmetric).
Each set of storage must allow creation of at least two virtual disks, one for replicated data and one for logs.
The physical storage must have the same sector sizes on all the data disks. The physical storage must have the
same sector sizes on all the log disks.
At least one 1GbE connection on each server for synchronous replication, but preferably RDMA.
At least 2GB of RAM and two cores per server. You will need more memory and cores for more virtual
machines.
Appropriate firewall and router rules to allow ICMP, SMB (port 445, plus 5445 for SMB Direct) and WS-MAN
(port 5985) bi-directional traffic between all nodes.
A network between servers with enough bandwidth to contain your IO write workload and an average of =5ms
round trip latency, for synchronous replication. Asynchronous replication does not have a latency
recommendation.
The replicated storage cannot be located on the drive containing the Windows operating system folder.
Many of these requirements can be determined by using the Test-SRTopology cmdlet. You get access to this tool if
you install Storage Replica or the Storage Replica Management Tools features on at least one server. There is no
need to configure Storage Replica to use this tool, only to install the cmdlet. More information is included in the
following steps.
IMPORTANT
From this point on, always logon as a domain user who is a member of the built-in administrator group on all
servers. Always remember to elevate your PowerShell and CMD prompts going forward when running on a graphical
server installation or on a Windows 10 computer.
2. Add network information and join the nodes to the domain, then restart them.
NOTE
As of this point, the guide presumes you have two pairings of servers for use in a stretch cluster. A WAN or LAN
network separate the servers and the servers belong to either physical or logical sites. The guide considers SR-
SRV01 and SR-SRV02 to be in site Redmond and SR-SRV03 and SR-SRV04 to be in site Bellevue .
3. Connect the first set of shared JBOD storage enclosure, Shared VHDX, iSCSI target, or FC SAN to the servers
in site Redmond .
4. Connect the second set of storage to the servers in site Bellevue .
5. As appropriate, install latest vendor storage and enclosure firmware and drivers, latest vendor HBA drivers,
latest vendor BIOS/UEFI firmware, latest vendor network drivers, and latest motherboard chipset drivers on
all four nodes. Restart nodes as needed.
NOTE
Consult your hardware vendor documentation for configuring shared storage and networking hardware.
6. Ensure that BIOS/UEFI settings for servers enable high performance, such as disabling C-State, setting QPI
speed, enabling NUMA, and setting highest memory frequency. Ensure power management in Windows
Server is set to high performance. Restart as required.
7. Configure roles as follows:
Graphical method
Run Ser verManager.exe and add all server nodes by clicking Manage and Add Ser vers .
IMPORTANT
Install the Failover Clustering , and Storage Replica roles and features on each of the nodes and restart
them. If planning to use other roles like Hyper-V, File Server, etc. you can install them now too.
$Servers = 'SR-SRV01','SR-SRV02','SR-SRV03','SR-SRV04'
For more information on these steps, see Install or Uninstall Roles, Role Services, or Features.
8. Configure storage as follows:
IMPORTANT
You must create two volumes on each enclosure: one for data and one for logs.
Log and data disks must be initialized as GPT, not MBR.
The two data volumes must be of identical size.
The two log volumes should be of identical size.
All replicated data disks must have the same sector sizes.
All log disks must have the same sector sizes.
The log volumes should use flash-based storage and high performance resiliency settings. Microsoft recommends
that the log storage be as faster than the data storage. Log volumes must never be used for other workloads.
The data disks can use HDD, SSD, or a tiered combination and can use either mirrored or parity spaces or RAID 1
or 10, or RAID 5 or RAID 50.
The log volume must be at least 9GB by default and can to be larger or smaller based on log requirements.
The volumes must be formatted with NTFS or ReFS.
The File Server role is only necessary for Test-SRTopology to operate, as it opens the necessary firewall ports for
testing.
NOTE
Skip this section and go to the Configure a file server for general use cluster section, if you want to create a file server cluster
and not a Hyper-V cluster.
You will now create a normal failover cluster. After configuration, validation, and testing, you will stretch it using
Storage Replica. You can perform all of the steps below on the cluster nodes directly or from a remote
management computer that contains the Windows Server Remote Server Administration Tools.
Graphical method
1. Run cluadmin.msc .
2. Validate the proposed cluster and analyze the results to ensure you can continue.
NOTE
You should expect storage errors from cluster validation, due to the use of asymmetric storage.
3. Create the Hyper-V compute cluster. Ensure that the cluster name is 15 characters or fewer. The example
used below is SR-SRVCLUS. If the nodes are going to reside in different subnets, you must create an IP
Address for the Cluster Name for each subnet and use the “OR” dependency. More information can be
found at Configuring IP Addresses and Dependencies for Multi-Subnet Clusters – Part III.
4. Configure a File Share Witness or Cloud Witness to provide quorum in the event of site loss.
NOTE
WIndows Server now includes an option for Cloud (Azure)-based Witness. You can choose this quorum option
instead of the file share witness.
WARNING
For more information about quorum configuration, see the Configure and Manage the Quorum in a Windows Server
2012 Failover Cluster guide's Witness Configuration. For more information on the Set-ClusterQuorum cmdlet, see
Set-ClusterQuorum.
5. Review Network Recommendations for a Hyper-V Cluster in Windows Server 2012 and ensure that you
have optimally configured cluster networking.
6. Add one disk in the Redmond site to the cluster CSV. To do so, right click a source disk in the Disks node of
the Storage section, and then click Add to Cluster Shared Volumes .
7. Using the Deploy a Hyper-V Cluster guide, follow steps 7-10 within Redmond site to create a test virtual
machine only to ensure the cluster is working normally within the two nodes sharing the storage in the first
test site.
8. If you're creating a two-node stretch cluster, you must add all storage before continuing. To do so, open a
PowerShell session with administrative permissions on the cluster nodes, and run the following command:
Get-ClusterAvailableDisk -All | Add-ClusterDisk .
For example:
MD c:\temp
10. Examine the TestSrTopologyRepor t-< date >.html report to ensure you meet the Storage Replica
requirements and note the initial sync time prediction and log recommendations.
11. Return the disks to Available Storage and remove the temporary empty roles.
12. Once satisfied, remove the test virtual machine. Add any real test virtual machines needed for further
evaluation to a proposed source node.
13. Configure stretch cluster site awareness so that servers SR-SRV01 and SR-SRV02 are in site Redmond ,
SR-SRV03 and SR-SRV04 are in site Bellevue , and Redmond is preferred for node ownership of the
source storage and VMs:
New-ClusterFaultDomain -Name Seattle -Type Site -Description "Primary" -Location "Seattle Datacenter"
(Get-Cluster).PreferredSite="Seattle"
NOTE
There is no option to configure site awareness using Failover Cluster Manager in Windows Server 2016.
14. (Optional) Configure cluster networking and Active Directory for faster DNS site failover. You can utilize
Hyper-V software defined networking, stretched VLANs, network abstraction devices, lowered DNS TTL, and
other common techniques.
For more information, review the Microsoft Ignite session: Stretching Failover Clusters and Using Storage
Replica in Windows Server vNext and the Enable Change Notifications between Sites - How and Why? blog
post.
15. (Optional) Configure VM resiliency so that guests do not pause for long during node failures. Instead, they
failover to the new replication source storage within 10 seconds.
(Get-Cluster).ResiliencyDefaultPeriod=10
NOTE
There is no option to configure VM resiliency using Failover Cluster Manager in Windows Server 2016.
NOTE
You should expect storage errors from cluster validation, due to the use of asymmetric storage.
2. Create the File Server for General Use storage cluster (you must specify your own static IP address the
cluster will use). Ensure that the cluster name is 15 characters or fewer. If the nodes reside in different
subnets, than an IP Address for the additional site must be created using the “OR” dependency. More
information can be found at Configuring IP Addresses and Dependencies for Multi-Subnet Clusters – Part
III.
New-Cluster -Name SR-SRVCLUS -Node SR-SRV01, SR-SRV02, SR-SRV03, SR-SRV04 -StaticAddress <your IP here>
Add-ClusterResource -Name NewIPAddress -ResourceType “IP Address” -Group “Cluster Group”
Set-ClusterResourceDependency -Resource “Cluster Name” -Dependency “[Cluster IP Address] or
[NewIPAddress]”
3. Configure a File Share Witness or Cloud (Azure) witness in the cluster that points to a share hosted on the
domain controller or some other independent server. For example:
For more information about quorum configuration, see the Configure and Manage the Quorum in a
Windows Server 2012 Failover Cluster guide's Witness Configuration. For more information on the
Set-ClusterQuorum cmdlet, see Set-ClusterQuorum.
4. Review Network Recommendations for a Hyper-V Cluster in Windows Server 2012 and ensure that you
have optimally configured cluster networking.
5. If you're creating a two-node stretch cluster, you must add all storage before continuing. To do so, open a
PowerShell session with administrative permissions on the cluster nodes, and run the following command:
Get-ClusterAvailableDisk -All | Add-ClusterDisk .
New-ClusterFaultDomain -Name Seattle -Type Site -Description "Primary" -Location "Seattle Datacenter"
(Get-Cluster).PreferredSite="Seattle"
9. (Optional) Configure cluster networking and Active Directory for faster DNS site failover. You can utilize
Hyper-V software defined networking, stretched VLANs, network abstraction devices, lowered DNS TTL, and
other common techniques.
For more information, review the Microsoft Ignite session: Stretching Failover Clusters and Using Storage
Replica in Windows Server vNext and Enable Change Notifications between Sites - How and Why.
10. (Optional) Configure VM resiliency so that guests do not pause for long periods during node failures.
Instead, they failover to the new replication source storage within 10 seconds.
(Get-Cluster).ResiliencyDefaultPeriod=10
NOTE
There is no option to VM Resiliency using Failover Cluster Manager in Windows Server 2016.
NOTE
Skip this section if you have already configured a Hyper-V Failover cluster as described in Configure a Hyper-V Failover
Cluster.
You will now create a normal failover cluster. After configuration, validation, and testing, you will stretch it using
Storage Replica. You can perform all of the steps below on the cluster nodes directly or from a remote
management computer that contains the Windows Server Remote Server Administration Tools.
Graphical method
1. Run cluadmin.msc.
2. Validate the proposed cluster and analyze the results to ensure you can continue.
NOTE
You should expect storage errors from cluster validation, due to the use of asymmetric storage.
3. Create the File Server for General Use storage cluster. Ensure that the cluster name is 15 characters or fewer.
The example used below is SR-SRVCLUS. If the nodes are going to reside in different subnets, you must
create an IP Address for the Cluster Name for each subnet and use the “OR” dependency. More information
can be found at Configuring IP Addresses and Dependencies for Multi-Subnet Clusters – Part III.
4. Configure a File Share Witness or Cloud Witness to provide quorum in the event of site loss.
NOTE
WIndows Server now includes an option for Cloud (Azure)-based Witness. You can choose this quorum option
instead of the file share witness.
NOTE
For more information about quorum configuration, see the Configure and Manage the Quorum in a Windows Server
2012 Failover Cluster guide's Witness Configuration. For more information on the Set-ClusterQuorum cmdlet, see
Set-ClusterQuorum.
5. If you're creating a two-node stretch cluster, you must add all storage before continuing. To do so, open a
PowerShell session with administrative permissions on the cluster nodes, and run the following command:
Get-ClusterAvailableDisk -All | Add-ClusterDisk .
NOTE
The File Server role must be installed on all nodes prior to continuing to the next step. |
7. Under Roles , click Configure Role . Review Before you Begin and click Next .
8. Select File Ser ver and click Next .
9. Leave File Ser ver for general use selected and click Next .
10. Provide a Client Access Point name (15 characters or fewer) and click Next .
11. Select a disk to be your data volume and click Next .
12. Review your settings and click Next . Click Finish .
13. Right click your new File Server role and click Add File Share . Proceed through the wizard to configure
shares.
14. Optional: Add another File Server role that uses the other storage in this site.
15. Configure stretch cluster site awareness so that servers SR-SRV01 and SR-SRV02 are in site Redmond, SR-
SRV03 and SR-SRV04 are in site Bellevue, and Redmond is preferred for node ownership of the source
storage and VMs:
New-ClusterFaultDomain -Name Seattle -Type Site -Description "Primary" -Location "Seattle Datacenter"
(Get-Cluster).PreferredSite="Seattle"
NOTE
There is no option to configure site awareness using Failover Cluster Manager in Windows Server 2016.
16. (Optional) Configure cluster networking and Active Directory for faster DNS site failover. You can utilize
stretched VLANs, network abstraction devices, lowered DNS TTL, and other common techniques.
For more information, review the Microsoft Ignite session Stretching Failover Clusters and Using Storage Replica in
Windows Server vNext and the blog post Enable Change Notifications between Sites - How and Why.
PowerShell Method
1. Test the proposed cluster and analyze the results to ensure you can continue:
NOTE
You should expect storage errors from cluster validation, due to the use of asymmetric storage.
2. Create the Hyper-V compute cluster (you must specify your own static IP address the cluster will use).
Ensure that the cluster name is 15 characters or fewer. If the nodes reside in different subnets, than an IP
Address for the additional site must be created using the “OR” dependency. More information can be found
at Configuring IP Addresses and Dependencies for Multi-Subnet Clusters – Part III.
New-Cluster -Name SR-SRVCLUS -Node SR-SRV01, SR-SRV02, SR-SRV03, SR-SRV04 -StaticAddress <your IP here>
3. Configure a File Share Witness or Cloud (Azure) witness in the cluster that points to a share hosted on the
domain controller or some other independent server. For example:
NOTE
Windows Server now includes an option for cloud witness using Azure. You can choose this quorum option instead
of the file share witness.
For more information about quorum configuration, see the Understanding cluster and pool quorum. For
more information on the Set-ClusterQuorum cmdlet, see Set-ClusterQuorum.
4. If you're creating a two-node stretch cluster, you must add all storage before continuing. To do so, open a
PowerShell session with administrative permissions on the cluster nodes, and run the following command:
Get-ClusterAvailableDisk -All | Add-ClusterDisk .
Get-ClusterResource
Add-ClusterFileServerRole -Name SR-CLU-FS2 -Storage "Cluster Disk 4"
MD e:\share01
7. Configure stretch cluster site awareness so that servers SR-SRV01 and SR-SRV02 are in site Redmond, SR-
SRV03 and SR-SRV04 are in site Bellevue, and Redmond is preferred for node ownership of the source
storage and virtual machines:
New-ClusterFaultDomain -Name Seattle -Type Site -Description "Primary" -Location "Seattle Datacenter"
(Get-Cluster).PreferredSite="Seattle"
8. (Optional) Configure cluster networking and Active Directory for faster DNS site failover. You can utilize
stretched VLANs, network abstraction devices, lowered DNS TTL, and other common techniques.
For more information, review the Microsoft Ignite session Stretching Failover Clusters and Using Storage
Replica in Windows Server vNext and the blog post Enable Change Notifications between Sites - How and
Why.
Configure a stretch cluster
Now you will configure the stretch cluster, using either Failover Cluster Manager or Windows PowerShell. You can
perform all of the steps below on the cluster nodes directly or from a remote management computer that contains
the Windows Server Remote Server Administration Tools.
Failover Cluster Manager Method
1. For Hyper-V workloads, on one node where you have the data you wish to replicate out, add the source
data disk from your available disks to cluster shared volumes if not already configured. Do not add all the
disks; just add the single disk. At this point, half the disks will show offline because this is asymmetric
storage. If replicating a physical disk resource (PDR) workload like File Server for general use, you already
have a role-attached disk ready to go.
2. Right-click the CSV disk or role-attached disk, click Replication , and then click Enable .
3. Select the appropriate destination data volume and click Next . The destination disks shown will have a
volume the same size as the selected source disk. When moving between these wizard dialogs, the available
storage will automatically move and come online in the background as needed.
4. Select the appropriate source log disk and click Next . The source log volume should be on a disk that uses
SSD or similarly fast media, not spinning disks.
5. Select the appropriate destination log volume and click Next. The destination log disks shown will have a
volume the same size as the selected source log disk volume.
6. Leave the Over write Volume value at Over write destination Volume if the destination volume does
not contain a previous copy of the data from the source server. If the destination does contain similar data,
from a recent backup or previous replication, select Seeded destination disk , and then click Next .
7. Leave the Replication Mode value at Synchronous Replication if you plan to use zero RPO replication.
Change it to Asynchronous Replication if you plan to stretch your cluster over higher latency networks
or need lower IO latency on the primary site nodes.
8. Leave the Consistency Group value at Highest Performance if you do not plan to use write ordering
later with additional disk pairs in the replication group. If you plan to add further disks to this replication
group and you require guaranteed write ordering, select Enable Write Ordering , and then click Next .
9. Click Next to configure replication and the stretch cluster formation.
10. On the Summary screen, note the completion dialog results. You can view the report in a web browser.
11. At this point, you have configured a Storage Replica partnership between the two halves of the cluster but
replication is ongoing. There are several ways to see the state of replication via a graphical tool.
a. Use the Replication Role column and the Replication tab. When done with initial synchronization,
the source and destination disks will have a Replication Status of Continuously Replicating .
b. Start eventvwr.exe .
a. On the source server, navigate to Applications and Ser vices \ Microsoft \ Windows \
StorageReplica \ Admin and examine events 5015, 5002, 5004, 1237, 5001, and 2200.
b. On the destination server, navigate to Applications and Ser vices \ Microsoft \ Windows
\ StorageReplica \ Operational and wait for event 1215. This event states the number of
copied bytes and the time taken. Example:
ReplicationGroupName: Replication 2
ReplicationGroupId: {c6683340-0eea-4abc-ab95-c7d0026bc054}
ReplicaName: \\?\Volume{43a5aa94-317f-47cb-a335-2a5d543ad536}\
ReplicaId: {00000000-0000-0000-0000-000000000000}
End LSN in bitmap:
LogGeneration: {00000000-0000-0000-0000-000000000000}
LogFileId: 0
CLSFLsn: 0xFFFFFFFF
Number of Bytes Recovered: 68583161856
Elapsed Time (ms): 140
c. On the destination server, navigate to Applications and Ser vices \ Microsoft \ Windows
\ StorageReplica \ Admin and examine events 5009, 1237, 5001, 5015, 5005, and 2200 to
understand the processing progress. There should be no warnings of errors in this sequence.
There will be many 1237 events; these indicate progress.
WARNING
CPU and memory usage are likely to be higher than normal until initial synchronization completes.
NOTE
You can also use New-SRGroup on one node in each site and New-SRPartnership to create replication in stages,
rather than all at once.
b. On the destination server, run the following command to see the Storage Replica events that show
creation of the partnership. This event states the number of copied bytes and the time taken.
Example:
ReplicationGroupName: Replication 2
ReplicationGroupId: {c6683340-0eea-4abc-ab95-c7d0026bc054}
ReplicaName: ?Volume{43a5aa94-317f-47cb-a335-2a5d543ad536}
ReplicaId: {00000000-0000-0000-0000-000000000000}
End LSN in bitmap:
LogGeneration: {00000000-0000-0000-0000-000000000000}
LogFileId: 0
CLSFLsn: 0xFFFFFFFF
Number of Bytes Recovered: 68583161856
Elapsed Time (ms): 140
c. On the destination server, run the following command and examine events 5009, 1237, 5001, 5015,
5005, and 2200 to understand the processing progress. There should be no warnings of errors in
this sequence. There will be many 1237 events; these indicate progress.
d. Alternately, the destination server group for the replica states the number of byte remaining to copy
at all times, and can be queried through PowerShell. For example:
while($true) {
6. To get replication source and destination state within the stretch cluster, use Get-SRGroup and
Get-SRPartnership to see the configured state of replication in the stretch cluster.
Get-SRGroup
Get-SRPartnership
(Get-SRGroup).replicas
Manage stretched cluster replication
Now you will manage and operate your stretch cluster. You can perform all of the steps below on the cluster nodes
directly or from a remote management computer that contains the Windows Server Remote Server
Administration Tools.
Graphical Tools Method
1. Use Failover Cluster Manager to determine the current source and destination of replication and their
status.
2. To measure replication performance, run Perfmon.exe on both the source and destination nodes.
a. On the destination node:
a. Add the Storage Replica Statistics objects with all their performance counters for the data
volume.
b. Examine the results.
b. On the source node:
a. Add the Storage Replica Statistics and Storage Replica Par tition I/O Statistics objects
with all their performance counters for the data volume (the latter is only available with data
on the current source server).
b. Examine the results.
3. To alter replication source and destination within the stretch cluster, use the following methods:
a. To move the source replication between nodes in the same site: right-click the source CSV, click
Move Storage , click Select Node , and then select a node in the same site. If using non-CSV storage
for a role assigned disk, you move the role.
b. To move the source replication from one site to another: right-click the source CSV, click Move
Storage , click Select Node , and then select a node in another site. If you configured a preferred site,
you can use best possible node to always move the source storage to a node in the preferred site. If
using non-CSV storage for a role assigned disk, you move the role.
c. To perform planned failover the replication direction from one site to another: shutdown both nodes
in one site using Ser verManager.exe or SConfig .
d. To perform unplanned failover the replication direction from one site to another: cut power to both
nodes in one site.
NOTE
In Windows Server 2016, you may need to use Failover Cluster Manager or Move-ClusterGroup to move the
destination disks back to the other site manually after the nodes come back online.
NOTE
Storage Replica dismounts the destination volumes. This is by design.
4. To change the log size from the default 8GB, right-click both the source and destination log disks, click the
Replication Log tab, then change the sizes on both the disks to match.
NOTE
The default log size is 8GB. Depending on the results of the Test-SRTopology cmdlet, you may decide to use
-LogSizeInBytes with a higher or lower value.
5. To add another pair of replicated disks to the existing replication group, you must ensure that there is at
least one extra disk in available storage. You can then right-click the Source disk and select Add replication
par tnership .
NOTE
This need for an additional 'dummy' disk in available storage is due to a regression and not intentional. Failover
Cluster Manager previously support adding more disks normally and will again in a later release.
NOTE
You may need to use DiskMgmt.msc or Ser verManager.exe to add back drive letters to volumes after
return to available storage.
Get-ClusterSharedVolume | fl *
Move-ClusterSharedVolume -Name "cluster disk 4" -Node sr-srv02
b. To move the replication direction from one site to another "planned", move the CSV resource using
the Move-ClusterSharedVolume cmdlet.
Get-ClusterSharedVolume | fl *
Move-ClusterSharedVolume -Name "cluster disk 4" -Node sr-srv04
This will also move the logs and data appropriately for the other site and nodes.
c. To perform unplanned failover the replication direction from one site to another: cut power to both
nodes in one site.
NOTE
Storage Replica dismounts the destination volumes. This is by design.
4. To change the log size from the default 8GB, use Set-SRGroup on both the source and destination Storage
Replica Groups. For example, to set all logs to 2GB:
NOTE
This need for an additional 'dummy' disk in available storage is due to a regression and not intentional. Failover
Cluster Manager previously support adding more disks normally and will again in a later release.
Use the Set-SRPar tnership cmdlet with the -SourceAddVolumePar tnership and -
DestinationAddVolumePar tnership parameters.
6. To remove replication, use Get-SRGroup , Get- SRPartnership , Remove-SRGroup , and Remove-SRPartnership on
any node.
Get-SRPartnership | Remove-SRPartnership
Get-SRGroup | Remove-SRGroup
NOTE
If using a remote management computer you will need to specify the cluster name to these cmdlets and provide the
two RG names.
Related Topics
Storage Replica Overview
Server to Server Storage Replication
Cluster to Cluster Storage Replication
Storage Replica: Known Issues
Storage Replica: Frequently Asked Questions
See Also
Windows Server 2016
Storage Spaces Direct in Windows Server 2016
Server-to-server storage replication with Storage
Replica
8/18/2020 • 17 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
You can use Storage Replica to configure two servers to sync data so that each has an identical copy of the same
volume. This topic provides some background of this server-to-server replication configuration, as well as how to
set it up and manage the environment.
To manage Storage Replica you can use Windows Admin Center or PowerShell.
Here's an overview video of using Storage Replica in Windows Admin Center.
Prerequisites
Active Directory Domain Services forest (doesn't need to run Windows Server 2016).
Two servers running Windows Server 2019 or Windows Server 2016, Datacenter Edition. If you're running
Windows Server 2019, you can instead use Standard Edition if you're OK replicating only a single volume up to
2 TB in size.
Two sets of storage, using SAS JBODs, fibre channel SAN, iSCSI target, or local SCSI/SATA storage. The storage
should contain a mix of HDD and SSD media. You will make each storage set available only to each of the
servers, with no shared access.
Each set of storage must allow creation of at least two virtual disks, one for replicated data and one for logs.
The physical storage must have the same sector sizes on all the data disks. The physical storage must have the
same sector sizes on all the log disks.
At least one ethernet/TCP connection on each server for synchronous replication, but preferably RDMA.
Appropriate firewall and router rules to allow ICMP, SMB (port 445, plus 5445 for SMB Direct) and WS-MAN
(port 5985) bi-directional traffic between all nodes.
A network between servers with enough bandwidth to contain your IO write workload and an average of
=5ms round trip latency, for synchronous replication. Asynchronous replication doesn't have a latency
recommendation.
If you're replicating between on-premises servers and Azure VMs, you must create a network link between the
on-premises servers and the Azure VMs. To do so, use Express Route, a Site-to-Site VPN gateway connection,
or install VPN software in your Azure VMs to connect them with your on-premises network.
The replicated storage cannot be located on the drive containing the Windows operating system folder.
IMPORTANT
In this scenario, each server should be in a different physical or logical site. Each server must be able to communicate with
the other via a network.
Many of these requirements can be determined by using the Test-SRTopology cmdlet . You get access to this tool if
you install Storage Replica or the Storage Replica Management Tools features on at least one server. There is no
need to configure Storage Replica to use this tool, only to install the cmdlet. More information is included in the
steps below.
Windows Admin Center requirements
To use Storage Replica and Windows Admin Center together, you need the following:
NOTE
Right now you can't use Windows Admin Center on a server to manage Storage Replica.
Terms
This walkthrough uses the following environment as an example:
Two servers, named SR-SRV05 and SR-SRV06 .
A pair of logical "sites" that represent two different data centers, with one called Redmond and one called
Bellevue .
winrm quickconfig
NOTE
Starting in Windows Admin Center version 1910, you can configure a destination server automatically in Azure. If
you choose that option, install Windows Server on the source server and then skip to Step 3: Set up server-to-
server replication.
2. Add network information, join the servers to the same domain as your Windows 10 management PC (if
you're using one), and then restart the servers.
NOTE
From this point on, always logon as a domain user who is a member of the built-in administrator group on all
servers. Always remember to elevate your PowerShell and CMD prompts going forward when running on a
graphical server installation or on a Windows 10 computer.
3. Connect the first set of JBOD storage enclosure, iSCSI target, FC SAN, or local fixed disk (DAS) storage to
the server in site Redmond .
4. Connect the second set of storage to the server in site Bellevue .
5. As appropriate, install latest vendor storage and enclosure firmware and drivers, latest vendor HBA drivers,
latest vendor BIOS/UEFI firmware, latest vendor network drivers, and latest motherboard chipset drivers on
both nodes. Restart nodes as needed.
NOTE
Consult your hardware vendor documentation for configuring shared storage and networking hardware.
6. Ensure that BIOS/UEFI settings for servers enable high performance, such as disabling C-State, setting QPI
speed, enabling NUMA, and setting highest memory frequency. Ensure power management in Windows
Server is set to High Performance. Restart as required.
7. Configure roles as follows:
Windows Admin Center method
a. In Windows Admin Center, navigate to Server Manager, and then select one of the servers.
b. Navigate to Roles & Features .
c. Select Features > Storage Replica , and then click Install .
d. Repeat on the other server.
Ser ver Manager method
a. Run Ser verManager.exe and create a Server Group, adding all server nodes.
b. Install the File Ser ver and Storage Replica roles and features on each of the nodes and
restart them.
Windows PowerShell method
On SR-SRV06 or a remote management computer, run the following command in a Windows
PowerShell console to install the required features and roles and restart them:
$Servers = 'SR-SRV05','SR-SRV06'
For more information on these steps, see Install or Uninstall Roles, Role Services, or Features
8. Configure storage as follows:
IMPORTANT
You must create two volumes on each enclosure: one for data and one for logs.
Log and data disks must be initialized as GPT, not MBR.
The two data volumes must be of identical size.
The two log volumes should be of identical size.
All replicated data disks must have the same sector sizes.
All log disks must have the same sector sizes.
The log volumes should use flash-based storage, such as SSD. Microsoft recommends that the log storage be
faster than the data storage. Log volumes must never be used for other workloads.
The data disks can use HDD, SSD, or a tiered combination and can use either mirrored or parity spaces or RAID 1
or 10, or RAID 5 or RAID 50.
The log volume must be at least 9GB by default and may be larger or smaller based on log requirements.
The File Server role is only necessary for Test-SRTopology to operate, as it opens the necessary firewall ports for
testing.
MD c:\temp
IMPORTANT
When using a test server with no write IO load on the specified source volume during the evaluation period,
consider adding a workload or it will not generate a useful report. You should test with production-like workloads in
order to see real numbers and recommended log sizes. Alternatively, simply copy some files into the source volume
during the test or download and run DISKSPD to generate write IOs. For instance, a sample with a low write IO
workload for ten minutes to the D: volume:
Diskspd.exe -c1g -d600 -W5 -C5 -b8k -t2 -o2 -r -w5 -i100 -j100 d:\test
10. Examine the TestSrTopologyRepor t.html report shown in Figure 2 to ensure that you meet the Storage
Replica requirements.
This begins a process that automatically selects a Windows Server 2019 or Windows Server 2016 Azure
VM as a destination for the migration source. Storage Migration Service recommends VM sizes to
match your source, but you can override this by selecting See all sizes . Inventory data is used to
automatically configure your managed disks and their file systems, as well as join your new Azure VM
to your Active Directory domain.
c. After Windows Admin Center creates the Azure VM, provide a replication group name and then select
Create . Windows Admin Center then begins the normal Storage Replica initial synchronization process
to start protecting your data.
Here's a video showing how to use Storage Replica to migrate to Azure VMs.
5. Provide the details of the partnership, and then select Create (as shown in Figure 3).
NOTE
Removing the partnership from Storage Replica in Windows Admin Center doesn't remove the replication group name.
Output:
DestinationComputerName : SR-SRV06
DestinationRGName : rg02
SourceComputerName : SR-SRV05
PSComputerName :
IMPORTANT
The default log size is 8GB. Depending on the results of the Test-SRTopology cmdlet, you may decide to use -
LogSizeInBytes with a higher or lower value.
3. To get replication source and destination state, use Get-SRGroup and Get-SRPartnership as follows:
Get-SRGroup
Get-SRPartnership
(Get-SRGroup).replicas
Output:
CurrentLsn : 0
DataVolume : F:\
LastInSyncTime :
LastKnownPrimaryLsn : 1
LastOutOfSyncTime :
NumOfBytesRecovered : 37731958784
NumOfBytesRemaining : 30851203072
PartitionId : c3999f10-dbc9-4a8e-8f9c-dd2ee6ef3e9f
PartitionSize : 68583161856
ReplicationMode : synchronous
ReplicationStatus : InitialBlockCopy
PSComputerName :
b. On the destination server, run the following command to see the Storage Replica events that show
creation of the partnership. This event states the number of copied bytes and the time taken.
Example:
Get-WinEvent -ProviderName Microsoft-Windows-StorageReplica | Where-Object {$_.ID -eq "1215"} |
fl
ReplicationGroupName: rg02
ReplicationGroupId: {616F1E00-5A68-4447-830F-B0B0EFBD359C}
ReplicaName: f:\
ReplicaId: {00000000-0000-0000-0000-000000000000}
End LSN in bitmap:
LogGeneration: {00000000-0000-0000-0000-000000000000}
LogFileId: 0
CLSFLsn: 0xFFFFFFFF
Number of Bytes Recovered: 68583161856
Elapsed Time (ms): 117
NOTE
Storage Replica dismounts the destination volumes and their drive letters or mount points. This is by design.
c. Alternatively, the destination server group for the replica states the number of byte remaining to
copy at all times, and can be queried through PowerShell. For example:
while($true) {
d. On the destination server, run the following command and examine events 5009, 1237, 5001, 5015,
5005, and 2200 to understand the processing progress. There should be no warnings of errors in
this sequence. There will be many 1237 events; these indicate progress.
Check the event logs to see the direction of replication change and recovery mode occur, and then
reconcile. Write IOs can then write to the storage owned by the new source server. Changing the replication
direction will block write IOs on the previous source computer.
4. To remove replication, use Get-SRGroup , Get-SRPartnership , Remove-SRGroup , and Remove-SRPartnership on
each node. Ensure you run the Remove-SRPartnership cmdlet on the current source of replication only, not
on the destination server. Run Remove-Group on both servers. For example, to remove all replication from
two servers:
Get-SRPartnership
Get-SRPartnership | Remove-SRPartnership
Get-SRGroup | Remove-SRGroup
NOTE
Disaster Recovery planning is a complex subject and requires great attention to detail. Creation of runbooks and the
performance of annual live failover drills is highly recommended. When an actual disaster strikes, chaos will rule and
experienced personnel may be unavailable.
Figure 4: The resources associated with an ExpressRoute - take note of the vir tual network
name
2. Create a new resource group.
3. Add a network security group. When creating it, select the subscription ID associated with the ExpressRoute
you created, and select the resource group you just created as well.
Add any inbound and outbound security rules you need to the network security group. For example, you
might want to allow Remote Desktop access to the VM.
4. Create an Azure VM with the following settings (shown in Figure 5):
Public IP address : None
Vir tual network : Select the virtual network you took note of from the resource group added with the
ExpressRoute.
Network security group (firewall) : Select the network security group you created previously.
Related Topics
Storage Replica Overview
Stretch Cluster Replication Using Shared Storage
Cluster to Cluster Storage Replication
Storage Replica: Known Issues
Storage Replica: Frequently Asked Questions
Storage Spaces Direct in Windows Server 2016
Cluster to cluster Storage Replication
8/18/2020 • 14 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
Storage Replica can replicate volumes between clusters, including the replication of clusters using Storage Spaces
Direct. The management and configuration is similar to server-to-server replication.
You will configure these computers and storage in a cluster-to-cluster configuration, where one cluster replicates
its own set of storage with another cluster and its set of storage. These nodes and their storage should be located
in separate physical sites, although it is not required.
IMPORTANT
In this test, the four servers are an example. You can use any number of servers supported by Microsoft in each cluster,
which is currently 8 for a Storage Spaces Direct cluster and 64 for a shared storage cluster.
This guide does not cover configuring Storage Spaces Direct. For information about configuring Storage Spaces Direct, see
Storage Spaces Direct overview.
Prerequisites
Active Directory Domain Services forest (does not need to run Windows Server 2016).
4-128 servers (two clusters of 2-64 servers) running Windows Server 2019 or Windows Server 2016,
Datacenter Edition. If you're running Windows Server 2019, you can instead use Standard Edition if you're OK
replicating only a single volume up to 2 TB in size.
Two sets of storage, using SAS JBODs, fibre channel SAN, Shared VHDX, Storage Spaces Direct, or iSCSI target.
The storage should contain a mix of HDD and SSD media. You will make each storage set available only to each
of the clusters, with no shared access between clusters.
Each set of storage must allow creation of at least two virtual disks, one for replicated data and one for logs.
The physical storage must have the same sector sizes on all the data disks. The physical storage must have the
same sector sizes on all the log disks.
At least one ethernet/TCP connection on each server for synchronous replication, but preferably RDMA.
Appropriate firewall and router rules to allow ICMP, SMB (port 445, plus 5445 for SMB Direct) and WS-MAN
(port 5985) bi-directional traffic between all nodes.
A network between servers with enough bandwidth to contain your IO write workload and an average of
=5ms round trip latency, for synchronous replication. Asynchronous replication does not have a latency
recommendation.
The replicated storage cannot be located on the drive containing the Windows operating system folder.
There are important considerations & limitations for Storage Spaces Direct replication - please review the
detailed information below.
Many of these requirements can be determined by using the Test-SRTopology cmdlet. You get access to this tool if
you install Storage Replica or the Storage Replica Management Tools features on at least one server. There is no
need to configure Storage Replica to use this tool, only to install the cmdlet. More information is included in the
steps below.
IMPORTANT
From this point on, always logon as a domain user who is a member of the built-in administrator group on all
servers. Always remember to elevate your Windows PowerShell and CMD prompts going forward when running on
a graphical server installation or on a Windows 10 computer.
3. Connect first set of JBOD storage enclosure, iSCSI target, FC SAN, or local fixed disk (DAS) storage to the
server in site Redmond .
4. Connect second set of storage to the server in site Bellevue .
5. As appropriate, install latest vendor storage and enclosure firmware and drivers, latest vendor HBA drivers,
latest vendor BIOS/UEFI firmware, latest vendor network drivers, and latest motherboard chipset drivers on
all four nodes. Restart nodes as needed.
NOTE
Consult your hardware vendor documentation for configuring shared storage and networking hardware.
6. Ensure that BIOS/UEFI settings for servers enable high performance, such as disabling C-State, setting QPI
speed, enabling NUMA, and setting highest memory frequency. Ensure power management in Windows
Server is set to high performance. Restart as required.
7. Configure roles as follows:
Graphical method
a. Run Ser verManager.exe and create a server group, adding all server nodes.
b. Install the File Ser ver and Storage Replica roles and features on each of the nodes and
restart them.
Windows PowerShell method
On SR-SRV04 or a remote management computer, run the following command in a Windows
PowerShell console to install the required features and roles for a stretch cluster on the four nodes
and restart them:
$Servers = 'SR-SRV01','SR-SRV02','SR-SRV03','SR-SRV04'
For more information on these steps, see Install or Uninstall Roles, Role Services, or Features
8. Configure storage as follows:
IMPORTANT
You must create two volumes on each enclosure: one for data and one for logs.
Log and data disks must be initialized as GPT , not MBR.
The two data volumes must be of identical size.
The two log volumes should be of identical size.
All replicated data disks must have the same sector sizes.
All log disks must have the same sector sizes.
The log volumes should use flash-based storage, such as SSD. Microsoft recommends that the log storage be
faster than the data storage. Log volumes must never be used for other workloads.
The data disks can use HDD, SSD, or a tiered combination and can use either mirrored or parity spaces or RAID 1
or 10, or RAID 5 or RAID 50.
The log volume must be at least 8GB by default and may be larger or smaller based on log requirements.
When using Storage Spaces Direct (Storage Spaces Direct) with an NVME or SSD cache, you see a greater than
expected increase in latency when configuring Storage Replica replication between Storage Spaces Direct clusters.
The change in latency is proportionally much higher than you see when using NVME and SSD in a performance
+ capacity configuration and no HDD tier nor capacity tier.
This issue occurs due to architectural limitations within SR's log mechanism combined with the extremely
low latency of NVME when compared to slower media. When using Storage Spaces Direct Storage Spaces
Direct cache, all IO of SR logs, along with all recent read/write IO of applications, will occur in the cache and
never on the performance or capacity tiers. This means that all SR activity happens on the same speed
media - this configuration is not supported not recommended (see https://aka.ms/srfaq for log
recommendations).
When using Storage Spaces Direct with HDDs, you cannot disable or avoid the cache. As a workaround, if
using just SSD and NVME, you can configure just performance and capacity tiers. If using that
configuration, and by placing the SR logs on the performance tier only with the data volumes they service
being on the capacity tier only, you will avoid the high latency issue described above. The same could be
done with a mix of faster and slower SSDs and no NVME.
This workaround is of course not ideal and some customers may not be able to make use of it. The SR team
is working on optimizations and updated log mechanism for the future to reduce these artificial
bottlenecks that occur. There is no ETA for this, but when available to TAP customers for testing, this FAQ
will be updated.
For JBOD enclosures:
1. Ensure that each cluster can see that site's storage enclosures only and that the SAS connections are
correctly configured.
2. Provision the storage using Storage Spaces by following Steps 1-3 provided in the Deploy Storage Spaces
on a Stand-Alone Server using Windows PowerShell or Server Manager.
For iSCSI Target storage:
1. Ensure that each cluster can see that site's storage enclosures only. You should use more than one single
network adapter if using iSCSI.
2. Provision the storage using your vendor documentation. If using Windows-based iSCSI Targeting, consult
iSCSI Target Block Storage, How To.
For FC SAN storage:
1. Ensure that each cluster can see that site's storage enclosures only and that you have properly zoned the
hosts.
2. Provision the storage using your vendor documentation.
For Storage Spaces Direct:
1. Ensure that each cluster can see that site's storage enclosures only by deploying Storage Spaces Direct.
(https://docs.microsoft.com/windows-server/storage/storage-spaces/hyper-converged-solution-using-
storage-spaces-direct)
2. Ensure that the SR log volumes will always be on the fastest flash storage and the data volumes on slower
high capacity storage.
3. Start Windows PowerShell and use the Test-SRTopology cmdlet to determine if you meet all the Storage
Replica requirements. You can use the cmdlet in a requirements-only mode for a quick test as well as a long
running performance evaluation mode. For example,
MD c:\temp
IMPORTANT
When using a test server with no write IO load on the specified source volume during the evaluation period,
consider adding a workload or it will not generate a useful report. You should test with production-like workloads in
order to see real numbers and recommended log sizes. Alternatively, simply copy some files into the source volume
during the test or download and run DISKSPD to generate write IOs. For instance, a sample with a low write IO
workload for five minutes to the D: volume:
Diskspd.exe -c1g -d300 -W5 -C5 -b8k -t2 -o2 -r -w5 -h d:\test.dat
4. Examine the TestSrTopologyRepor t.html report to ensure that you meet the Storage Replica
requirements.
Step 2: Configure two Scale-Out File Server Failover Clusters
You will now create two normal failover clusters. After configuration, validation, and testing, you will replicate
them using Storage Replica. You can perform all of the steps below on the cluster nodes directly or from a remote
management computer that contains the Windows Server Remote Server Administration Tools.
Graphical method
1. Run cluadmin.msc against a node in each site.
2. Validate the proposed cluster and analyze the results to ensure you can continue. The example used below
are SR-SRVCLUSA and SR-SRVCLUSB .
3. Create the two clusters. Ensure that the cluster names are 15 characters or fewer.
4. Configure a File Share Witness or Cloud Witness.
NOTE
WIndows Server now includes an option for Cloud (Azure)-based Witness. You can choose this quorum option
instead of the file share witness.
WARNING
For more information about quorum configuration, see the Witness Configuration section in Configure and
Manage Quorum. For more information on the Set-ClusterQuorum cmdlet, see Set-ClusterQuorum.
5. Add one disk in the Redmond site to the cluster CSV. To do so, right click a source disk in the Disks node
of the Storage section, and then click Add to Cluster Shared Volumes .
6. Create the clustered Scale-Out File Servers on both clusters using the instructions in Configure Scale-Out
File Server
Windows PowerShell method
1. Test the proposed cluster and analyze the results to ensure you can continue:
Test-Cluster SR-SRV01,SR-SRV02
Test-Cluster SR-SRV03,SR-SRV04
2. Create the clusters (you must specify your own static IP addresses for the clusters). Ensure that each cluster
name is 15 characters or fewer:
3. Configure a File Share Witness or Cloud (Azure) witness in each cluster that points to a share hosted on the
domain controller or some other independent server. For example:
NOTE
WIndows Server now includes an option for Cloud (Azure)-based Witness. You can choose this quorum option
instead of the file share witness.
WARNING
For more information about quorum configuration, see the Witness Configuration section in Configure and
Manage Quorum. For more information on the Set-ClusterQuorum cmdlet, see Set-ClusterQuorum.
4. Create the clustered Scale-Out File Servers on both clusters using the instructions in Configure Scale-Out
File Server
2. Grant the second cluster full access to the other cluster by running the Grant-SRAccess cmdlet on any
node in the second cluster, or remotely.
3. Configure the cluster-to-cluster replication, specifying the source and destination disks, the source and
destination logs, the source and destination cluster names, and the log size. You can perform this command
locally on the server or using a remote management computer.
New-SRPartnership -SourceComputerName SR-SRVCLUSA -SourceRGName rg01 -SourceVolumeName
c:\ClusterStorage\Volume2 -SourceLogVolumeName f: -DestinationComputerName SR-SRVCLUSB -
DestinationRGName rg02 -DestinationVolumeName c:\ClusterStorage\Volume2 -DestinationLogVolumeName f:
WARNING
The default log size is 8GB. Depending on the results of the Test-SRTopology cmdlet, you may decide to use -
LogSizeInBytes with a higher or lower value.
4. To get replication source and destination state, use Get-SRGroup and Get-SRPar tnership as follows:
Get-SRGroup
Get-SRPartnership
(Get-SRGroup).replicas
b. On the destination server, run the following command to see the Storage Replica events that show
creation of the partnership. This event states the number of copied bytes and the time taken.
Example:
c. Alternately, the destination server group for the replica states the number of byte remaining to copy
at all times, and can be queried through PowerShell. For example:
6. On the destination server in the destination cluster, run the following command and examine events 5009,
1237, 5001, 5015, 5005, and 2200 to understand the processing progress. There should be no warnings of
errors in this sequence. There will be many 1237 events; these indicate progress.
NOTE
The destination cluster disk will always show as Online (No Access) when replicated.
NOTE
Windows Server prevents role switching when initial sync is ongoing, as it can lead to data loss if you attempt to
switch before allowing initial replication to complete. Do not force switch directions until initial sync is complete.
Check the event logs to see the direction of replication change and recovery mode occur, and then
reconcile. Write IOs can then write to the storage owned by the new source server. Changing the replication
direction will block write IOs on the previous source computer.
NOTE
The destination cluster disk will always show as Online (No Access) when replicated.
4. To change the log size from the default 8GB, use Set-SRGroup on both the source and destination Storage
Replica groups.
IMPORTANT
The default log size is 8GB. Depending on the results of the Test-SRTopology cmdlet, you may decide to use -
LogSizeInBytes with a higher or lower value.
Get-SRPartnership | Remove-SRPartnership
Get-SRGroup | Remove-SRGroup
NOTE
Storage Replica dismounts the destination volumes. This is by design.
Additional References
Storage Replica Overview
Stretch Cluster Replication Using Shared Storage
Server to Server Storage Replication
Storage Replica: Known Issues
Storage Replica: Frequently Asked Questions
Storage Spaces Direct in Windows Server 2016
Cluster to Cluster Storage Replica cross region in
Azure
8/18/2020 • 6 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
You can configure Cluster to Cluster Storage Replicas for cross-region applications in Azure. In the examples below,
we use a two-node cluster, but Cluster to Cluster storage replica isn't restricted to a two-node cluster. The
illustration below is a two-node Storage Space Direct cluster that can communicate with each other, are in the same
domain, and are cross-region.
Watch the video below for a complete walk-through of the process.
IMPORTANT
All referenced examples are specific to the illustration above.
Enable-clusterS2D
NOTE
For each cluster create virtual disk and volume. One for the data and another for the log.
8. Create an internal Standard SKU Load Balancer for each cluster (azlbr1 , azlbazcross ).
Provide the Cluster IP address as static private IP address for the load balancer.
azlbr1 => Frontend IP: 10.3.0.100 (Pick up an unused IP address from the Virtual network (az2az-Vnet )
subnet)
Create Backend Pool for each load balancer. Add the associated cluster nodes.
Create Health Probe: port 59999
Create Load Balance Rule: Allow HA ports, with enabled Floating IP.
Provide the Cluster IP address as static private IP address for the load balancer.
azlbazcross => Frontend IP: 10.0.0.10 (Pick up an unused IP address from the Virtual network (azcross-
VNET ) subnet)
Create Backend Pool for each load balancer. Add the associated cluster nodes.
Create Health Probe: port 59999
Create Load Balance Rule: Allow HA ports, with enabled Floating IP.
9. Create Virtual network gateway for Vnet-to-Vnet connectivity.
Create the first virtual network gateway (az2az-VNetGateway ) in the first resource group (SR-
AZ2AZ )
Gateway Type = VPN, and VPN type = Route-based
Create the second Virtual network gateway (azcross-VNetGateway ) in the second resource group
(SR-AZCROSS )
Gateway Type = VPN, and VPN type = Route-based
Create a Vnet-to-Vnet connection from first Virtual network gateway to second Virtual network
gateway. Provide a shared key
Create a Vnet-to-Vnet connection from second Virtual network gateway to first Virtual network
gateway. Provide the same shared key as provided in the step above.
10. On each cluster node, open port 59999 (Health Probe).
Run the following command on each node:
netsh advfirewall firewall add rule name=PROBEPORT dir=in protocol=tcp action=allow localport=59999
remoteip=any profile=any
11. Instruct the cluster to listen for Health Probe messages on Port 59999 and respond from the node that
currently owns this resource.
Run it once from any one node of the cluster, for each cluster.
In our example, make sure to change the "ILBIP" according to your configuration values. Run the following
command from any one node az2az1 /az2az2
$ClusterNetworkName = "Cluster Network 1" # Cluster network name (Use Get-ClusterNetwork on Windows
Server 2012 or higher to find the name. And use Get-ClusterResource to find the IPResourceName).
$IPResourceName = "Cluster IP Address" # IP Address cluster resource name.
$ILBIP = "10.3.0.100" # IP Address in Internal Load Balancer (ILB) - The static IP address for the load
balancer configured in the Azure portal.
[int]$ProbePort = 59999
Get-ClusterResource $IPResourceName | Set-ClusterParameter -Multiple
@{"Address"="$ILBIP";"ProbePort"=$ProbePort;"SubnetMask"="255.255.255.255";"Network"="$ClusterNetworkNam
e";"ProbeFailureThreshold"=5;"EnableDhcp"=0}
12. Run the following command from any one node azcross1 /azcross2
$ClusterNetworkName = "Cluster Network 1" # Cluster network name (Use Get-ClusterNetwork on Windows
Server 2012 or higher to find the name. And use Get-ClusterResource to find the IPResourceName).
$IPResourceName = "Cluster IP Address" # IP Address cluster resource name.
$ILBIP = "10.0.0.10" # IP Address in Internal Load Balancer (ILB) - The static IP address for the load
balancer configured in the Azure portal.
[int]$ProbePort = 59999
Get-ClusterResource $IPResourceName | Set-ClusterParameter -Multiple
@{"Address"="$ILBIP";"ProbePort"=$ProbePort;"SubnetMask"="255.255.255.255";"Network"="$ClusterNetworkNam
e";"ProbeFailureThreshold"=5;"EnableDhcp"=0}
Make sure both clusters can connect / communicate with each other.
Either use "Connect to Cluster" feature in Failover cluster manager to connect to the other cluster or check
other cluster responds from one of the nodes of the current cluster.
From the example we've been using:
13. Create cloud witness for both clusters. Create two storage accounts (az2azcw ,azcrosssa ) in Azure, one for
each cluster in each resource group (SR-AZ2AZ , SR-AZCROSS ).
Copy the storage account name and key from "access keys"
Create the cloud witness from "failover cluster manager" and use the above account name and key to
create it.
14. Run cluster validation tests before moving on to the next step
15. Start Windows PowerShell and use the Test-SRTopology cmdlet to determine if you meet all the Storage
Replica requirements. You can use the cmdlet in a requirements-only mode for a quick test as well as a long
running performance evaluation mode.
16. Configure cluster-to-cluster storage replica. Grant access from one cluster to another cluster in both
directions:
From our example:
If you're using Windows Server 2016, then also run this command:
Grant-SRAccess -ComputerName azcross1 -Cluster SRAZC1
PowerShell
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
You can configure cluster to cluster storage replication within the same region in Azure. In the examples below, we
use a two-node cluster, but cluster to cluster storage replica isn't restricted to a two-node cluster. The illustration
below is a two-node Storage Space Direct cluster that can communicate with each other, are in the same domain,
and within the same region.
Watch the videos below for a complete walk-through of the process.
Part one
Part two
IMPORTANT
All referenced examples are specific to the illustration above.
Enable-clusterS2D
For each cluster create virtual disk and volume. One for the data and another for the log.
11. Create an internal Standard SKU Load Balancer for each cluster (azlbr1 ,azlbr2 ).
Provide the Cluster IP address as static private IP address for the load balancer.
azlbr1 => Frontend IP: 10.3.0.100 (Pick up an unused IP address from the Virtual network (az2az-Vnet )
subnet)
Create Backend Pool for each load balancer. Add the associated cluster nodes.
Create Health Probe: port 59999
Create Load Balance Rule: Allow HA ports, with enabled Floating IP.
Provide the Cluster IP address as static private IP address for the load balancer.
azlbr2 => Frontend IP: 10.3.0.101 (Pick up an unused IP address from the Virtual network (az2az-Vnet )
subnet)
Create Backend Pool for each load balancer. Add the associated cluster nodes.
Create Health Probe: port 59999
Create Load Balance Rule: Allow HA ports, with enabled Floating IP.
12. On each cluster node, open port 59999 (Health Probe).
Run the following command on each node:
netsh advfirewall firewall add rule name=PROBEPORT dir=in protocol=tcp action=allow localport=59999
remoteip=any profile=any
13. Instruct the cluster to listen for Health Probe messages on Port 59999 and respond from the node that
currently owns this resource. Run it once from any one node of the cluster, for each cluster.
In our example, make sure to change the "ILBIP" according to your configuration values. Run the following
command from any one node az2az1 /az2az2 :
$ClusterNetworkName = "Cluster Network 1" # Cluster network name (Use Get-ClusterNetwork on Windows
Server 2012 or higher to find the name. And use Get-ClusterResource to find the IPResourceName).
$IPResourceName = "Cluster IP Address" # IP Address cluster resource name.
$ILBIP = "10.3.0.100" # IP Address in Internal Load Balancer (ILB) - The static IP address for the load
balancer configured in the Azure portal.
[int]$ProbePort = 59999
Get-ClusterResource $IPResourceName | Set-ClusterParameter -Multiple
@{"Address"="$ILBIP";"ProbePort"=$ProbePort;"SubnetMask"="255.255.255.255";"Network"="$ClusterNetworkNam
e";"ProbeFailureThreshold"=5;"EnableDhcp"=0}
14. Run the following command from any one node az2az3 /az2az4 .
$ClusterNetworkName = "Cluster Network 1" # Cluster network name (Use Get-ClusterNetwork on Windows
Server 2012 or higher to find the name. And use Get-ClusterResource to find the IPResourceName).
$IPResourceName = "Cluster IP Address" # IP Address cluster resource name.
$ILBIP = "10.3.0.101" # IP Address in Internal Load Balancer (ILB) - The static IP address for the load
balancer configured in the Azure portal.
[int]$ProbePort = 59999
Get-ClusterResource $IPResourceName | Set-ClusterParameter -Multiple
@{"Address"="$ILBIP";"ProbePort"=$ProbePort;"SubnetMask"="255.255.255.255";"Network"="$ClusterNetworkNam
e";"ProbeFailureThreshold"=5;"EnableDhcp"=0}
Make sure both clusters can connect / communicate with each other.
Either use "Connect to Cluster" feature in Failover cluster manager to connect to the other cluster or check
other cluster responds from one of the nodes of the current cluster.
15. Create cloud witnesses for both clusters. Create two storage accounts (az2azcw , az2azcw2 ) in azure one
for each cluster in the same resource group (SR-AZ2AZ ).
Copy the storage account name and key from "access keys"
Create the cloud witness from "failover cluster manager" and use the above account name and key to
create it.
16. Run cluster validation tests before moving on to the next step.
17. Start Windows PowerShell and use the Test-SRTopology cmdlet to determine if you meet all the Storage
Replica requirements. You can use the cmdlet in a requirements-only mode for a quick test as well as a long-
running performance evaluation mode.
18. Configure cluster-to-cluster Storage Replica.
Grant access from one cluster to another cluster in both directions:
In our example:
If you're using Windows Server 2016 then also run this command:
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
This topic discusses known issues with Storage Replica in Windows Server.
After removing replication, disks are offline and you cannot configure
replication again
In Windows Server 2016, you may be unable to provision replication on a volume that was previously replicated
or may find un-mountable volumes. This may occur when some error condition prevents removal of replication
or when you reinstall the operating system on a computer that was previously replicating data.
To fix, you must clear the hidden Storage Replica partition off the disks and return them to a writeable state using
the Clear-SRMetadata cmdlet.
To remove all orphaned Storage Replica partition databases slots and remount all partitions, use the
-AllPartitions parameter as follows:
Clear-SRMetadata -AllPartitions
To remove all orphaned Storage Replica log data, use the -AllLogs parameter as follows:
Clear-SRMetadata -AllLogs
To remove all orphaned failover cluster configuration data, use the -AllConfiguration parameter as
follows:
Clear-SRMetadata -AllConfiguration
To remove individual replication group metadata, use the -Name parameter and specify a replication
group as follows:
The server may need to restart after cleaning the partition database; you can suppress this temporarily with
-NoRestart but you should not skip restarting the server if requested by the cmdlet. This cmdlet does not
remove data volumes nor data contained within those volumes.
Use the New-Partition** cmdlet to create volumes and format them instead of New-Volume , as the latter cmdlet
may round the volume size on differing storage arrays. If you have already created an NTFS volume, you can use
Resize-Partition to grow or shrink one of the volumes to match the other (this cannot be done with ReFS
volumes). If using **Diskmgmt*- or Ser ver Manager , no rounding will occur.
WARNING: Invalid value entered for target computer name: sr-srv03. Test-SrTopology cmdlet does not accept IP
address as input for target computer name parameter. NetBIOS names and fully qualified domain names are
acceptable inputs
WARNING: System.Exception
WARNING: at Microsoft.FileServices.SR.Powershell.TestSRTopologyCommand.BeginProcessing()
Test-SRTopology : Invalid value entered for target computer name: sr-srv03. Test-SrTopology cmdlet does not
accept IP address as input for target computer name parameter. NetBIOS names and fully qualified domain
names are acceptable inputs
At line:1 char:1
+ Test-SRTopology -SourceComputerName sr-srv01 -SourceVolumeName d: -So ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Test-SRTopology], Exception
+ FullyQualifiedErrorId : TestSRTopologyFailure,Microsoft.FileServices.SR.Powershell.TestSRTopologyCommand
ERROR EXAMPLE 2:
WARNING: Invalid value entered for source computer name
ERROR EXAMPLE 3:
This cmdlet has limited error reporting in Windows Server 2016 and will return the same output for many
common issues. The error can appear for the following reasons:
You are logged on to the source computer as a local user, not a domain user.
The destination computer is not running or is not accessible over the network.
You specified an incorrect name for the destination computer.
You specified an IP address for the destination server.
The destination computer firewall is blocking access to PowerShell and/or CIM calls.
The destination computer is not running the WMI service.
You did not use CREDSSP when running the Test-SRTopology cmdlet remotely from a management
computer.
The source or destination volume specified are local disks on a cluster node, not clustered disks.
New-SRPartnership : Unable to create replication group test01, detailed reason: Failed to provision
partition ed0dc93f-107c-4ab4-a785-afd687d3e734.
At line: 1 char: 1
+ New-SRPartnership -SourceComputerName srv1 -SourceRGName test01
+ Categorylnfo : ObjectNotFound: (MSFT_WvrAdminTasks : root/ Microsoft/. . s) CNew-SRPartnership],
CimException
+ FullyQua1ifiedErrorId : Windows System Error 1168 ,New-SRPartnership
This is caused by selecting a data volume that is on the same partition as the System Drive (i.e. the **C:- drive
with its Windows folder). For instance, on a drive that contains both the **C:- and **D:*- volumes created from
the same partition. This is not supported in Storage Replica; you must pick a different volume to replicate.
This occurs even if you correctly enable volume resizing on the source server using
Set-SRGroup -Name rg01 -AllowVolumeResize $TRUE .
This issue was fixed in Cumulative Update for Windows 10, version 1607 (Anniversary Update) and Windows
Server 2016: December 9, 2016 (KB3201845).
DeviceName: \Device\Harddisk1\DR1
PartitionNumber: 7
PartitionId: {b71a79ca-0efe-4f9a-a2b9-3ed4084a1822}
Guidance: To grow a source data partition, set the policy on the replication group containing the data
partition.
Before you grow the source data partition, ensure that the destination data partition has enough space to grow
to an equal size. Shrinking of data partition protected by Storage Replica is blocked.
Disk Management Snap-in Error:
After resizing the volume, remember to disable resizing with Set-SRGroup -Name rg01 -AllowVolumeResize $FALSE .
This parameter prevents admins from attempting to resize volumes prior to ensuring that there is sufficient
space on the destination volume, typically because they were unaware of Storage Replica's presence.
Error
The operation has failed.
The action 'Move' did not complete.
Error Code: 0x80071398
The operation failed because either the specified cluster node is not the owner of the group, or the node is
not a possible owner of the group
This occurs due to a by-design behavior in Windows Server 2016. Use Set-SRPartnership to move these PDR
disks in an asynchronous stretched cluster.
This behavior has been changed in Windows Server, version 1709 to allow manual and automated failovers with
asynchronous replication, based on customer feedback.
No disks suitable for cluster disks found. For diagnostic information about disks available to the cluster,
use the Validate a Configuration Wizard to run Storage tests.
This does not occur if you have at least three nodes in the cluster. This issue occurs because of a by-design code
change in Windows Server 2016 for asymmetric storage clustering behaviors.
To add the storage, you can run the following command on the node in the second site:
This will not work with node local storage. You can use Storage Replica to replicate a stretch cluster between two
total nodes, each one using its own set of shared storage.
This issue occurs because of an interoperability issue between Storage Replica and SMB. This issue was first fixed
in the July 2017 Cumulative Update of Windows Server 2016 and in Windows Server, version 1709.
Event 1241 warning repeated during initial sync
When specifying a replication partnership is asynchronous, the source computer repeatedly logs warning event
1241 in the Storage Replica Admin channel. For example:
LocalReplicationGroupName: rg01
LocalReplicationGroupId: {e20b6c68-1758-4ce4-bd3b-84a5b5ef2a87}
LocalReplicaName: f:\
LocalPartitionId: {27484a49-0f62-4515-8588-3755a292657f}
ReplicaSetId: {1f6446b5-d5fd-4776-b29b-f235d97d8c63}
RemoteReplicationGroupName: rg02
RemoteReplicationGroupId: {7f18e5ea-53ca-4b50-989c-9ac6afb3cc81}
TargetRPO: 30
RemoteComputerName: server
LocalReplicationGroupName: rg01
LocalReplicationGroupId: {a386f747-bcae-40ac-9f4b-1942eb4498a0}
RemoteReplicationGroupName: rg02
RemoteReplicationGroupId: {a386f747-bcae-40ac-9f4b-1942eb4498a0}
ReplicaSetId: {00000000-0000-0000-0000-000000000000}
RemoteShareName:{a386f747-bcae-40ac-9f4b-1942eb4498a0}.{00000000-0000-0000-0000-000000000000}
Status: {Access Denied}
A process has requested access to an object, but has not been granted those access rights.
Guidance: Possible causes include network failures, share creation failures for the remote replication
group, or firewall settings. Make sure SMB traffic is allowed and there are no connectivity issues between
the local computer and the remote computer. You should expect this event when suspending replication or
removing a replication partnership.
Error "Failed to bring the resource 'Cluster Disk x' online." with a
stretch cluster
When attempting to bring a cluster disk online after a successful failover, where you are attempting to make the
original source site primary again, you receive an error in Failover Cluster Manager. For example:
Error
The operation has failed.
Failed to bring the resource 'Cluster Disk 2' online.
If you attempt to move the disk or CSV manually, you receive an additional error. For example:
Error
The operation has failed.
The action 'Move' did not complete.
This issue is caused by one or more uninitialized disks being attached to one or more cluster nodes. To resolve
the issue, initialize all attached storage using DiskMgmt.msc, DISKPART.EXE, or the Initialize-Disk PowerShell
cmdlet.
We are working on providing an update that permanently resolves this issue. If you are interested in assisting us
and you have a Microsoft Premier Support agreement, please email SRFEED@microsoft.com so that we can work
with you on filing a backport request.
Disk layout type for volume \\?\Volume{GUID}\ is not a valid GPT style layout.
New-SRPartnership : Unable to create replication group SRG01, detailed reason: Disk layout type for volume
\\?\Volume{GUID}\ is not a valid GPT style layout.
At line:1 char:1
+ New-SRPartnership -SourceComputerName nodesrc01 -SourceRGName SRG01 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_WvrAdminTasks:root/Microsoft/...T_WvrAdminTasks) [New-SRPartnership],
CimException
+ FullyQualifiedErrorId : Windows System Error 5078,New-SRPartnership
In the Failover Cluster Manager GUI, there is no option to setup Replication for the disk.
When running Test-SRTopology, it fails with:
This is caused by the cluster functional level still being set to Windows Server 2012 R2 (i.e. FL 8). Storage Replica
is supposed to return a specific error here but instead returns an incorrect error mapping.
Error "Could not find file" when running Test-SRTopology between two
clusters
When running Test-SRTopology between two clusters and their CSV paths, it fails with error:
PS C:\Windows\system32> Test-SRTopology -SourceComputerName NedClusterA -SourceVolumeName
C:\ClusterStorage\Volume1 -SourceLogVolumeName L: -DestinationComputerName NedClusterB -
DestinationVolumeName C:\ClusterStorage\Volume1 -DestinationLogVolumeName L: -DurationInMinutes 1 -
ResultPath C:\Temp
This is caused by a known code defect in Windows Server 2016. This issue was first fixed in Windows Server,
version 1709 and the associated RSAT tools. For a downlevel resolution, please contact Microsoft Support and
request a backport update. There is no workaround.
When specifying the source node CSV as the source volume, you must select the node that owns the CSV. You
can either move the CSV to the specified node or change the node name you specified in -SourceComputerName .
This error received an improved message in Windows Server 2019.
Issue unlocking the Data drive on secondary server after breaking the
Storage Replica partnership
After Disabling the SR Partnership and removing the Storage Replica, it is expected if you are unable to unlock
the Secondary Server's Data drive with its respective password or key.
You need to use Key or Password of Primary Server's Data drive to unlock the Secondary Server's data drive.
Mount-SRDestination: Unable to mount SR group <TEST>, detailed reason: The group or resource is not in the
correct state to perform the supported operation.
At line:1 char:1
+ Mount-SRDestination -ComputerName SRV1 -Name TEST -TemporaryP . . .
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT WvrAdminTasks : root/Microsoft/...(MSFT WvrAdminTasks
: root/Microsoft/. T_WvrAdminTasks) (Mount-SRDestination], CimException
+ FullyQua1ifiedErrorId : Windows System Error 5823, Mount-SRDestination.
Additional References
Storage Replica
Stretch Cluster Replication Using Shared Storage
Server to Server Storage Replication
Cluster to Cluster Storage Replication
Storage Replica: Frequently Asked Questions
Storage Spaces Direct
Frequently Asked Questions about Storage Replica
8/18/2020 • 16 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
This topic contains answers to frequently asked questions (FAQs) about Storage Replica.
do{
$r=(Get-SRGroup -Name "Replication 2").replicas
[System.Console]::Write("Number of remaining bytes {0}`n", $r.NumOfBytesRemaining)
Start-Sleep 10
}until($r.ReplicationStatus -eq 'ContinuouslyReplicating')
Write-Output "Replica Status: "$r.replicationstatus
Get-SRPartnership
Get-NetIPConfiguration
Note the gateway and interface information (on both servers) and the partnership directions. Then run:
Get-SRNetworkConstraint
Update-SmbMultichannelConnection
The replicated volume D: is now accessible on SRV2. You can read and write to it normally, copy files off it, or run
an online backup that you save elsewhere for safekeeping, under the D: path. The T: volume will only contain log
data.
To remove the test failover snapshot and discard its changes:
Dismount-SRDestination -Name RG2 -Computername SRV2
You should only use the test failover feature for short-term temporary operations. It is not intended for long term
usage. When in use, replication continues to the real destination volume.
The cmdlet will remind you that the user needs to log off and on of the server they are planning to administer in
order for the change to take effect. You can use Get-SRDelegation and Revoke-SRDelegation to further control
this.
Then, after you switch replication direction, remove replication, or are simply still on the same source volume,
you can restore any snapshot to its point in time. For example, still using F:
You can also schedule this tool to run periodically using a scheduled task. For more information on using VSS,
review Vssadmin. There is no need or value in backing up the log volumes. Attempting to do so will be ignored
by VSS.
Use of Windows Server Backup, Microsoft Azure Backup, Microsoft DPM, or other snapshot, VSS, virtual
machine, or file-based technologies are supported by Storage Replica as long as they operate within the volume
layer. Storage Replica does not support block-based backup and restore.
![NOTE] The Test-SRTopology cmdlet requires ICMPv4/ICMPv6, but not for replication or management.
Related Topics
Storage Replica Overview
Stretch Cluster Replication Using Shared Storage
Server to Server Storage Replication
Cluster to Cluster Storage Replication
Storage Replica: Known Issues
See Also
Storage Overview
Storage Spaces Direct
Storage Spaces overview
8/18/2020 • 2 minutes to read • Edit Online
Storage Spaces is a technology in Windows and Windows Server that can help protect your data from drive
failures. It is conceptually similar to RAID, implemented in software. You can use Storage Spaces to group three or
more drives together into a storage pool and then use capacity from that pool to create Storage Spaces. These
typically store extra copies of your data so if one of your drives fails, you still have an intact copy of your data. If
you run low on capacity, just add more drives to the storage pool.
There are four major ways to use Storage Spaces:
On a Windows PC - for more info, see Storage Spaces in Windows 10.
On a stand-alone ser ver with all storage in a single ser ver - for more info, see Deploy Storage Spaces
on a stand-alone server.
On a clustered ser ver using Storage Spaces Direct with local, direct-attached storage in each
cluster node - for more info, see Storage Spaces Direct overview.
On a clustered ser ver with one or more shared SAS storage enclosures holding all drives - for
more info, see Storage Spaces on a cluster with shared SAS overview.
Deploy Storage Spaces on a stand-alone server
8/18/2020 • 12 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
This topic describes how to deploy Storage Spaces on a stand-alone server. For information about how to create a
clustered storage space, see Deploy a Storage Spaces cluster on Windows Server 2012 R2.
To create a storage space, you must first create one or more storage pools. A storage pool is a collection of
physical disks. A storage pool enables storage aggregation, elastic capacity expansion, and delegated
administration.
From a storage pool, you can create one or more virtual disks. These virtual disks are also referred to as storage
spaces. A storage space appears to the Windows operating system as a regular disk from which you can create
formatted volumes. When you create a virtual disk through the File and Storage Services user interface, you can
configure the resiliency type (simple, mirror, or parity), the provisioning type (thin or fixed), and the size. Through
Windows PowerShell, you can set additional parameters such as the number of columns, the interleave value, and
which physical disks in the pool to use. For information about these additional parameters, see New-VirtualDisk
and the Windows Server storage forum.
NOTE
You can't use a storage space to host the Windows operating system.
From a virtual disk, you can create one or more volumes. When you create a volume, you can configure the size,
drive letter or folder, file system (NTFS file system or Resilient File System (ReFS)), allocation unit size, and an
optional volume label.
The following figure illustrates the Storage Spaces workflow.
Prerequisites
To use Storage Spaces on a stand-alone Windows Server 2012−based server, make sure that the physical disks
that you want to use meet the following prerequisites.
IMPORTANT
If you want to learn how to deploy Storage Spaces on a failover cluster, see Deploy a Storage Spaces cluster on Windows
Server 2012 R2. A failover cluster deployment has different prerequisites, such as supported disk bus types, supported
resiliency types, and the required minimum number of disks.
Disk bus types - Serial Attached SCSI (SAS) You can also use USB drives. However,
- Serial Advanced Technology it's not optimal to use USB drives in a
Attachment (SATA) server environment.
- iSCSI and Fibre Channel Controllers. Storage Spaces is supported on iSCSI
and Fibre Channel (FC) controllers as
long as the virtual disks created on top
of them are non-resilient (Simple with
any number of columns).
HBA considerations - Simple host bus adapters (HBAs) that Storage Spaces is compatible only with
do not support RAID functionality are HBAs where you can completely disable
recommended all RAID functionality.
- If RAID-capable, HBAs must be in
non-RAID mode with all RAID
functionality disabled
- Adapters must not abstract the
physical disks, cache data, or obscure
any attached devices. This includes
enclosure services that are provided by
attached just-a-bunch-of-disks (JBOD)
devices.
A REA REQ UIREM EN T N OT ES
Get-PhysicalDisk \| ? {$_.BusType
–eq "SAS"} \| fc
To plan for the number of physical disks and the desired resiliency type for a stand-alone server deployment, use
the following guidelines.
Simple Requires at least one physical disk. Do not use to host irreplaceable data.
Simple spaces do not protect against
- Stripes data across physical disks disk failure.
- Maximizes disk capacity and increases
throughput Use to host temporary or easily
- No resiliency (does not protect from recreated data at a reduced cost.
disk failure)
Suited for high-performance workloads
where resiliency is not required or is
already provided by the application.
Mirror Requires at least two physical disks to Use for most deployments. For
protect from single disk failure. example, mirror spaces are suited for a
- Stores two or three copies of the data general-purpose file share or a virtual
across the set of physical disks Requires at least five physical disks to hard disk (VHD) library.
- Increases reliability, but reduces protect from two simultaneous disk
capacity. Duplication occurs with every failures.
write. A mirror space also stripes the
data across multiple physical drives.
- Greater data throughput and lower
access latency than parity
- Uses dirty region tracking (DRT) to
track modifications to the disks in the
pool. When the system resumes from
an unplanned shutdown and the
spaces are brought back online, DRT
makes disks in the pool consistent with
each other.
RESIL IEN C Y T Y P E DISK REQ UIREM EN T S W H EN TO USE
Parity Requires at least three physical disks to Use for workloads that are highly
protect from single disk failure. sequential, such as archive or backup.
- Stripes data and parity information
across physical disks
- Increases reliability when it is
compared to a simple space, but
somewhat reduces capacity
- Increases resiliency through
journaling. This helps prevent data
corruption if an unplanned shutdown
occurs.
TIP
If you select the Primordial storage pool, the available physical disks are listed under PHYSICAL DISKS.
3. Under STORAGE POOLS , select the TASKS list, and then select New Storage Pool . The New Storage Pool
Wizard will open.
4. On the Before you begin page, select Next .
5. On the Specify a storage pool name and subsystem page, enter a name and optional description for
the storage pool, select the group of available physical disks that you want to use, and then select Next .
6. On the Select physical disks for the storage pool page, do the following, and then select Next :
a. Select the check box next to each physical disk that you want to include in the storage pool.
b. If you want to designate one or more disks as hot spares, under Allocation , select the drop-down
arrow, then select Hot Spare .
7. On the Confirm selections page, verify that the settings are correct, and then select Create .
8. On the View results page, verify that all tasks completed, and then select Close .
NOTE
Optionally, to continue directly to the next step, you can select the Create a vir tual disk when this wizard
closes check box.
9. Under STORAGE POOLS , verify that the new storage pool is listed.
Windows PowerShell equivalent commands for creating storage pools
The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure.
Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because
of formatting constraints.
The following example shows which physical disks are available in the primordial pool.
The following example creates a new storage pool named StoragePool1 that uses all available disks.
The following example creates a new storage pool, StoragePool1, that uses four of the available disks.
The following example sequence of cmdlets shows how to add an available physical disk PhysicalDisk5 as a hot
spare to the storage pool StoragePool1.
NOTE
If you select a layout where you do not have enough physical disks, you will receive an error message when you
select Next . For information about which layout to use and the disk requirements, see Prerequisites).
7. If you selected Mirror as the storage layout, and you have five or more disks in the pool, the Configure
the resiliency settings page will appear. Select one of the following options:
Two-way mirror
Three-way mirror
8. On the Specify the provisioning type page, select one of the following options, then select Next .
Thin
With thin provisioning, space is allocated on an as-needed basis. This optimizes the usage of
available storage. However, because this enables you to over-allocate storage, you must carefully
monitor how much disk space is available.
Fixed
With fixed provisioning, the storage capacity is allocated immediately, at the time a virtual disk is
created. Therefore, fixed provisioning uses space from the storage pool that is equal to the virtual
disk size.
TIP
With Storage Spaces, you can create both thin- and fixed-provisioned virtual disks in the same storage pool.
For example, you could use a thin-provisioned virtual disk to host a database and a fixed-provisioned virtual
disk to host the associated log files.
9. On the Specify the size of the vir tual disk page, do the following:
If you selected thin provisioning in the previous step, in the Vir tual disk size box, enter a virtual disk size,
select the units (MB , GB , or TB ), then select Next .
If you selected fixed provisioning in the previous step, select one of the following:
Specify size
To specify a size, enter a value in the Vir tual disk size box, then select the units (MB , GB , or TB ).
If you use a storage layout other than simple, the virtual disk uses more free space than the size that
you specify. To avoid a potential error where the size of the volume exceeds the storage pool free
space, you can select the Create the largest vir tual disk possible, up to the specified size
check box.
Maximum size
Select this option to create a virtual disk that uses the maximum capacity of the storage pool.
10. On the Confirm selections page, verify that the settings are correct, and then select Create .
11. On the View results page, verify that all tasks completed, and then select Close .
TIP
By default, the Create a volume when this wizard closes check box is selected. This takes you directly to the
next step.
The following example creates a mirrored virtual disk named VirtualDisk1 on a storage pool named StoragePool1.
The disk uses the storage pool's maximum storage capacity.
The following example creates a 50 GB virtual disk named VirtualDisk1 on a storage pool that is named
StoragePool1. The disk uses the thin provisioning type.
The following example creates a virtual disk named VirtualDisk1 on a storage pool named StoragePool1. The
virtual disk uses three-way mirroring and is a fixed size of 20 GB.
NOTE
You must have at least five physical disks in the storage pool for this cmdlet to work. (This does not include any disks that
are allocated as hot spares.)
NOTE
For more information about allocation unit size, see Default cluster size for NTFS, FAT, and exFAT.
c. Optionally, in the Volume label box, enter a volume label name, for example HR Data .
7. On the Confirm selections page, verify that the settings are correct, and then select Create .
8. On the View results page, verify that all tasks completed, and then select Close .
9. To verify that the volume was created, in Server Manager, select the Volumes page. The volume is listed
under the server where it was created. You can also verify that the volume is in Windows Explorer.
Windows PowerShell equivalent commands for creating volumes
The following Windows PowerShell cmdlet performs the same function as the previous procedure. Enter the
command on a single line.
The following example initializes the disks for virtual disk VirtualDisk1, creates a partition with an assigned drive
letter, and then formats the volume with the default NTFS file system.
Additional information
Storage Spaces
Storage Cmdlets in Windows PowerShell
Deploy Clustered Storage Spaces
Windows Server storage forum
Troubleshoot Storage Spaces and Storage Spaces
Direct health and operational states
8/18/2020 • 14 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server (Semi-Annual Channel), Windows 10, Windows 8.1
This topic describes the health and operational states of storage pools, virtual disks (which sit underneath volumes
in Storage Spaces), and drives in Storage Spaces Direct and Storage Spaces. These states can be invaluable when
trying to troubleshoot various issues such as why you can't delete a virtual disk because of a read-only
configuration. It also discusses why a drive can't be added to a pool (the CannotPoolReason).
Storage Spaces has three primary objects - physical disks (hard drives, SSDs, etc.) that are added to a storage pool,
virtualizing the storage so that you can create virtual disks from free space in the pool, as shown here. Pool
metadata is written to each drive in the pool. Volumes are created on top of the virtual disks and store your files,
but we're not going to talk about volumes here.
You can view health and operational states in Server Manager, or with PowerShell. Here's an example of a variety of
(mostly bad) health and operational states on a Storage Spaces Direct cluster that's missing most of its cluster
nodes (right-click the column headers to add Operational Status ). This isn't a happy cluster.
Storage pool states
Every storage pool has a health status - Healthy , Warning , or Unknown /Unhealthy , as well as one or more
operational states.
To find out what state a pool is in, use the following PowerShell commands:
Here's an example output showing a storage pool in the Unknown health state with the Read-only operational
status:
Degraded There are failed or missing drives in the storage pool. This
condition occurs only with drives hosting pool metadata.
Action : Check the state of your drives and replace any failed
drives before there are additional failures.
Action:
1. Reconnect any missing drives, and if
you're using Storage Spaces Direct,
bring all servers online.
2. Set the pool back to read-write by
opening a PowerShell session with
administrative permissions and then
typing:
Get-StoragePool -IsPrimordial
$False | Set-StoragePool -
IsReadOnly $false
Get-StoragePool | Set-StoragePool
-IsReadOnly $false
O P ERAT IO N A L STAT E REA D- O N LY REA SO N DESC RIP T IO N
Here's an example of output showing a detached virtual disk and a degraded/incomplete virtual disk:
Action :
1. Reconnect any missing drives, replace any failed drives, and
if you're using Storage Spaces Direct, bring online any servers
that are offline.
2. If you're not using Storage Spaces Direct, next repair the
virtual disk using the Repair-VirtualDisk cmdlet.
Storage Spaces Direct automatically starts a repair if needed
after reconnecting or replacing a drive.
Action :
1. Reconnect any missing drives, replace any failed drives, and
if you're using Storage Spaces Direct, bring online any servers
that are offline.
2. If you're not using Storage Spaces Direct, next repair the
virtual disk using the Repair-VirtualDisk cmdlet.
Storage Spaces Direct automatically starts a repair if needed
after reconnecting or replacing a drive.
No redundancy The virtual disk has lost data because too many drives failed.
Action : Replace failed drives and then restore your data from
backup.
Get-VirtualDisk | Where-Object -
Filter { $_.OperationalStatus -eq
"Detached" } | Connect-
VirtualDisk
Get-VirtualDisk | Set-VirtualDisk
-ismanualattach $false
Action :
1. Reconnect any missing drives, and if
you're using Storage Spaces Direct,
bring online any servers that are offline.
2. After all drives and servers are online,
replace any failed drives. See Health
Service for details.
Storage Spaces Direct automatically
starts a repair if needed after
reconnecting or replacing a drive.
3. If you're not using Storage Spaces
Direct, next repair the virtual disk using
the Repair-VirtualDisk cmdlet.
Action :
1. Reconnect any missing drives, and if
you're using Storage Spaces Direct,
bring online any servers that are offline.
2. After all drives and servers are online,
replace any failed drives. See Health
Service for details.
Storage Spaces Direct automatically
starts a repair if needed after
reconnecting or replacing a drive.
3. If you're not using Storage Spaces
Direct, next repair the virtual disk using
the Repair-VirtualDisk cmdlet.
Lost communication The drive is missing. If you're using Storage Spaces Direct, this
could be because a server is down.
Removing from pool Storage Spaces is in the process of removing the drive from its
storage pool.
Starting maintenance mode Storage Spaces is in the process of putting the drive in
maintenance mode after an administrator put the drive in
maintenance mode. This is a temporary state - the drive
should soon be in the In maintenance mode state.
Stopping maintenance mode An administrator took the drive out of maintenance mode,
and Storage Spaces is in the process of bringing the drive back
online. This is a temporary state - the drive should soon be in
another state - ideally Healthy.
Action :
1. If the drive doesn't transition back to the OK state, you can
try using the Reset-PhysicalDisk cmdlet to wipe the drive.
2. Use Repair-VirtualDisk to restore the resiliency of affected
virtual disks.
3. If this keeps happening, replace the drive.
O P ERAT IO N A L STAT E DESC RIP T IO N
Transient error There was a temporary error with the drive. This usually means
the drive was unresponsive, but it could also mean that the
Storage Spaces protective partition was inappropriately
removed from the drive.
Action :
1. If the drive doesn't transition back to the OK state, you can
try using the Reset-PhysicalDisk cmdlet to wipe the drive.
2. Use Repair-VirtualDisk to restore the resiliency of affected
virtual disks.
3. If this keeps happening, replace the drive, or try getting
detailed diagnostic info about this drive by following the steps
in Troubleshooting using Windows Error Reporting > Physical
disk failed to come online.
Not usable This drive can't be used by Storage Spaces. For more info see
Storage Spaces Direct hardware requirements; if you're not
using Storage Spaces Direct, see Storage Spaces overview.
Action : Reset the drive, erasing all data from the drive and
adding it back to the pool as an empty drive. To do so, open a
PowerShell session as an administrator, run the Reset-
PhysicalDisk cmdlet, and then run Repair-VirtualDisk.
Action : To wipe the drive and add it to the current pool, reset
the drive. To reset the drive, open a PowerShell session as an
administrator, run the Reset-PhysicalDisk cmdlet, and then run
Repair-VirtualDisk.
O P ERAT IO N A L STAT E DESC RIP T IO N
Failed media The drive failed and won't be used by Storage Spaces anymore.
The following table gives a little more detail on each of the reasons.
Not healthy The drive isn't in a healthy state and might need to be
replaced.
Insufficient capacity This typically occurs when there are partitions taking up the
free space on the drive.
Verification in progress The Health Service is checking to see if the drive or firmware
on the drive is approved for use by the server administrator.
Verification failed The Health Service couldn't check to see if the drive or
firmware on the drive is approved for use by the server
administrator.
Firmware not compliant The firmware on the physical drive isn't in the list of approved
firmware revisions specified by the server administrator by
using the Health Service.
REA SO N DESC RIP T IO N
Hardware not compliant The drive isn't in the list of approved storage models specified
by the server administrator by using the Health Service.
Additional References
Storage Spaces Direct
Storage Spaces Direct hardware requirements
Understanding cluster and pool quorum
Storage Spaces Direct overview
8/18/2020 • 7 minutes to read • Edit Online
Applies to: Azure Stack HCI, Windows Server 2019, Windows Server 2016
Storage Spaces Direct uses industry-standard servers with local-attached drives to create highly
available, highly scalable software-defined storage at a fraction of the cost of traditional SAN or NAS
arrays. Its converged or hyper-converged architecture radically simplifies procurement and deployment,
while features such as caching, storage tiers, and erasure coding, together with the latest hardware
innovations such as RDMA networking and NVMe drives, deliver unrivaled efficiency and performance.
Storage Spaces Direct is included in Azure Stack HCI, Windows Server 2019 Datacenter, Windows Server
2016 Datacenter, and Windows Server Insider Preview Builds.
For other applications of Storage Spaces, such as shared SAS clusters and stand-alone servers, see
Storage Spaces overview. If you're looking for info about using Storage Spaces on a Windows 10 PC, see
Storage Spaces in Windows 10.
Understand Plan
Overview (you are here) Hardware requirements
Understand the cache Using the CSV in-memory read cache
Fault tolerance and storage efficiency Choose drives
Drive symmetry considerations Plan volumes
Understand and monitor storage resync Using guest VM clusters
Understanding cluster and pool quorum Disaster recovery
Cluster sets
Deploy Manage
Deploy Storage Spaces Direct Manage with Windows Admin Center
Create volumes Add servers or drives
Nested resiliency Taking a server offline for maintenance
Configure quorum Remove servers
Upgrade a Storage Spaces Direct cluster to Extend volumes
Windows Server 2019 Delete volumes
Understand and deploy persistent memory Update drive firmware
Performance history
Delimit the allocation of volumes
Use Azure Monitor on a hyper-converged cluster
Key benefits
IM A GE DESC RIP T IO N
Deployment options
Storage Spaces Direct was designed for two distinct deployment options:
Converged
Storage and compute in separate clusters. The converged deployment option, also known as
'disaggregated', layers a Scale-out File Server (SoFS) atop Storage Spaces Direct to provide network-
attached storage over SMB3 file shares. This allows for scaling compute/workload independently from
the storage cluster, essential for larger-scale deployments such as Hyper-V IaaS (Infrastructure as a
Service) for service providers and enterprises.
Hyper-Converged
One cluster for compute and storage. The hyper-converged deployment option runs Hyper-V virtual
machines or SQL Server databases directly on the servers providing the storage, storing their files on the
local volumes. This eliminates the need to configure file server access and permissions, and reduces
hardware costs for small-to-medium business or remote office/branch office deployments. See Deploy
Storage Spaces Direct.
How it works
Storage Spaces Direct is the evolution of Storage Spaces, first introduced in Windows Server 2012. It
leverages many of the features you know today in Windows Server, such as Failover Clustering, the
Cluster Shared Volume (CSV) file system, Server Message Block (SMB) 3, and of course Storage Spaces. It
also introduces new technology, most notably the Software Storage Bus.
Here's an overview of the Storage Spaces Direct stack:
Networking Hardware. Storage Spaces Direct uses SMB3, including SMB Direct and SMB Multichannel,
over Ethernet to communicate between servers. We strongly recommend 10+ GbE with remote-direct
memory access (RDMA), either iWARP or RoCE.
Storage Hardware. From 2 to 16 servers with local-attached SATA, SAS, or NVMe drives. Each server
must have at least 2 solid-state drives, and at least 4 additional drives. The SATA and SAS devices should
be behind a host-bus adapter (HBA) and SAS expander. We strongly recommend the meticulously
engineered and extensively validated platforms from our partners (coming soon).
Failover Clustering. The built-in clustering feature of Windows Server is used to connect the servers.
Software Storage Bus. The Software Storage Bus is new in Storage Spaces Direct. It spans the cluster
and establishes a software-defined storage fabric whereby all the servers can see all of each other's local
drives. You can think of it as replacing costly and restrictive Fibre Channel or Shared SAS cabling.
Storage Bus Layer Cache. The Software Storage Bus dynamically binds the fastest drives present (e.g.
SSD) to slower drives (e.g. HDDs) to provide server-side read/write caching that accelerates IO and
boosts throughput.
Storage Pool. The collection of drives that form the basis of Storage Spaces is called the storage pool. It
is automatically created, and all eligible drives are automatically discovered and added to it. We strongly
recommend you use one pool per cluster, with the default settings. Read our Deep Dive into the Storage
Pool to learn more.
Storage Spaces. Storage Spaces provides fault tolerance to virtual "disks" using mirroring, erasure
coding, or both. You can think of it as distributed, software-defined RAID using the drives in the pool. In
Storage Spaces Direct, these virtual disks typically have resiliency to two simultaneous drive or server
failures (e.g. 3-way mirroring, with each data copy in a different server) though chassis and rack fault
tolerance is also available.
Resilient File System (ReFS). ReFS is the premier filesystem purpose-built for virtualization. It
includes dramatic accelerations for .vhdx file operations such as creation, expansion, and checkpoint
merging, and built-in checksums to detect and correct bit errors. It also introduces real-time tiers that
rotate data between so-called "hot" and "cold" storage tiers in real-time based on usage.
Cluster Shared Volumes. The CSV file system unifies all the ReFS volumes into a single namespace
accessible through any server, so that to each server, every volume looks and acts like it's mounted
locally.
Scale-Out File Ser ver. This final layer is necessary in converged deployments only. It provides remote
file access using the SMB3 access protocol to clients, such as another cluster running Hyper-V, over the
network, effectively turning Storage Spaces Direct into network-attached storage (NAS).
Customer stories
There are over 10,000 clusters worldwide running Storage Spaces Direct. Organizations of all sizes, from
small businesses deploying just two nodes, to large enterprises and governments deploying hundreds of
nodes, depend on Storage Spaces Direct for their critical applications and infrastructure.
Visit Microsoft.com/HCI to read their stories:
Management tools
The following tools can be used to manage and/or monitor Storage Spaces Direct:
Get started
Try Storage Spaces Direct in Microsoft Azure, or download a 180-day-licensed evaluation copy of
Windows Server from Windows Server Evaluations.
Additional References
Fault tolerance and storage efficiency
Storage Replica
Storage at Microsoft blog
Storage Spaces Direct throughput with iWARP (TechNet blog)
What's New in Failover Clustering in Windows Server
Storage Quality of Service
Windows IT Pro Support
Understanding the cache in Storage Spaces Direct
8/18/2020 • 9 minutes to read • Edit Online
Storage Spaces Direct features a built-in server-side cache to maximize storage performance. It is a large,
persistent, real-time read and write cache. The cache is configured automatically when Storage Spaces Direct is
enabled. In most cases, no manual management whatsoever is required. How the cache works depends on the
types of drives present.
The following video goes into details on how caching works for Storage Spaces Direct, as well as other design
considerations.
Storage Spaces Direct design considerations
(20 minutes)
https://channel9.msdn.com/Blogs/windowsserver/Design-Considerations-for-Storage-Spaces-Direct/player
These can be combined in six ways, which we group into two categories: "all-flash" and "hybrid".
All-flash deployment possibilities
All-flash deployments aim to maximize storage performance and do not include rotational hard disk drives
(HDD).
Hybrid deployment possibilities
Hybrid deployments aim to balance performance and capacity or to maximize capacity and do include rotational
hard disk drives (HDD).
For example, if you have NVMe and SSDs, the NVMe will cache for the SSDs.
If you have SSDs and HDDs, the SSDs will cache for the HDDs.
NOTE
Cache drives do not contribute usable storage capacity. All data stored in the cache is also stored elsewhere, or will be once
it de-stages. This means the total raw storage capacity of your deployment is the sum of your capacity drives only.
When all drives are of the same type, no cache is configured automatically. You have the option to manually
configure higher-endurance drives to cache for lower-endurance drives of the same type – see the Manual
configuration section to learn how.
TIP
In all-NVMe or all-SSD deployments, especially at very small scale, having no drives "spent" on cache can improve storage
efficiency meaningfully.
Summary
This table summarizes which drives are used for caching, which are used for capacity, and what the caching
behavior is for each deployment possibility.
C A C H E B EH AVIO R
DEP LO Y M EN T C A C H E DRIVES C A PA C IT Y DRIVES ( DEFA ULT )
NVMe + SSD + HDD NVMe SSD + HDD Read + Write for HDD,
Write-only for SSD
Server-side architecture
The cache is implemented at the drive level: individual cache drives within one server are bound to one or many
capacity drives within the same server.
Because the cache is below the rest of the Windows software-defined storage stack, it does not have nor need
any awareness of concepts such as Storage Spaces or fault tolerance. You can think of it as creating "hybrid" (part
flash, part disk) drives which are then presented to Windows. As with an actual hybrid drive, the real-time
movement of hot and cold data between the faster and slower portions of the physical media is nearly invisible
to the outside.
Given that resiliency in Storage Spaces Direct is at least server-level (meaning data copies are always written to
different servers; at most one copy per server), data in the cache benefits from the same resiliency as data not in
the cache.
For example, when using three-way mirroring, three copies of any data are written to different servers, where
they land in cache. Regardless of whether they are later de-staged or not, three copies will always exist.
We recommend making the number of capacity drives a multiple of the number of cache drives, for symmetry.
For example, if you have 4 cache drives, you will experience more even performance with 8 capacity drives (1:2
ratio) than with 7 or 9.
NOTE
You may need to power down to safely replace NVMe that is Add-In Card (AIC) or M.2 form factor.
Manual configuration
For most deployments, manual configuration is not required. In case you do need it, see the following sections.
If you need to make changes to the cache device model after setup, edit the Health Service's Support
Components Document, as described in Health Service overview.
Specify cache drive model
In deployments where all drives are of the same type, such as all-NVMe or all-SSD deployments, no cache is
configured because Windows cannot distinguish characteristics like write endurance automatically among drives
of the same type.
To use higher-endurance drives to cache for lower-endurance drives of the same type, you can specify which
drive model to use with the -CacheDeviceModel parameter of the Enable-ClusterS2D cmdlet. Once Storage
Spaces Direct is enabled, all drives of that model will be used for caching.
TIP
Be sure to match the model string exactly as it appears in the output of Get-PhysicalDisk .
Example
First, get a list of physical disks:
Count Name
----- ----
8 FABRIKAM NVME-1710
16 CONTOSO NVME-1520
Then enter the following command, specifying the cache device model:
You can verify that the drives you intended are being used for caching by running Get-PhysicalDisk in
PowerShell and verifying that their Usage property says "Journal" .
Manual deployment possibilities
Manual configuration enables the following deployment possibilities:
Get-ClusterStorageSpacesDirect
CacheModeHDD : ReadWrite
CacheModeSSD : WriteOnly
Get-ClusterS2D
CacheModeHDD : ReadWrite
CacheModeSSD : ReadWrite
There is no universal rule, but if too many reads are missing the cache, it may be undersized and you should
consider adding cache drives to expand your cache. You can add cache drives or capacity drives independently
whenever you want.
Additional References
Choosing drives and resiliency types
Fault tolerance and storage efficiency
Storage Spaces Direct hardware requirements
Fault tolerance and storage efficiency in Storage
Spaces Direct
8/18/2020 • 8 minutes to read • Edit Online
This topic introduces the resiliency options available in Storage Spaces Direct and outlines the scale
requirements, storage efficiency, and general advantages and tradeoffs of each. It also presents some usage
instructions to get you started, and references some great papers, blogs, and additional content where you can
learn more.
If you are already familiar with Storage Spaces, you may want to skip to the Summary section.
Overview
At its heart, Storage Spaces is about providing fault tolerance, often called 'resiliency', for your data. Its
implementation is similar to RAID, except distributed across servers and implemented in software.
As with RAID, there are a few different ways Storage Spaces can do this, which make different tradeoffs between
fault tolerance, storage efficiency, and compute complexity. These broadly fall into two categories: 'mirroring' and
'parity', the latter sometimes called 'erasure coding'.
Mirroring
Mirroring provides fault tolerance by keeping multiple copies of all data. This most closely resembles RAID-1.
How that data is striped and placed is non-trivial (see this blog to learn more), but it is absolutely true to say that
any data stored using mirroring is written, in its entirety, multiple times. Each copy is written to different physical
hardware (different drives in different servers) that are assumed to fail independently.
In Windows Server 2016, Storage Spaces offers two flavors of mirroring – 'two-way' and 'three-way'.
Two -way mirror
Two-way mirroring writes two copies of everything. Its storage efficiency is 50% – to write 1 TB of data, you need
at least 2 TB of physical storage capacity. Likewise, you need at least two hardware 'fault domains' – with Storage
Spaces Direct, that means two servers.
WARNING
If you have more than two servers, we recommend using three-way mirorring instead.
Parity
Parity encoding, often called 'erasure coding', provides fault tolerance using bitwise arithmetic, which can get
remarkably complicated. The way this works is less obvious than mirroring, and there are many great online
resources (for example, this third-party Dummies Guide to Erasure Coding) that can help you get the idea.
Sufficed to say it provides better storage efficiency without compromising fault tolerance.
In Windows Server 2016, Storage Spaces offers two flavors of parity – 'single' parity and 'dual' parity, the latter
employing an advanced technique called 'local reconstruction codes' at larger scales.
IMPORTANT
We recommend using mirroring for most performance-sensitive workloads. To learn more about how to balance
performance and capacity depending on your workload, see Plan volumes.
Single parity
Single parity keeps only one bitwise parity symbol, which provides fault tolerance against only one failure at a
time. It most closely resembles RAID-5. To use single parity, you need at least three hardware fault domains –
with Storage Spaces Direct, that means three servers. Because three-way mirroring provides more fault tolerance
at the same scale, we discourage using single parity. But, it's there if you insist on using it, and it is fully
supported.
WARNING
We discourage using single parity because it can only safely tolerate one hardware failure at a time: if you're rebooting one
server when suddenly another drive or server fails, you will experience downtime. If you only have three servers, we
recommend using three-way mirroring. If you have four or more, see the next section.
Dual parity
Dual parity implements Reed-Solomon error-correcting codes to keep two bitwise parity symbols, thereby
providing the same fault tolerance as three-way mirroring (i.e. up to two failures at once), but with better storage
efficiency. It most closely resembles RAID-6. To use dual parity, you need at least four hardware fault domains –
with Storage Spaces Direct, that means four servers. At that scale, the storage efficiency is 50% – to store 2 TB of
data, you need 4 TB of physical storage capacity.
The storage efficiency of dual parity increases the more hardware fault domains you have, from 50% up to 80%.
For example, at seven (with Storage Spaces Direct, that means seven servers) the efficiency jumps to 66.7% – to
store 4 TB of data, you need just 6 TB of physical storage capacity.
See the Summary section for the efficiency of dual party and local reconstruction codes at every scale.
Local reconstruction codes
Storage Spaces in Windows Server 2016 introduces an advanced technique developed by Microsoft Research
called 'local reconstruction codes', or LRC. At large scale, dual parity uses LRC to split its encoding/decoding into
a few smaller groups, to reduce the overhead required to make writes or recover from failures.
With hard disk drives (HDD) the group size is four symbols; with solid-state drives (SSD), the group size is six
symbols. For example, here's what the layout looks like with hard disk drives and 12 hardware fault domains
(meaning 12 servers) – there are two groups of four data symbols. It achieves 72.7% storage efficiency.
We recommend this in-depth yet eminently readable walk-through of how local reconstruction codes handle
various failure scenarios, and why they're appealing, by our very own Claus Joergensen.
Mirror-accelerated parity
Beginning in Windows Server 2016, a Storage Spaces Direct volume can be part mirror and part parity. Writes
land first in the mirrored portion and are gradually moved into the parity portion later. Effectively, this is using
mirroring to accelerate erasure coding.
To mix three-way mirror and dual parity, you need at least four fault domains, meaning four servers.
The storage efficiency of mirror-accelerated parity is in between what you'd get from using all mirror or all parity,
and depends on the proportions you choose. For example, the demo at the 37-minute mark of this presentation
shows various mixes achieving 46%, 54%, and 65% efficiency with 12 servers.
IMPORTANT
We recommend using mirroring for most performance-sensitive workloads. To learn more about how to balance
performance and capacity depending on your workload, see Plan volumes.
Summary
This section summarizes the resiliency types available in Storage Spaces Direct, the minimum scale requirements
to use each type, how many failures each type can tolerate, and the corresponding storage efficiency.
Resiliency types
RESIL IEN C Y FA IL URE TO L ERA N C E STO RA GE EF F IC IEN C Y
Two-way mirror 2
Three-way mirror 3
Dual parity 4
Mixed 4
TIP
Unless you are using chassis or rack fault tolerance, the number of fault domains refers to the number of servers. The
number of drives in each server does not affect which resiliency types you can use, as long as you meet the minimum
requirements for Storage Spaces Direct.
FA ULT DO M A IN S L AY O UT EF F IC IEN C Y
2 – –
3 – –
4 RS 2+2 50.0%
FA ULT DO M A IN S L AY O UT EF F IC IEN C Y
5 RS 2+2 50.0%
6 RS 2+2 50.0%
7 RS 4+2 66.7%
8 RS 4+2 66.7%
9 RS 4+2 66.7%
10 RS 4+2 66.7%
11 RS 4+2 66.7%
FA ULT DO M A IN S L AY O UT EF F IC IEN C Y
2 – –
3 – –
4 RS 2+2 50.0%
5 RS 2+2 50.0%
6 RS 2+2 50.0%
7 RS 4+2 66.7%
8 RS 4+2 66.7%
9 RS 6+2 75.0%
10 RS 6+2 75.0%
11 RS 6+2 75.0%
FA ULT DO M A IN S L AY O UT EF F IC IEN C Y
12 RS 6+2 75.0%
13 RS 6+2 75.0%
14 RS 6+2 75.0%
15 RS 6+2 75.0%
Examples
Unless you have only two servers, we recommend using three-way mirroring and/or dual parity, because they
offer better fault tolerance. Specifically, they ensure that all data remains safe and continuously accessible even
when two fault domains – with Storage Spaces Direct, that means two servers - are affected by simultaneous
failures.
Examples where everything stays online
These six examples show what three-way mirroring and/or dual parity can tolerate.
1. One drive lost (includes cache drives)
2. One server lost
5. More than two drives lost, so long as at most two servers are affected
6. Two servers lost
...in every case, all volumes will stay online. (Make sure your cluster maintains quorum.)
Examples where everything goes offline
Over its lifetime, Storage Spaces can tolerate any number of failures, because it restores to full resiliency after
each one, given sufficient time. However, at most two fault domains can safely be affected by failures at any given
moment. The following are therefore examples of what three-way mirroring and/or dual parity cannot tolerate.
7. Drives lost in three or more servers at once
8. Three or more servers lost at once
Usage
Check out Creating volumes in Storage Spaces Direct.
Additional References
Every link below is inline somewhere in the body of this topic.
Storage Spaces Direct in Windows Server 2016
Fault Domain Awareness in Windows Server 2016
Erasure Coding in Azure by Microsoft Research
Local Reconstruction Codes and Accelerating Parity Volumes
Volumes in the Storage Management API
Storage Efficiency Demo at Microsoft Ignite 2016
Capacity Calculator PREVIEW for Storage Spaces Direct
Drive symmetry considerations for Storage Spaces
Direct
8/18/2020 • 6 minutes to read • Edit Online
Storage Spaces Direct works best when every server has exactly the same drives.
In reality, we recognize this is not always practical: Storage Spaces Direct is designed to run for years and to scale
as the needs of your organization grow. Today, you may buy spacious 3 TB hard drives; next year, it may become
impossible to find ones that small. Therefore, some amount of mixing-and-matching is supported.
This topic explains the constraints and provides examples of supported and unsupported configurations.
Constraints
Type
All servers should have the same types of drives.
For example, if one server has NVMe, they should all have NVMe.
Number
All servers should have the same number of drives of each type.
For example, if one server has six SSD, they should all have six SSD.
NOTE
It is okay for the number of drives to differ temporarily during failures or while adding or removing drives.
Model
We recommend using drives of the same model and firmware version whenever possible. If you can't, carefully
select drives that are as similar as possible. We discourage mixing-and-matching drives of the same type with
sharply different performance or endurance characteristics (unless one is cache and the other is capacity) because
Storage Spaces Direct distributes IO evenly and doesn't discriminate based on model.
NOTE
It is okay to mix-and-match similar SATA and SAS drives.
Size
We recommend using drives of the same sizes whenever possible. Using capacity drives of different sizes may
result in some unusable capacity, and using cache drives of different sizes may not improve cache performance.
See the next section for details.
WARNING
Differing capacity drives sizes across servers may result in stranded capacity.
Understand: capacity imbalance
Storage Spaces Direct is robust to capacity imbalance across drives and across servers. Even if the imbalance is
severe, everything will continue to work. However, depending on several factors, capacity that isn't available in
every server may not be usable.
To see why this happens, consider the simplified illustration below. Each colored box represents one copy of
mirrored data. For example, the boxes marked A, A', and A'' are three copies of the same data. To honor server
fault tolerance, these copies must be stored in different servers.
Stranded capacity
As drawn, Server 1 (10 TB) and Server 2 (10 TB) are full. Server 3 has larger drives, therefore its total capacity is
larger (15 TB). However, to store more three-way mirror data on Server 3 would require copies on Server 1 and
Server 2 too, which are already full. The remaining 5 TB capacity on Server 3 can't be used – it's "stranded"
capacity.
Optimal placement
Conversely, with four servers of 10 TB, 10 TB, 10 TB, and 15 TB capacity and three-way mirror resiliency, it is
possible to validly place copies in a way that uses all available capacity, as drawn. Whenever this is possible, the
Storage Spaces Direct allocator will find and use the optimal placement, leaving no stranded capacity.
The number of servers, the resiliency, the severity of the capacity imbalance, and other factors affect whether there
is stranded capacity. The most prudent general rule is to assume that only capacity available in ever y
ser ver is guaranteed to be usable.
TIP
See Understanding the cache to learn more about cache bindings.
Example configurations
Here are some supported and unsupported configurations:
This is supported.
Supported: different models within server
Every server uses some different mix of HDD models "Y" and "Z", which are very similar. Every server has 10 total
HDD.
This is supported.
This is supported.
Not supported: different types of drives across servers
Server 1 has NVMe but the others don't.
SERVER 1 SERVER 2 SERVER 3
6 x NVMe (cache) - -
This isn't supported. The types of drives should be the same in every server.
This isn't supported. The number of drives of each type should be the same in every server.
Not supported: only HDD drives
All servers have only HDD drives connected.
This isn't supported. You need to add a minimum of two cache drives (NvME or SSD) attached to each of the
servers.
Summary
To recap, every server in the cluster should have the same types of drives and the same number of each type. It's
supported to mix-and-match drive models and drive sizes as needed, with the considerations above.
C O N ST RA IN T STAT E
Additional References
Storage Spaces Direct hardware requirements
Storage Spaces Direct overview
Understand and monitor storage resync
8/18/2020 • 4 minutes to read • Edit Online
Storage resync alerts are a new capability of Storage Spaces Direct in Windows Server 2019 that allows the Health
Service to throw a fault when your storage is resyncing. The alert is useful in notifying you when resync is
happening, so that you don't accidentally take more servers down (which could cause multiple fault domains to be
affected, resulting in your cluster going down).
This topic provides background and steps to understand and see storage resync in a Windows Server failover
cluster with Storage Spaces Direct.
Understanding resync
Let's start with a simple example to understand how storage gets out of sync. Keep in mind that any shared-
nothing (local drives only) distributed storage solution exhibits this behavior. As you will see below, if one server
node goes down, then its drives won't be updated until it comes back online - this is true for any hyper-converged
architecture.
Suppose that we want to store the string "HELLO".
Asssuming that we have three-way mirror resiliency, we have three copies of this string. Now, if we take server #1
down temporarily (for maintanence), then we cannot access copy #1.
Suppose we update our string from "HELLO" to "HELP!" at this time.
Once we update the string, copy #2 and #3 will be successfully updated. However, copy #1 still cannot be accessed
because server #1 is down temporarily (for maintanence).
Now, we have copy #1 which has data that is out of sync. The operating system uses granular dirty region tracking
to keep track of the bits that are out of sync. This way when server #1 comes back online, we can sync the changes
by reading the data from copy #2 or #3 and overwriting the data in copy #1. The advantages of this approach are
that we only need to copy over the data that is stale, rather than resyncing all of the data from server #2 or server
#3.
So, this explains how data gets out of sync. But what does this look like at a high level? Assume for this example
that we have a three server hyper-converged cluster. When server #1 is in maintenance, you will see it as being
down. When you bring server #1 back up, it will start resyncing all of its storage using the granular dirty region
tracking (explained above). Once the data is all back in sync, all servers will be shown as up.
Get-HealthFault
This is a new fault in Windows Server 2019, and will appear in PowerShell, in the cluster validation report, and
anywhere else that builds on Health faults.
To get a deeper view, you can query the time series database in PowerShell as follows:
Get-ClusterNode | Get-ClusterPerf -ClusterNodeSeriesName ClusterNode.Storage.Degraded
Notably, Windows Admin Center uses Health faults to set the status and color of cluster nodes. So, this new fault
will cause cluster nodes to transition from red (down) to yellow (resyncing) to green (up), instead of going straight
from red to green, on the HCI Dashboard.
By showing the overall storage resync progress, you can accurately know how much data is out of sync and
whether your system is making forward progress. When you open Windows Admin Center and go to the
Dashboard, you will see the new alert as follows:
The alert is useful in notifying you when resync is happening, so that you don't accidentally take more servers
down (which could cause multiple fault domains to be affected, resulting in your cluster going down).
If you navigate to the Servers page in Windows Admin Center, click on Inventory, and then choose a specific server,
you can get a more detailed view of how this storage resync looks on a per-server basis. If you navigate to your
server and look at the Storage chart, you will see the amount of data that needs to be repaired in a purple line with
exact number right above. This amount will increase when the server is down (more data needs to be resynced),
and gradually decrease when the server comes back online (data is being synced). When the amount of data that
needs to be repair is 0, your storage is done resyncing - you are now free to take a server down if you need to. A
screenshot of this experience in Windows Admin Center is shown below:
Get-StorageJob
This view is a lot more granular since the storage jobs listed are per volume, you can see the list of jobs that are
running, and you can track their individual progress. This cmdlet works on both Windows Server 2016 and 2019.
Additional References
Taking a server offline for maintenance
Storage Spaces Direct overview
Understanding cluster and pool quorum
8/18/2020 • 11 minutes to read • Edit Online
Windows Server Failover Clustering provides high availability for workloads. These resources are considered
highly available if the nodes that host resources are up; however, the cluster generally requires more than half the
nodes to be running, which is known as having quorum.
Quorum is designed to prevent split-brain scenarios which can happen when there is a partition in the network
and subsets of nodes cannot communicate with each other. This can cause both subsets of nodes to try to own
the workload and write to the same disk which can lead to numerous problems. However, this is prevented with
Failover Clustering's concept of quorum which forces only one of these groups of nodes to continue running, so
only one of these groups will stay online.
Quorum determines the number of failures that the cluster can sustain while still remaining online. Quorum is
designed to handle the scenario when there is a problem with communication between subsets of cluster nodes,
so that multiple servers don't try to simultaneously host a resource group and write to the same disk at the same
time. By having this concept of quorum, the cluster will force the cluster service to stop in one of the subsets of
nodes to ensure that there is only one true owner of a particular resource group. Once nodes which have been
stopped can once again communicate with the main group of nodes, they will automatically rejoin the cluster and
start their cluster service.
In Windows Server 2019 and Windows Server 2016, there are two components of the system that have their
own quorum mechanisms:
Cluster Quorum : This operates at the cluster level (i.e. you can lose nodes and have the cluster stay up)
Pool Quorum : This operates on the pool level when Storage Spaces Direct is enabled (i.e. you can lose nodes
and drives and have the pool stay up). Storage pools were designed to be used in both clustered and non-
clustered scenarios, which is why they have a different quorum mechanism.
2 50/50 No No
2 + Witness Yes No No
3 Yes 50/50 No
The above scenario applies to a general cluster that doesn't have Storage Spaces Direct enabled. However, when
Storage Spaces Direct is enabled, the cluster can only support two node failures. This is explained more in the
pool quorum section.
Examples
Two nodes without a witness.
One node's vote is zeroed, so the majority vote is determined out of a total of 1 vote . If the non-voting node goes
down unexpectedly, the survivor has 1/1 and the cluster survives. If the voting node goes down unexpectedly, the
survivor has 0/1 and the cluster goes down. If the voting node is gracefully powered down, the vote is transferred
to the other node, and the cluster survives. This is why it's critical to configure a witness.
Can survive one server failure: Fifty percent chance .
Can survive one server failure, then another: No .
Can survive two server failures at once: No .
Two nodes with a witness.
Both nodes vote, plus the witness votes, so the majority is determined out of a total of 3 votes . If either node
goes down, the survivor has 2/3 and the cluster survives.
2 No No No
2 + Witness Yes No No
3 Yes No No
3 + Witness Yes No No
4 Yes No No
More information
Configure and manage quorum
Deploy a cloud witness
Cluster sets
8/18/2020 • 23 minutes to read • Edit Online
Cluster sets is the new cloud scale-out technology in the Windows Server 2019 release that increases cluster node
count in a single Software Defined Data Center (SDDC) cloud by orders of magnitude. A cluster set is a loosely-
coupled grouping of multiple Failover Clusters: compute, storage or hyper-converged. Cluster sets technology
enables virtual machine fluidity across member clusters within a cluster set and a unified storage namespace
across the set in support of virtual machine fluidity.
While preserving existing Failover Cluster management experiences on member clusters, a cluster set instance
additionally offers key use cases around lifecycle management at the aggregate. This Windows Server 2019
Scenario Evaluation Guide provides you the necessary background information along with step-by-step
instructions to evaluate cluster sets technology using PowerShell.
Technology introduction
Cluster sets technology is developed to meet specific customer requests operating Software Defined Datacenter
(SDDC) clouds at scale. Cluster sets value proposition may be summarized as the following:
Significantly increase the supported SDDC cloud scale for running highly available virtual machines by
combining multiple smaller clusters into a single large fabric, even while keeping the software fault boundary
to a single cluster
Manage entire Failover Cluster lifecycle including onboarding and retiring clusters, without impacting tenant
virtual machine availability, via fluidly migrating virtual machines across this large fabric
Easily change the compute-to-storage ratio in your hyper-converged I
Benefit from Azure-like Fault Domains and Availability sets across clusters in initial virtual machine placement
and subsequent virtual machine migration
Mix-and-match different generations of CPU hardware into the same cluster set fabric, even while keeping
individual fault domains homogeneous for maximum efficiency. Please note that the recommendation of same
hardware is still present within each individual cluster as well as the entire cluster set.
From a high level view, this is what cluster sets can look like.
The following provides a quick summary of each of the elements in the above image:
Management cluster
Management cluster in a cluster set is a Failover Cluster that hosts the highly-available management plane of the
entire cluster set and the unified storage namespace (Cluster Set Namespace) referral Scale-Out File Server
(SOFS). A management cluster is logically decoupled from member clusters that run the virtual machine
workloads. This makes the cluster set management plane resilient to any localized cluster-wide failures, e.g. loss of
power of a member cluster.
Member cluster
A member cluster in a cluster set is typically a traditional hyper-converged cluster running virtual machine and
Storage Spaces Direct workloads. Multiple member clusters participate in a single cluster set deployment, forming
the larger SDDC cloud fabric. Member clusters differ from a management cluster in two key aspects: member
clusters participate in fault domain and availability set constructs, and member clusters are also sized to host
virtual machine and Storage Spaces Direct workloads. Cluster set virtual machines that move across cluster
boundaries in a cluster set must not be hosted on the management cluster for this reason.
Cluster set namespace referral SOFS
A cluster set namespace referral (Cluster Set Namespace) SOFS is a Scale-Out File Server wherein each SMB Share
on the Cluster Set Namespace SOFS is a referral share – of type 'SimpleReferral' newly introduced in Windows
Server 2019. This referral allows Server Message Block (SMB) clients access to the target SMB share hosted on the
member cluster SOFS. The cluster set namespace referral SOFS is a light-weight referral mechanism and as such,
does not participate in the I/O path. The SMB referrals are cached perpetually on the each of the client nodes and
the cluster sets namespace dynamically updates automatically these referrals as needed.
Cluster set master
In a cluster set, the communication between the member clusters is loosely coupled, and is coordinated by a new
cluster resource called "Cluster Set Master" (CS-Master). Like any other cluster resource, CS-Master is highly
available and resilient to individual member cluster failures and/or the management cluster node failures. Through
a new Cluster Set WMI provider, CS-Master provides the management endpoint for all Cluster Set manageability
interactions.
Cluster set worker
In a Cluster Set deployment, the CS-Master interacts with a new cluster resource on the member Clusters called
"Cluster Set Worker" (CS-Worker). CS-Worker acts as the only liaison on the cluster to orchestrate the local cluster
interactions as requested by the CS-Master. Examples of such interactions include virtual machine placement and
cluster-local resource inventorying. There is only one CS-Worker instance for each of the member clusters in a
cluster set.
Fault domain
A fault domain is the grouping of software and hardware artifacts that the administrator determines could fail
together when a failure does occur. While an administrator could designate one or more clusters together as a
fault domain, each node could participate in a fault domain in an availability set. Cluster sets by design leaves the
decision of fault domain boundary determination to the administrator who is well-versed with data center
topology considerations – e.g. PDU, networking – that member clusters share.
Availability set
An availability set helps the administrator configure desired redundancy of clustered workloads across fault
domains, by organizing those into an availability set and deploying workloads into that availability set. Let's say if
you are deploying a two-tier application, we recommend that you configure at least two virtual machines in an
availability set for each tier which will ensure that when one fault domain in that availability set goes down, your
application will at least have one virtual machine in each tier hosted on a different fault domain of that same
availability set.
2. Each CSV volume created in the failover automatically triggers the creation of an SMB Share with an auto-
generated name based on the CSV volume name. An administrator cannot directly create or modify SMB
shares under an SOFS role, other than via CSV volume create/modify operations.
3. In hyper-converged configurations, an Infrastructure SOFS allows an SMB client (Hyper-V host) to
communicate with guaranteed Continuous Availability (CA) to the Infrastructure SOFS SMB server. This
hyper-converged SMB loopback CA is achieved via virtual machines accessing their virtual disk (VHDx) files
where the owning virtual machine identity is forwarded between the client and server. This identity
forwarding allows ACL-ing VHDx files just as in standard hyper-converged cluster configurations as before.
Once a cluster set is created, the cluster set namespace relies on an Infrastructure SOFS on each of the member
clusters, and additionally an Infrastructure SOFS in the management cluster.
At the time a member cluster is added to a cluster set, the administrator specifies the name of an Infrastructure
SOFS on that cluster if one already exists. If the Infrastructure SOFS does not exist, a new Infrastructure SOFS role
on the new member cluster is created by this operation. If an Infrastructure SOFS role already exists on the
member cluster, the Add operation implicitly renames it to the specified name as needed. Any existing singleton
SMB servers, or non-Infrastructure SOFS roles on the member clusters are left unutilized by the cluster set.
At the time the cluster set is created, the administrator has the option to use an already-existing AD computer
object as the namespace root on the management cluster. Cluster set creation operations create the Infrastructure
SOFS cluster role on the management cluster or renames the existing Infrastructure SOFS role just as previously
described for member clusters. The Infrastructure SOFS on the management cluster is used as the cluster set
namespace referral (Cluster Set Namespace) SOFS. It simply means that each SMB Share on the cluster set
namespace SOFS is a referral share – of type 'SimpleReferral' - newly introduced in Windows Server 2019. This
referral allows SMB clients access to the target SMB share hosted on the member cluster SOFS. The cluster set
namespace referral SOFS is a light-weight referral mechanism and as such, does not participate in the I/O path.
The SMB referrals are cached perpetually on the each of the client nodes and the cluster sets namespace
dynamically updates automatically these referrals as needed
Creating a Cluster Set
Prerequisites
When creating a cluster set, you following prerequisites are recommended:
1. Configure a management client running Windows Server 2019.
2. Install the Failover Cluster tools on this management server.
3. Create cluster members (at least two clusters with at least two Cluster Shared Volumes on each cluster)
4. Create a management cluster (physical or guest) that straddles the member clusters. This approach ensures
that the Cluster sets management plane continues to be available despite possible member cluster failures.
Steps
1. Create a new cluster set from three clusters as defined in the prerequisites. The below chart gives an
example of clusters to create. The name of the cluster set in this example will be CSMASTER .
SET-CLUSTER SOFS-CLUSTERSET
CLUSTER1 SOFS-CLUSTER1
CLUSTER2 SOFS-CLUSTER2
2. Once all the clusters have been created, use the following command to create the cluster set master:
3. Use the command set below to add a Cluster Server to the cluster set:
NOTE
If you are using a static IP Address scheme, you must include -StaticAddress x.x.x.x on the New-ClusterSet
command.
4. Once you have created the cluster set out of cluster members, you can list the nodes set and its properties.
To enumerate all the member clusters in the cluster set:
5. To enumerate all the member clusters in the cluster set including the management cluster nodes:
8. To verify that the cluster set creation process created one SMB share (identified as Volume1, or whatever the
CSV folder is labeled with, the ScopeName being the Infrastructure File Server name and the path as both)
on the Infrastructure SOFS for each cluster member's CSV volume:
9. Cluster set debug logs can be collected for review. Both the cluster set and cluster debug logs can be
gathered for all members and the management cluster:
10. Configure Kerberos constrained delegation between all cluster set members.
11. Configure the cross-cluster virtual machine live migration authentication type to Kerberos on each node in
the Cluster Set.
12. Add the management cluster to the local administrators group on each node in the cluster set.
When it completes, you will be given the information about the virtual machine and where it was placed. In the
above example, it would show as:
State : Running
ComputerName : 1-S2D2
If you were to have not enough memory, CPU capacity, or disk space to add the virtual machine, you will receive
the following error:
Once the virtual machine has been created, it will be displayed in Hyper-V manager on the specific node specified.
To add it as a cluster set virtual machine, and add it to the cluster, use the command below:
If you have added a cluster with existing virtual machines, the virtual machines will also need to be registered with
Cluster sets. To register all those virtual machines at once, the command to use is:
However, the process is not yet complete, as the path to the virtual machine needs to be added to the cluster set
namespace.
For example: An existing cluster is added and it has pre-configured virtual machines which reside on the local
Cluster Shared Volume (CSV). The path for the VHDX would be something similar to
"C:\ClusterStorage\Volume1\MYVM\Virtual Hard Disks\MYVM.vhdx". A storage migration would need to be
accomplished, as CSV paths are by design local to a single member cluster and will therefore not be accessible to
the virtual machine once they are live migrated across member clusters.
In this example, CLUSTER3 was added to the cluster set using Add-ClusterSetMember with the Infrastructure
Scale-Out File Server as SOFS-CLUSTER3. To move the virtual machine configuration and storage, the command
is:
WARNING: There were issues updating the virtual machine configuration that may prevent the virtual machine
from running. For more information view the report file below.
WARNING: Report file location: C:\Windows\Cluster\Reports\Update-ClusterVirtualMachineConfiguration '' on date
at time.htm.
This warning can be ignored as the warning is "No changes in the virtual machine role storage configuration were
detected". The reason for the warning as the actual physical location does not change; only the configuration paths.
For more information on Move-VMStorage, please review this link.
Live migrating a virtual machine between different cluster set clusters is not the same as in the past. In non-cluster
set scenarios, the steps would be:
1. remove the virtual machine role from the Cluster.
2. live migrate the virtual machine to a member node of a different cluster.
3. add the virtual machine into the cluster as a new virtual machine role.
With Cluster sets these steps are not necessary and only one command is needed. First, you should set all
networks to be available for the migration with the command:
For example, I want to move a Cluster Set virtual machine from CLUSTER1 to NODE2-CL3 on CLUSTER3. The
single command would be:
Please note that this does not move the virtual machine storage or configuration files. This is not necessary as the
path to the virtual machine remains as \\SOFS-CLUSTER1\VOLUME1. Once a virtual machine has been registered
with cluster sets has the Infrastructure File Server share path, the drives and virtual machine do not require being
on the same machine as the virtual machine.
To ensure they have been created successfully, Get-ClusterSetFaultDomain can be run with its output shown.
PSShowComputerName : True
FaultDomainType : Logical
ClusterName : {CLUSTER1, CLUSTER2}
Description : This is my first fault domain
FDName : FD1
Id : 1
PSComputerName : CSMASTER
Now that the fault domains have been created, the availability set needs to be created.
When creating new virtual machines, you would then need to use the -AvailabilitySet parameter as part of
determining the optimal node. So it would then look something like this:
Removing a cluster from cluster sets due to various life cycles. There are times when a cluster needs to be removed
from a cluster set. As a best practice, all cluster set virtual machines should be moved out of the cluster. This can be
accomplished using the Move-ClusterSetVM and Move-VMStorage commands.
However, if the virtual machines will not be moved as well, cluster sets runs a series of actions to provide an
intuitive outcome to the administrator. When the cluster is removed from the set, all remaining cluster set virtual
machines hosted on the cluster being removed will simply become highly available virtual machines bound to that
cluster, assuming they have access to their storage. Cluster sets will also automatically update its inventory by:
No longer tracking the health of the now-removed cluster and the virtual machines running on it
Removes from cluster set namespace and all references to shares hosted on the now-removed cluster
For example, the command to remove the CLUSTER1 cluster from cluster sets would be:
Question: Can Windows Server 2012 R2 or 2016 clusters co-exist in the same cluster set?
Question: Can I migrate workloads off Windows Server 2012 R2 or 2016 clusters by simply having those clusters
join the same Cluster Set?
Answer : Cluster sets is a new technology being introduced in Windows Server 2019, so as such, does not exist in
previous releases. Down-level OS-based clusters cannot join a cluster set. However, Cluster Operating System
rolling upgrades technology should provide the migration functionality that you are looking for by upgrading
these clusters to Windows Server 2019.
Question: Can Cluster sets allow me to scale storage or compute (alone)?
Answer : Yes, by simply adding a Storage Space Direct or traditional Hyper-V cluster. With cluster sets, it is a
straightforward change of Compute-to-Storage ratio even in a hyper-converged cluster set.
Question: What is the management tooling for cluster sets
Answer : PowerShell or WMI in this release.
Question: How will the cross-cluster live migration work with processors of different generations?
Answer : Cluster sets does not work around processor differences and supersede what Hyper-V currently
supports. Therefore, processor compatibility mode must be used with quick migrations. The recommendation for
Cluster sets is to use the same processor hardware within each individual Cluster as well as the entire Cluster Set
for live migrations between clusters to occur.
Question: Can my cluster set virtual machines automatically failover on a cluster failure?
Answer : In this release, cluster set virtual machines can only be manually live-migrated across clusters; but cannot
automatically failover.
Question: How do we ensure storage is resilient to cluster failures?
Answer : Use cross-cluster Storage Replica (SR) solution across member clusters to realize the storage resiliency to
cluster failures.
Question: I use Storage Replica (SR) to replicate across member clusters. Do cluster set namespace storage UNC
paths change on SR failover to the replica target Storage Spaces Direct cluster?
Answer : In this release, such a cluster set namespace referral change does not occur with SR failover. Please let
Microsoft know if this scenario is critical to you and how you plan to use it.
Question: Is it possible to failover virtual machines across fault domains in a disaster recovery situation (say the
entire fault domain went down)?
Answer : No, note that cross-cluster failover within a logical fault domain is not yet supported.
Question: Can my cluster set span clusters in multiple sites (or DNS domains)?
Answer : This is an untested scenario and not immediately planned for production support. Please let Microsoft
know if this scenario is critical to you and how you plan to use it.
Question: Does cluster set work with IPv6?
Answer : Both IPv4 and IPv6 are supported with cluster sets as with Failover Clusters.
Question: What are the Active Directory Forest requirements for cluster sets
Answer : All member clusters must be in the same AD forest.
Question: How many clusters or nodes can be part of a single cluster Set?
Answer : In Windows Server 2019, cluster sets been tested and supported up to 64 total cluster nodes. However,
cluster sets architecture scales to much larger limits and is not something that is hardcoded for a limit. Please let
Microsoft know if larger scale is critical to you and how you plan to use it.
Question: Will all Storage Spaces Direct clusters in a cluster set form a single storage pool?
Answer : No. Storage Spaces Direct technology still operates within a single cluster and not across member
clusters in a cluster set.
Question: Is the cluster set namespace highly available?
Answer : Yes, the cluster set namespace is provided via a Continuously Available (CA) referral SOFS namespace
server running on the management cluster. Microsoft recommends having enough number of virtual machines
from member clusters to make it resilient to localized cluster-wide failures. However, to account for unforeseen
catastrophic failures – e.g. all virtual machines in the management cluster going down at the same time – the
referral information is additionally persistently cached in each cluster set node, even across reboots.
Question: Does the cluster set namespace-based storage access slow down storage performance in a cluster set?
Answer : No. Cluster set namespace offers an overlay referral namespace within a cluster set – conceptually like
Distributed File System Namespaces (DFSN). And unlike DFSN, all cluster set namespace referral metadata is auto-
populated and auto-updated on all nodes without any administrator intervention, so there is almost no
performance overhead in the storage access path.
Question: How can I backup cluster set metadata?
Answer : This guidance is the same as that of Failover Cluster. The System State Backup will backup the cluster
state as well. Through Windows Server Backup, you can do restores of just a node's cluster database (which should
never be needed because of a bunch of self-healing logic we have) or do an authoritative restore to roll back the
entire cluster database across all nodes. In the case of cluster sets, Microsoft recommends doing such an
authoritative restore first on the member cluster and then the management cluster if needed.
Storage Spaces Direct hardware requirements
8/18/2020 • 4 minutes to read • Edit Online
This topic describes minimum hardware requirements for Storage Spaces Direct on Windows Server. For
hardware requirements on Azure Stack HCI, our operating system designed for hyperconverged deployments
with a connection to the cloud, see Before you deploy Azure Stack HCI: Determine hardware requirements.
For production, Microsoft recommends purchasing a validated hardware/software solution from our partners,
which include deployment tools and procedures. These solutions are designed, assembled, and validated against
our reference architecture to ensure compatibility and reliability, so you get up and running quickly. For Windows
Server 2019 solutions, visit the Azure Stack HCI solutions website. For Windows Server 2016 solutions, learn
more at Windows Server Software-Defined.
TIP
Want to evaluate Storage Spaces Direct but don't have hardware? Use Hyper-V or Azure virtual machines as described in
Using Storage Spaces Direct in guest virtual machine clusters.
Base requirements
Systems, components, devices, and drivers must be Windows Ser ver 2016 Cer tified per the Windows Server
Catalog. In addition, we recommend that servers, drives, host bus adapters, and network adapters have the
Software-Defined Data Center (SDDC) Standard and/or Software-Defined Data Center (SDDC)
Premium additional qualifications (AQs), as pictured below. There are over 1,000 components with the SDDC
AQs.
The fully configured cluster (servers, networking, and storage) must pass all cluster validation tests per the
wizard in Failover Cluster Manager or with the Test-Cluster cmdlet in PowerShell.
In addition, the following requirements apply:
Servers
Minimum of 2 servers, maximum of 16 servers
Recommended that all servers be the same manufacturer and model
CPU
Intel Nehalem or later compatible processor; or
AMD EPYC or later compatible processor
Memory
Memory for Windows Server, VMs, and other apps or workloads; plus
4 GB of RAM per terabyte (TB) of cache drive capacity on each server, for Storage Spaces Direct metadata
Boot
Any boot device supported by Windows Server, which now includes SATADOM
RAID 1 mirror is not required, but is supported for boot
Recommended: 200 GB minimum size
Networking
Storage Spaces Direct requires a reliable high bandwidth, low latency network connection between each node.
Minimum interconnect for small scale 2-3 node
10 Gbps network interface card (NIC), or faster
Two or more network connections from each node recommended for redundancy and performance
Recommended interconnect for high performance, at scale, or deployments of 4+
NICs that are remote-direct memory access (RDMA) capable, iWARP (recommended) or RoCE
Two or more network connections from each node recommended for redundancy and performance
25 Gbps NIC or faster
Switched or switchless node interconnects
Switched: Network switches must be properly configured to handle the bandwidth and networking type. If
using RDMA that implements the RoCE protocol, network device and switch configuration is even more
important.
Switchless: Nodes can be interconnected using direct connections, avoiding using a switch. It is required that
every node have a direct connection with every other node of the cluster.
Drives
Storage Spaces Direct works with direct-attached SATA, SAS, NVMe, or persistent memory (PMem) drives that
are physically attached to just one server each. For more help choosing drives, see the Choosing drives and
Understand and deploy persistent memory topics.
SATA, SAS, persistent memory, and NVMe (M.2, U.2, and Add-In-Card) drives are all supported
512n, 512e, and 4K native drives are all supported
Solid-state drives must provide power-loss protection
Same number and types of drives in every server – see Drive symmetry considerations
Cache devices must be 32 GB or larger
Persistent memory devices are used in block storage mode
When using persistent memory devices as cache devices, you must use NVMe or SSD capacity devices (you
can't use HDDs)
NVMe driver is the Microsoft-provided one included in Windows (stornvme.sys)
Recommended: Number of capacity drives is a whole multiple of the number of cache drives
Recommended: Cache drives should have high write endurance: at least 3 drive-writes-per-day (DWPD) or at
least 4 terabytes written (TBW) per day – see Understanding drive writes per day (DWPD), terabytes written
(TBW), and the minimum recommended for Storage Spaces Direct
Here's how drives can be connected for Storage Spaces Direct:
Direct-attached SATA drives
Direct-attached NVMe drives
SAS host-bus adapter (HBA) with SAS drives
SAS host-bus adapter (HBA) with SATA drives
NOT SUPPORTED: RAID controller cards or SAN (Fibre Channel, iSCSI, FCoE) storage. Host-bus adapter
(HBA) cards must implement simple pass-through mode.
Drives can be internal to the server, or in an external enclosure that is connected to just one server. SCSI
Enclosure Services (SES) is required for slot mapping and identification. Each external enclosure must present a
unique identifier (Unique ID).
Drives internal to the server
Drives in an external enclosure ("JBOD") connected to one server
NOT SUPPORTED: Shared SAS enclosures connected to multiple servers or any form of multi-path IO
(MPIO) where drives are accessible by multiple paths.
Minimum number of drives (excludes boot drive )
If there are drives used as cache, there must be at least 2 per server
There must be at least 4 capacity (non-cache) drives per server
NOTE
This table provides the minimum for hardware deployments. If you're deploying with virtual machines and virtualized
storage, such as in Microsoft Azure, see Using Storage Spaces Direct in guest virtual machine clusters.
Maximum capacity
M A XIM UM S W IN DO W S SERVER 2019 W IN DO W S SERVER 2016
This topic describes how to use system memory to boost the performance of Storage Spaces Direct.
Storage Spaces Direct is compatible with the Cluster Shared Volume (CSV) in-memory read cache. Using system
memory to cache reads can improve performance for applications like Hyper-V, which uses unbuffered I/O to
access VHD or VHDX files. (Unbuffered IOs are any operations that are not cached by the Windows Cache
Manager.)
Because the in-memory cache is server-local, it improves data locality for hyper-converged Storage Spaces Direct
deployments: recent reads are cached in memory on the same host where the virtual machine is running, reducing
how often reads go over the network. This results in lower latency and better storage performance.
Planning considerations
The in-memory read cache is most effective for read-intensive workloads, such as Virtual Desktop Infrastructure
(VDI). Conversely, if the workload is extremely write-intensive, the cache may introduce more overhead than value
and should be disabled.
You can use up to 80% of total physical memory for the CSV in-memory read cache.
TIP
For hyper-converged deployments, where compute and storage run on the same servers, be careful to leave enough
memory for your virtual machines. For converged Scale-Out File Server (SoFS) deployments, with less contention for
memory, this doesn't apply.
NOTE
Certain microbenchmarking tools like DISKSPD and VM Fleet may produce worse results with the CSV in-memory read
cache enabled than without it. By default VM Fleet creates one 10 GiB VHDX per virtual machine – approximately 1 TiB total
for 100 VMs – and then performs uniformly random reads and writes to them. Unlike real workloads, the reads don't follow
any predictable or repetitive pattern, so the in-memory cache is not effective and just incurs overhead.
(Get-Cluster).BlockCacheSize
The value returned is in mebibytes (MiB) per server. For example, 1024 represents 1 gibibyte (GiB).
To change how much memory is allocated, modify this value using PowerShell. For example, to allocate 2 GiB per
server, run:
(Get-Cluster).BlockCacheSize = 2048
For changes to take effect immediately, pause then resume your CSV volumes, or move them between servers. For
example, use this PowerShell fragment to move each CSV to another server node and back again:
Get-ClusterSharedVolume | ForEach {
$Owner = $_.OwnerNode
$_ | Move-ClusterSharedVolume
$_ | Move-ClusterSharedVolume -Node $Owner
}
Additional References
Storage Spaces Direct overview
Choosing drives for Storage Spaces Direct
8/18/2020 • 5 minutes to read • Edit Online
This topic provides guidance on how to choose drives for Storage Spaces Direct to meet your performance and
capacity requirements.
Drive types
Storage Spaces Direct currently works with four types of drives:
Built-in cache
Storage Spaces Direct features a built-in server-side cache. It is a large, persistent, real-time read and write cache.
In deployments with multiple types of drives, it is configured automatically to use all drives of the "fastest" type.
The remaining drives are used for capacity.
For more information, check out Understanding the cache in Storage Spaces Direct.
NOTE
An advantage to using all-NVMe or all-SSD with no cache is that you get usable storage capacity from every drive.
There is no capacity "spent" on caching, which may be appealing at smaller scale.
1. NVMe + HDD . The NVMe drives will accelerate reads and writes by caching both. Caching reads allows the
HDDs to focus on writes. Caching writes absorbs bursts and allows writes to coalesce and be de-staged only
as needed, in an artificially serialized manner that maximizes HDD IOPS and IO throughput. This provides
NVMe-like write characteristics, and for frequently or recently read data, NVMe-like read characteristics too.
2. SSD + HDD . Similar to the above, the SSDs will accelerate reads and writes by caching both. This provides
SSD-like write characteristics, and SSD-like read characteristics for frequently or recently read data.
There is one additional, rather exotic option: to use drives of all three types.
3. NVMe + SSD + HDD. With drives of all three types, the NVMe drives cache for both the SSDs and HDDs.
The appeal is that you can create volumes on the SSDs, and volumes on the HDDs, side-by-side in the same
cluster, all accelerated by NVMe. The former are exactly as in an "all-flash" deployment, and the latter are
exactly as in the "hybrid" deployments described above. This is conceptually like having two pools, with
largely independent capacity management, failure and repair cycles, and so on.
IMPORTANT
We recommend using the SSD tier to place your most performance-sensitive workloads on all-flash.
1. SSD + HDD . The SSDs will cache reads and writes, to absorb bursts and provide SSD-like write performance,
with optimized de-staging later to the HDDs.
IMPORTANT
Configuration with HDDs only is not supported. High endurance SSDs caching to low endurance SSDs is not advised.
Sizing considerations
Cache
Every server must have at least two cache drives (the minimum required for redundancy). We recommend making
the number of capacity drives a multiple of the number of cache drives. For example, if you have 4 cache drives,
you will experience more consistent performance with 8 capacity drives (1:2 ratio) than with 7 or 9.
The cache should be sized to accommodate the working set of your applications and workloads, i.e. all the data
they are actively reading and writing at any given time. There is no cache size requirement beyond that. For
deployments with HDDs, a fair starting place is 10% of capacity – for example, if each server has 4 x 4 TB HDD =
16 TB of capacity, then 2 x 800 GB SSD = 1.6 TB of cache per server. For all-flash deployments, especially with very
high endurance SSDs, it may be fair to start closer to 5% of capacity – for example, if each server has 24 x 1.2 TB
SSD = 28.8 TB of capacity, then 2 x 750 GB NVMe = 1.5 TB of cache per server. You can always add or remove
cache drives later to adjust.
General
We recommend limiting the total storage capacity per server to approximately 400 terabytes (TB). The more
storage capacity per server, the longer the time required to resync data after downtime or rebooting, such when
applying software updates. The current maximum size per storage pool is 4 petabyte (PB) (4,000 TB) for Windows
Server 2019, or 1 petabyte for Windows Server 2016.
Additional References
Storage Spaces Direct overview
Understand the cache in Storage Spaces Direct
Storage Spaces Direct hardware requirements
Planning volumes in Storage Spaces Direct
Fault tolerance and storage efficiency
Planning volumes in Storage Spaces Direct
8/18/2020 • 10 minutes to read • Edit Online
This topic provides guidance for how to plan volumes in Storage Spaces Direct to meet the performance and
capacity needs of your workloads, including choosing their filesystem, resiliency type, and size.
NOTE
Throughout documentation for Storage Spaces Direct, we use term "volume" to refer jointly to the volume and the virtual
disk under it, including functionality provided by other built-in Windows features such as Cluster Shared Volumes (CSV) and
ReFS. Understanding these implementation-level distinctions is not necessary to plan and deploy Storage Spaces Direct
successfully.
All volumes are accessible by all servers in the cluster at the same time. Once created, they show up at
C:\ClusterStorage\ on all servers.
Choosing how many volumes to create
We recommend making the number of volumes a multiple of the number of servers in your cluster. For example,
if you have 4 servers, you will experience more consistent performance with 4 total volumes than with 3 or 5.
This allows the cluster to distribute volume "ownership" (one server handles metadata orchestration for each
volume) evenly among servers.
We recommend limiting the total number of volumes to:
TIP
Volumes with different file systems can coexist in the same cluster.
NOTE
Which resiliency types you can choose is independent of which types of drives you have.
Nested resiliency (available only on Windows Server 2019) provides data resiliency between servers with two-
way mirroring, then adds resiliency within a server with two-way mirroring or mirror-accelerated parity. Nesting
provides data resilience even when one server is restarting or unavailable. Its storage efficiency is 25% with
nested two-way mirroring and around 35-40% for nested mirror-accelerated parity. Nested resiliency can safely
tolerate two hardware failures at a time (two drives, or a server and a drive on the remaining server). Because of
this added data resilience, we recommend using nested resiliency on production deployments of two-server
clusters, if you're running Windows Server 2019. For more info, see Nested resiliency.
Which resiliency type to use depends on the needs of your workload. Here's a table that summarizes which
workloads are a good fit for each resiliency type, as well as the performance and storage efficiency of each
resiliency type.
TIP
Mirroring is faster than any other resiliency type. We use mirroring for nearly all our performance examples.
TIP
If you observe an abrupt decrease in write performance partway through data ingestion, it may indicate that the mirror
portion is not large enough or that mirror-accelerated parity isn't well suited for your use case. As an example, if write
performance decreases from 400 MB/s to 40 MB/s, consider expanding the mirror portion or switching to three-way
mirror.
Up to 32 TB Up to 64 TB
TIP
If you use a backup solution that relies on the Volume Shadow Copy service (VSS) and the Volsnap software provider—as is
common with file server workloads—limiting the volume size to 10 TB will improve performance and reliability. Backup
solutions that use the newer Hyper-V RCT API and/or ReFS block cloning and/or the native SQL backup APIs perform well
up to 32 TB and beyond.
Footprint
The size of a volume refers to its usable capacity, the amount of data it can store. This is provided by the -Size
parameter of the New-Volume cmdlet and then appears in the Size property when you run the Get-Volume
cmdlet.
Size is distinct from volume's footprint, the total physical storage capacity it occupies on the storage pool. The
footprint depends on its resiliency type. For example, volumes that use three-way mirroring have a footprint
three times their size.
The footprints of your volumes need to fit in the storage pool.
Reserve capacity
Leaving some capacity in the storage pool unallocated gives volumes space to repair "in-place" after drives fail,
improving data safety and performance. If there is sufficient capacity, an immediate, in-place, parallel repair can
restore volumes to full resiliency even before the failed drives are replaced. This happens automatically.
We recommend reserving the equivalent of one capacity drive per server, up to 4 drives. You may reserve more
at your discretion, but this minimum recommendation guarantees an immediate, in-place, parallel repair can
succeed after the failure of any drive.
For example, if you have 2 servers and you are using 1 TB capacity drives, set aside 2 x 1 = 2 TB of the pool as
reserve. If you have 3 servers and 1 TB capacity drives, set aside 3 x 1 = 3 TB as reserve. If you have 4 or more
servers and 1 TB capacity drives, set aside 4 x 1 = 4 TB as reserve.
NOTE
In clusters with drives of all three types (NVMe + SSD + HDD), we recommend reserving the equivalent of one SSD plus
one HDD per server, up to 4 drives of each.
From this 128 TB in the storage pool, we set aside four drives, or 8 TB, so that in-place repairs can happen without
any rush to replace drives after they fail. This leaves 120 TB of physical storage capacity in the pool with which we
can create volumes.
Suppose we need our deployment to host some highly active Hyper-V virtual machines, but we also have lots of
cold storage – old files and backups we need to retain. Because we have four servers, let's create four volumes.
Let's put the virtual machines on the first two volumes, Volume1 and Volume2. We choose ReFS as the filesystem
(for the faster creation and checkpoints) and three-way mirroring for resiliency to maximize performance. Let's
put the cold storage on the other two volumes, Volume 3 and Volume 4. We choose NTFS as the filesystem (for
Data Deduplication) and dual parity for resiliency to maximize capacity.
We aren't required to make all volumes the same size, but for simplicity, let's – for example, we can make them all
12 TB.
Volume1 and Volume2 will each occupy 12 TB x 33.3% efficiency = 36 TB of physical storage capacity.
Volume3 and Volume4 will each occupy 12 TB x 50.0% efficiency = 24 TB of physical storage capacity.
36 TB + 36 TB + 24 TB + 24 TB = 120 TB
The four volumes fit exactly on the physical storage capacity available in our pool. Perfect!
TIP
You don't need to create all the volumes right away. You can always extend volumes or create new volumes later.
For simplicity, this example uses decimal (base-10) units throughout, meaning 1 TB = 1,000,000,000,000 bytes.
However, storage quantities in Windows appear in binary (base-2) units. For example, each 2 TB drive would
appear as 1.82 TiB in Windows. Likewise, the 128 TB storage pool would appear as 116.41 TiB. This is expected.
Usage
See Creating volumes in Storage Spaces Direct.
Additional References
Storage Spaces Direct overview
Choosing drives for Storage Spaces Direct
Fault tolerance and storage efficiency
Using Storage Spaces Direct in guest virtual machine
clusters
8/18/2020 • 2 minutes to read • Edit Online
You can deploy Storage Spaces Direct (sometimes called S2D) on a cluster of physical servers or on virtual
machine guest clusters as discussed in this topic. This type of deployment delivers virtual shared storage across a
set of VMs on top of a private or public cloud so that application high availability solutions can be used to increase
the availability of applications.
To instead use Azure Shared Disks for guest virtual machines, see Azure Shared Disks.
TIP
Azure templates will automatically configure the below considerations for you and are the recommended solution when
deploying in Azure IaaS VMs.
To give greater resiliency to possible VHD / VHDX / VMDK storage latency in guest clusters, increase the
Storage Spaces I/O timeout value:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\spaceport\\Parameters\\HwTimeout
dword: 00007530
The decimal equivalent of Hexadecimal 7530 is 30000, which is 30 seconds. Note that the default value is
1770 Hexadecimal, or 6000 Decimal, which is 6 seconds.
Not supported
Host level virtual disk snapshot/restore
Instead use traditional guest level backup solutions to backup and restore the data on the Storage Spaces
Direct volumes.
Host level virtual disk size change
The virtual disks exposed through the virtual machine must retain the same size and characteristics. Adding
more capacity to the storage pool can be accomplished by adding more virtual disks to each of the virtual
machines and adding them to the pool. It's highly recommended to use virtual disks of the same size and
characteristics as the current virtual disks.
Additional References
Additional Azure Iaas VM templates for deploying Storage Spaces Direct, videos, and step-by-step guides.
Additional Storage Spaces Direct Overview
Disaster recovery with Storage Spaces Direct
8/18/2020 • 7 minutes to read • Edit Online
This topic provides scenarios on how hyper-converged infrastructure (HCI) can be configured for disaster recovery.
Numerous companies are running hyper-converged solutions and planning for a disaster gives the ability to
remain in or get back to production quickly if a disaster were to occur. There are several ways to configure HCI for
disaster recovery and this document explains the options that are available to you today.
When discussions of restoring availability if disaster occurs revolve around what's known as Recovery Time
Objective (RTO). This is the duration of time targeted where services must be restored to avoid unacceptable
consequences to the business. In some cases, this process can occur automatically with production restored nearly
immediately. In other cases, manual administrator intervention must occur to restore services.
The disaster recovery options with a hyper-converged today are:
1. Multiple clusters utilizing Storage Replica
2. Hyper-V Replica between clusters
3. Backup and Restore
Hyper-V Replica
Hyper-V Replica provides virtual machine level replication for disaster recovery on hyper-converged
infrastructures. What Hyper-V Replica can do is to take a virtual machine and replicate it to a secondary site or
Azure (replica). Then from the secondary site, Hyper-V Replica can replicate the virtual machine to a third (extended
replica).
With Hyper-V Replica, the replication is taken care of by Hyper-V. When you first enable a virtual machine for
replication, there are three choices for how you wish the initial copy to be sent to the corresponding replica
cluster(s).
1. Send the initial copy over the network
2. Send the initial copy to external media so that it can be copied onto your server manually
3. Use an existing virtual machine already created on the replica hosts
The other option is for when you wish this initial replication should take place.
1. Start the replication immediately
2. Schedule a time for when the initial replication takes place.
Other considerations you will need are:
What VHD/VHDX's you wish to replicate. You can choose to replicate all of them or only one of them.
Number of recovery points you wish to save. If you wish to have several options about what point in time you
wish to restore, then you would want to specify how many you want. If you only want one restore point, you
can choose that as well.
How often you wish to have the Volume Shadow Copy Service (VSS) replicate an incremental shadow copy.
How often changes get replicated (30 seconds, 5 minutes, 15 minutes).
When HCI participate in Hyper-V Replica, you must have the Hyper-V Replica Broker resource created in each
cluster. This resource does several things:
1. Gives you a single namespace for each cluster for Hyper-V Replica to connect to.
2. Determines which node within that cluster the replica (or extended replica) will reside on when it first receives
the copy.
3. Keeps track of which node owns the replica (or extended replica) in case the virtual machine moves to another
node. It needs to track this so that when replication takes place, it can send the information to the proper node.
2. Determine if the version backup you have has the cluster registry information in it as a component. There
are a couple items you will need from this command, the version and the application/component for use in
Step 3. For the version, for example, say the backup was done January 3, 2018 at 2:04am and this is the one
you need restored.
3. Start the authoritative restore to recover only the cluster registry version you need.
Once the restore has taken place, this node must be the one to start the Cluster Service first and form the cluster.
All other nodes would then need to be started and join the cluster.
Summary
To sum this all up, hyper-converged disaster recovery is something that should be planned out carefully. There are
several scenarios that can best suits your needs and should be thoroughly tested. One item to note is that if you
are familiar with Failover Clusters in the past, stretch clusters have been a very popular option over the years.
There was a bit of a design change with the hyper-converged solution and it is based on resiliency. If you lose two
nodes in a hyper-converged cluster, the entire cluster will go down. With this being the case, in a hyper-converged
environment, the stretch scenario is not supported.
Deploy Storage Spaces Direct
8/18/2020 • 17 minutes to read • Edit Online
This topic provides step-by-step instructions to deploy Storage Spaces Direct on Windows Server. To deploy
Storage Spaces Direct as part of Azure Stack HCI, see What is the deployment process for Azure Stack HCI?
TIP
Looking to acquire hyperconverged infrastructure? Microsoft recommends purchasing a validated hardware/software Azure
Stack HCI solution from our partners. These solutions are designed, assembled, and validated against our reference
architecture to ensure compatibility and reliability, so you get up and running quickly. To peruse a catalog of
hardware/software solutions that work with Azure Stack HCI, see the Azure Stack HCI Catalog.
TIP
You can use Hyper-V virtual machines, including in Microsoft Azure, to evaluate Storage Spaces Direct without hardware.
You may also want to review the handy Windows Server rapid lab deployment scripts, which we use for training purposes.
Here's an example of doing the same thing in a way that is more useful in scripts, in case you need to do this more
than once:
$myServer1 = "myServer-1"
$user = "$myServer1\Administrator"
TIP
If you're deploying remotely from a management system, you might get an error like WinRM cannot process the request. To
fix this, use Windows PowerShell to add each server to the Trusted Hosts list on your management computer:
Set-Item WSMAN:\Localhost\Client\TrustedHosts -Value Server01 -Force
To manage Storage Spaces Direct, you'll need to join the servers to a domain and use an Active Directory Domain
Services domain account that is in the Administrators group on every server.
From the management system, open a PowerShell console with Administrator privileges. Use Enter-PSSession to
connect to each server and run the following cmdlet, substituting your own computer name, domain name, and
domain credentials:
If your storage administrator account isn't a member of the Domain Admins group, add your storage
administrator account to the local Administrators group on each node - or better yet, add the group you use for
storage administrators. You can use the following command (or write a Windows PowerShell function to do so -
see Use PowerShell to Add Domain Users to a Local Group for more info):
To run the command on all servers in the cluster as the same time, use this little bit of script, modifying the list of
variables at the beginning of the script to fit your environment.
# This part runs the Install-WindowsFeature cmdlet on all servers in $ServerList, passing the list of
features into the scriptblock with the "Using" scope modifier so you don't have to hard-code them here.
Invoke-Command ($ServerList) {
Install-WindowsFeature -Name $Using:Featurelist
}
Windows Server 2016 introduces switch-embedded teaming (SET) within the Hyper-V virtual switch. This allows
the same physical NIC ports to be used for all network traffic while using RDMA, reducing the number of physical
NIC ports required. Switch-embedded teaming is recommended for Storage Spaces Direct.
Switched or switchless node interconnects
Switched: Network switches must be properly configured to handle the bandwidth and networking type. If
using RDMA that implements the RoCE protocol, network device and switch configuration is even more
important.
Switchless: Nodes can be interconnected using direct connections, avoiding using a switch. It is required that
every node have a direct connection with every other node of the cluster.
For instructions to set up networking for Storage Spaces Direct, see Windows Server 2016 Converged NIC and
Guest RDMA Deployment Guide.
WARNING
This script will permanently remove any data on any drives other than the operating system boot drive!
Invoke-Command ($ServerList) {
Update-StorageProviderCache
Get-StoragePool | ? IsPrimordial -eq $false | Set-StoragePool -IsReadOnly:$false -ErrorAction
SilentlyContinue
Get-StoragePool | ? IsPrimordial -eq $false | Get-VirtualDisk | Remove-VirtualDisk -Confirm:$false -
ErrorAction SilentlyContinue
Get-StoragePool | ? IsPrimordial -eq $false | Remove-StoragePool -Confirm:$false -ErrorAction
SilentlyContinue
Get-PhysicalDisk | Reset-PhysicalDisk -ErrorAction SilentlyContinue
Get-Disk | ? Number -ne $null | ? IsBoot -ne $true | ? IsSystem -ne $true | ? PartitionStyle -ne RAW | %
{
$_ | Set-Disk -isoffline:$false
$_ | Set-Disk -isreadonly:$false
$_ | Clear-Disk -RemoveData -RemoveOEM -Confirm:$false
$_ | Set-Disk -isreadonly:$true
$_ | Set-Disk -isoffline:$true
}
Get-Disk | Where Number -Ne $Null | Where IsBoot -Ne $True | Where IsSystem -Ne $True | Where
PartitionStyle -Eq RAW | Group -NoElement -Property FriendlyName
} | Sort -Property PsComputerName, Count
The output will look like this, where Count is the number of drives of each model in each server:
Test-Cluster –Node <MachineName1, MachineName2, MachineName3, MachineName4> –Include "Storage Spaces Direct",
"Inventory", "Network", "System Configuration"
NOTE
If the servers are using static IP addresses, modify the following command to reflect the static IP address by adding the
following parameter and specifying the IP address:–StaticAddress <X.X.X.X>. In the following command the ClusterName
placeholder should be replaced with a netbios name that is unique and 15 characters or less.
After the cluster is created, it can take time for DNS entry for the cluster name to be replicated. The time is
dependent on the environment and DNS replication configuration. If resolving the cluster isn't successful, in most
cases you can be successful with using the machine name of a node that is an active member of the cluster may
be used instead of the cluster name.
Step 3.4: Configure a cluster witness
We recommend that you configure a witness for the cluster, so clusters with three or more servers can withstand
two servers failing or being offline. A two-server deployment requires a cluster witness, otherwise either server
going offline causes the other to become unavailable as well. With these systems, you can use a file share as a
witness, or use cloud witness.
For more info, see the following topics:
Configure and manage quorum
Deploy a Cloud Witness for a Failover Cluster
Step 3.5: Enable Storage Spaces Direct
After creating the cluster, use the Enable-ClusterStorageSpacesDirect PowerShell cmdlet, which will put the
storage system into the Storage Spaces Direct mode and do the following automatically:
Create a pool: Creates a single large pool that has a name like "S2D on Cluster1".
Configures the Storage Spaces Direct caches: If there is more than one media (drive) type available
for Storage Spaces Direct use, it enables the fastest as cache devices (read and write in most cases)
Tiers: Creates two tiers as default tiers. One is called "Capacity" and the other called "Performance". The
cmdlet analyzes the devices and configures each tier with the mix of device types and resiliency.
From the management system, in a PowerShell command windows opened with Administrator privileges, initiate
the following command. The cluster name is the name of the cluster that you created in the previous steps. If this
command is run locally on one of the nodes, the -CimSession parameter is not necessary.
To enable Storage Spaces Direct using the above command, you can also use the node name instead of the cluster
name. Using the node name may be more reliable due to DNS replication delays that may occur with the newly
created cluster name.
When this command is finished, which may take several minutes, the system will be ready for volumes to be
created.
Step 3.6: Create volumes
We recommend using the New-Volume cmdlet as it provides the fastest and most straightforward experience. This
single cmdlet automatically creates the virtual disk, partitions and formats it, creates the volume with matching
name, and adds it to cluster shared volumes – all in one easy step.
For more information, check out Creating volumes in Storage Spaces Direct.
Step 3.7: Optionally enable the CSV cache
You can optionally enable the cluster shared volume (CSV) cache to use system memory (RAM) as a write-through
block-level cache of read operations that aren't already cached by the Windows cache manager. This can improve
performance for applications such as Hyper-V. The CSV cache can boost the performance of read requests and is
also useful for Scale-Out File Server scenarios.
Enabling the CSV cache reduces the amount of memory available to run VMs on a hyper-converged cluster, so
you'll have to balance storage performance with memory available to VHDs.
To set the size of the CSV cache, open a PowerShell session on the management system with an account that has
administrator permissions on the storage cluster, and then use this script, changing the $ClusterName and
$CSVCacheSize variables as appropriate (this example sets a 2 GB CSV cache per server):
$ClusterName = "StorageSpacesDirect1"
$CSVCacheSize = 2048 #Size in MB
Figure 1 Failover Cluster Manager showing the Scale-Out File Server with the Running status
NOTE
After creating the clustered role, there might be some network propagation delays that could prevent you from creating file
shares on it for a few minutes, or potentially longer.
To create a Scale-Out File Server role by using Windows PowerShell
In a Windows PowerShell session that's connected to the file server cluster, enter the following commands to
create the Scale-Out File Server role, changing FSCLUSTER to match the name of your cluster, and SOFS to match
the name you want to give the Scale-Out File Server role:
NOTE
After creating the clustered role, there might be some network propagation delays that could prevent you from creating file
shares on it for a few minutes, or potentially longer. If the SOFS role fails immediately and won't start, it might be because
the cluster's computer object doesn't have permission to create a computer account for the SOFS role. For help with that,
see this blog post: Scale-Out File Server Role Fails To Start With Event IDs 1205, 1069, and 1194.
NOTE
You'll have to update the group membership when you add cluster nodes unless you use System Center Virtual Machine
Manager to create your shares.
3. Open a Windows PowerShell session with Administrator credentials on one of the storage nodes, and then
use the following script to create shares for each CSV and grant administrative permissions for the shares
to the Domain Admins group and the compute cluster.
# Replace the values of these variables
$StorageClusterName = "StorageSpacesDirect1"
$HyperVObjectADGroupSamName = "Hyper-VServerComputerAccounts" <#No spaces#>
$SOFSName = "SOFS"
$SharePrefix = "Share"
$ScriptFolder = "C:\Scripts\SetupSMBSharesWithHyperV"
$HyperVClusterName = "Compute01"
$ScaleOutFSName = "SOFS"
$ScriptFolder = "C:\Scripts\SetupSMBSharesWithHyperV"
CD $ScriptFolder
.\KCDSetup.ps1 -HyperVClusterName $HyperVClusterName -ScaleOutFSName $ScaleOutFSName -EnableLM
Next steps
After deploying your clustered file server, we recommend testing the performance of your solution using synthetic
workloads prior to bringing up any real workloads. This lets you confirm that the solution is performing properly
and work out any lingering issues before adding the complexity of workloads. For more info, see Test Storage
Spaces Performance Using Synthetic Workloads.
Additional References
Storage Spaces Direct in Windows Server 2016
Understand the cache in Storage Spaces Direct
Planning volumes in Storage Spaces Direct
Storage Spaces Fault Tolerance
Storage Spaces Direct Hardware Requirements
To RDMA, or not to RDMA – that is the question (TechNet blog)
Creating volumes in Storage Spaces Direct
8/18/2020 • 5 minutes to read • Edit Online
This topic describes how to create volumes on a Storage Spaces Direct cluster by using Windows Admin Center
and PowerShell.
TIP
If you haven't already, check out Planning volumes in Storage Spaces Direct first.
NOTE
Windows, including PowerShell, counts using binary (base-2) numbers, whereas drives are often labeled using
decimal (base-10) numbers. This explains why a "one terabyte" drive, defined as 1,000,000,000,000 bytes, appears
in Windows as about "909 GB". This is expected. When creating volumes using New-Volume , you should specify
the Size parameter in binary (base-2) numbers. For example, specifying "909GB" or "0.909495TB" will create a
volume of approximately 1,000,000,000,000 bytes.
Additional References
Storage Spaces Direct overview
Planning volumes in Storage Spaces Direct
Extending volumes in Storage Spaces Direct
Deleting volumes in Storage Spaces Direct
Nested resiliency for Storage Spaces Direct
8/18/2020 • 8 minutes to read • Edit Online
Nested resiliency is a new capability of Storage Spaces Direct in Windows Server 2019 that enables a two-server
cluster to withstand multiple hardware failures at the same time without loss of storage availability, so users, apps,
and virtual machines continue to run without disruption. This topic explains how it works, provides step-by-step
instructions to get started, and answers the most frequently asked questions.
Prerequisites
Consider nested resiliency if:
Your cluster runs Windows Server 2019; and
Your cluster has exactly 2 server nodes
The trade-off is that nested resiliency has lower capacity efficiency than classic two-way mirroring ,
meaning you get slightly less usable space. For details, see the Capacity efficiency section below.
How it works
Inspiration: RAID 5+1
RAID 5+1 is an established form of distributed storage resiliency that provides helpful background for
understanding nested resiliency. In RAID 5+1, within each server, local resiliency is provided by RAID-5, or single
parity, to protect against the loss of any single drive. Then, further resiliency is provided by RAID-1, or two-way
mirroring, between the two servers to protect against the loss of either server.
Nested mirror-accelerated parity. Combine nested two-way mirroring, from above, with nested parity.
Within each server, local resiliency for most data is provided by single bitwise parity arithmetic, except new
recent writes which use two-way mirroring. Then, further resiliency for all data is provided by two-way
mirroring between the servers. For more information about how mirror-accelerated parity works, see
Mirror-accelerated parity.
Capacity efficiency
Capacity efficiency is the ratio of usable space to volume footprint. It describes the capacity overhead attributable
to resiliency, and depends on the resiliency option you choose. As a simple example, storing data without resiliency
is 100% capacity efficient (1 TB of data takes up 1 TB of physical storage capacity), while two-way mirroring is 50%
efficient (1 TB of data takes up 2 TB of physical storage capacity).
Nested two-way mirror writes four copies of everything, meaning to store 1 TB of data, you need 4 TB of
physical storage capacity. Although its simplicity is appealing, nested two-way mirror's capacity efficiency of
25% is the lowest of any resiliency option in Storage Spaces Direct.
Nested mirror-accelerated parity achieves higher capacity efficiency, around 35%-40%, that depends on
two factors: the number of capacity drives in each server, and the mix of mirror and parity you specify for
the volume. This table provides a lookup for common configurations:
C A PA C IT Y DRIVES P ER
SERVER 10% M IRRO R 20% M IRRO R 30% M IRRO R
NOTE
If you're curious, here's an example of the full math. Suppose we have six capacity drives in each of two
servers, and we want to create one 100 GB volume comprised of 10 GB of mirror and 90 GB of parity. Server-local
two-way mirror is 50.0% efficient, meaning the 10 GB of mirror data takes 20 GB to store on each server. Mirrored
to both servers, its total footprint is 40 GB. Server-local single parity, in this case, is 5/6 = 83.3% efficient, meaning
the 90 GB of parity data takes 108 GB to store on each server. Mirrored to both servers, its total footprint is 216 GB.
The total footprint is thus [(10 GB / 50.0%) + (90 GB / 83.3%)] × 2 = 256 GB, for 39.1% overall capacity efficiency.
Notice that the capacity efficiency of classic two-way mirroring (about 50%) and nested mirror-accelerated parity
(up to 40%) are not very different. Depending on your requirements, the slightly lower capacity efficiency may be
well worth the significant increase in storage availability. You choose resiliency per-volume, so you can mix nested
resiliency volumes and classic two-way mirror volumes within the same cluster.
Usage in PowerShell
You can use familiar storage cmdlets in PowerShell to create volumes with nested resiliency.
Step 1: Create storage tier templates
First, create new storage tier templates using the New-StorageTier cmdlet. You only need to do this once, and then
every new volume you create can reference these template. Specify the -MediaType of your capacity drives and,
optionally, the -FriendlyName of your choice. Do not modify the other parameters.
If your capacity drives are hard disk drives (HDD), launch PowerShell as Administrator and run:
# For mirror
New-StorageTier -StoragePoolFriendlyName S2D* -FriendlyName NestedMirror -ResiliencySettingName Mirror -
MediaType HDD -NumberOfDataCopies 4
# For parity
New-StorageTier -StoragePoolFriendlyName S2D* -FriendlyName NestedParity -ResiliencySettingName Parity -
MediaType HDD -NumberOfDataCopies 2 -PhysicalDiskRedundancy 1 -NumberOfGroups 1 -FaultDomainAwareness
StorageScaleUnit -ColumnIsolation PhysicalDisk
If your capacity drives are solid-state drives (SSD), set the -MediaType to SSD instead. Do not modify the other
parameters.
TIP
Verify the tiers created successfully with Get-StorageTier .
Server down, first 30 minutes Cache reads and writes, full No (temporarily)
performance
After first 30 minutes Cache reads only, performance Yes (after the cache has been written to
impacted capacity drives)
Additional References
Storage Spaces Direct overview
Understand fault tolerance in Storage Spaces Direct
Plan volumes in Storage Spaces Direct
Create volumes in Storage Spaces Direct
Configure and manage quorum
8/18/2020 • 20 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
This topic provides background and steps to configure and manage the quorum in a Windows Server failover
cluster.
Understanding quorum
The quorum for a cluster is determined by the number of voting elements that must be part of active cluster
membership for that cluster to start properly or continue running. For a more detailed explanation, see the
understanding cluster and pool quorum doc.
O P T IO N DESC RIP T IO N
Use typical settings The cluster automatically assigns a vote to each node and
dynamically manages the node votes. If it is suitable for your
cluster, and there is cluster shared storage available, the
cluster selects a disk witness. This option is recommended in
most cases, because the cluster software automatically
chooses a quorum and witness configuration that provides
the highest availability for your cluster.
Add or change the quorum witness You can add, change, or remove a witness resource. You can
configure a file share or disk witness. The cluster automatically
assigns a vote to each node and dynamically manages the
node votes.
Advanced quorum configuration and witness selection You should select this option only when you have application-
specific or site-specific requirements for configuring the
quorum. You can modify the quorum witness, add or remove
node votes, and choose whether the cluster dynamically
manages node votes. By default, votes are assigned to all
nodes, and the node votes are dynamically managed.
Depending on the quorum configuration option that you choose and your specific settings, the cluster will be
configured in one of the following quorum modes:
M O DE DESC RIP T IO N
M O DE DESC RIP T IO N
Node majority (no witness) Only nodes have votes. No quorum witness is configured. The
cluster quorum is the majority of voting nodes in the active
cluster membership.
Node majority with witness (disk or file share) Nodes have votes. In addition, a quorum witness has a vote.
The cluster quorum is the majority of voting nodes in the
active cluster membership plus a witness vote. A quorum
witness can be a designated disk witness or a designated file
share witness.
No majority (disk witness only) No nodes have votes. Only a disk witness has a vote.
The cluster quorum is determined by the state of the disk
witness. Generally, this mode is not recommended, and it
should not be selected because it creates a single point of
failure for the cluster.
The following subsections will give you more information about advanced quorum configuration settings.
Witness configuration
As a general rule when you configure a quorum, the voting elements in the cluster should be an odd number.
Therefore, if the cluster contains an even number of voting nodes, you should configure a disk witness or a file
share witness. The cluster will be able to sustain one additional node down. In addition, adding a witness vote
enables the cluster to continue running if half the cluster nodes simultaneously go down or are disconnected.
A disk witness is usually recommended if all nodes can see the disk. A file share witness is recommended when
you need to consider multisite disaster recovery with replicated storage. Configuring a disk witness with
replicated storage is possible only if the storage vendor supports read-write access from all sites to the replicated
storage. A Disk Witness isn't suppor ted with Storage Spaces Direct .
The following table provides additional information and considerations about the quorum witness types.
REQ UIREM EN T S A N D
W IT N ESS T Y P E DESC RIP T IO N REC O M M EN DAT IO N S
Disk witness Dedicated LUN that stores a Size of LUN must be at least
copy of the cluster database 512 MB
Most useful for clusters with Must be dedicated to cluster
shared (not replicated) storage use and not assigned to a
clustered role
Must be included in clustered
storage and pass storage
validation tests
Cannot be a disk that is a
Cluster Shared Volume (CSV)
Basic disk with a single volume
Does not need to have a drive
letter
Can be formatted with NTFS or
ReFS
Can be optionally configured
with hardware RAID for fault
tolerance
Should be excluded from
backups and antivirus scanning
A Disk witness isn't supported
with Storage Spaces Direct
REQ UIREM EN T S A N D
W IT N ESS T Y P E DESC RIP T IO N REC O M M EN DAT IO N S
File share witness SMB file share that is configured Must have a minimum of 5 MB
on a file server running of free space
Windows Server Must be dedicated to the single
Does not store a copy of the cluster and not used to store
cluster database user or application data
Maintains cluster information Must have write permissions
only in a witness.log file enabled for the computer object
Most useful for multisite for the cluster name
clusters with replicated storage
The following are additional
considerations for a file server that
hosts the file share witness:
A single file server can be
configured with file share
witnesses for multiple clusters.
The file server must be on a site
that is separate from the cluster
workload. This allows equal
opportunity for any cluster site
to survive if site-to-site network
communication is lost. If the file
server is on the same site, that
site becomes the primary site,
and it is the only site that can
reach the file share.
The file server can run on a
virtual machine if the virtual
machine is not hosted on the
same cluster that uses the file
share witness.
For high availability, the file
server can be configured on a
separate failover cluster.
Cloud witness A witness file stored in Azure See Deploy a cloud witness.
blob storage
Recommended when all servers
in the cluster have a reliable
Internet connection.
IMPORTANT
It is usually best to use the quorum configuration that is recommended by the Configure Cluster Quorum Wizard. We
recommend customizing the quorum configuration only if you have determined that the change is appropriate for your
cluster. For more information, see General recommendations for quorum configuration in this topic.
NOTE
You can change the cluster quorum configuration without stopping the cluster or taking cluster resources offline.
Change the quorum configuration in a failover cluster by using Failover Cluster Manager
1. In Failover Cluster Manager, select or specify the cluster that you want to change.
2. With the cluster selected, under Actions , select More Actions , and then select Configure Cluster
Quorum Settings . The Configure Cluster Quorum Wizard appears. Select Next .
3. On the Select Quorum Configuration Option page, select one of the three configuration options and
complete the steps for that option. Before you configure the quorum settings, you can review your choices.
For more information about the options, see Understanding quorum, earlier in this topic.
To allow the cluster to automatically reset the quorum settings that are optimal for your current
cluster configuration, select Use typical settings and then complete the wizard.
To add or change the quorum witness, select Add or change the quorum witness , and then
complete the following steps. For information and considerations about configuring a quorum
witness, see Witness configuration earlier in this topic.
a. On the Select Quorum Witness page, select an option to configure a disk witness or a file
share witness. The wizard indicates the witness selection options that are recommended for
your cluster.
NOTE
You can also select Do not configure a quorum witness and then complete the wizard. If you
have an even number of voting nodes in your cluster, this may not be a recommended configuration.
b. If you select the option to configure a disk witness, on the Configure Storage Witness
page, select the storage volume that you want to assign as the disk witness, and then
complete the wizard.
c. If you select the option to configure a file share witness, on the Configure File Share
Witness page, type or browse to a file share that will be used as the witness resource, and
then complete the wizard.
To configure quorum management settings and to add or change the quorum witness, select
Advanced quorum configuration and witness selection , and then complete the following
steps. For information and considerations about the advanced quorum configuration settings, see
Node vote assignment and Dynamic quorum management earlier in this topic.
a. On the Select Voting Configuration page, select an option to assign votes to nodes. By
default, all nodes are assigned a vote. However, for certain scenarios, you can assign votes
only to a subset of the nodes.
NOTE
You can also select No Nodes . This is generally not recommended, because it does not allow nodes
to participate in quorum voting, and it requires configuring a disk witness. This disk witness becomes
the single point of failure for the cluster.
b. On the Configure Quorum Management page, you can enable or disable the Allow
cluster to dynamically manage the assignment of node votes option. Selecting this
option generally increases the availability of the cluster. By default the option is enabled, and
it is strongly recommended to not disable this option. This option allows the cluster to
continue running in failure scenarios that are not possible when this option is disabled.
c. On the Select Quorum Witness page, select an option to configure a disk witness or a file
share witness. The wizard indicates the witness selection options that are recommended for
your cluster.
NOTE
You can also select Do not configure a quorum witness , and then complete the wizard. If you
have an even number of voting nodes in your cluster, this may not be a recommended configuration.
d. If you select the option to configure a disk witness, on the Configure Storage Witness
page, select the storage volume that you want to assign as the disk witness, and then
complete the wizard.
e. If you select the option to configure a file share witness, on the Configure File Share
Witness page, type or browse to a file share that will be used as the witness resource, and
then complete the wizard.
4. Select Next . Confirm your selections on the confirmation page that appears, and then select Next .
After the wizard runs and the Summar y page appears, if you want to view a report of the tasks that the wizard
performed, select View Repor t . The most recent report will remain in the systemroot\Cluster\Repor ts folder
with the name QuorumConfiguration.mht .
NOTE
After you configure the cluster quorum, we recommend that you run the Validate Quorum Configuration test to verify
the updated quorum settings.
The following example changes the quorum configuration on the local cluster to a node majority with witness
configuration. The disk resource named Cluster Disk 2 is configured as a disk witness.
The following example changes the quorum configuration on the local cluster to a node majority with witness
configuration. The file share resource named \\CONTOSO-FS\fsw is configured as a file share witness.
The following example removes the quorum vote from node ContosoFCNode1 on the local cluster.
(Get-ClusterNode ContosoFCNode1).NodeWeight=0
The following example adds the quorum vote to node ContosoFCNode1 on the local cluster.
(Get-ClusterNode ContosoFCNode1).NodeWeight=1
The following example enables the DynamicQuorum property of the cluster CONTOSO-FC1 (if it was previously
disabled):
(Get-Cluster CONTOSO-FC1).DynamicQuorum=1
NOTE
If the Cluster service stops because quorum is lost, Event ID 1177 appears in the system log.
It is always necessary to investigate why the cluster quorum was lost.
It is always preferable to bring a node or quorum witness to a healthy state (join the cluster) rather than starting the
cluster without quorum.
IMPORTANT
After a cluster is force started, the administrator is in full control of the cluster.
The cluster uses the cluster configuration on the node where the cluster is force started, and replicates it to all other
nodes that are available.
If you force the cluster to start without quorum, all quorum configuration settings are ignored while the cluster remains
in ForceQuorum mode. This includes specific node vote assignments and dynamic quorum management settings.
IMPORTANT
After a cluster is force started on a node, we recommend that you always start the remaining nodes with the quorum
prevented.
NOTE
To force the cluster to start on a specific node that contains a cluster configuration that you want to use, you must use
the Windows PowerShell cmdlets or equivalent command-line tools as presented after this procedure.
If you use Failover Cluster Manager to connect to a cluster that is force started, and you use the Star t Cluster Ser vice
action to start a node, the node is automatically started with the setting that prevents quorum.
Alternatively, you can type the following command locally on the node:
The following example shows how to use the Star t-ClusterNode cmdlet to start the Cluster service with the
quorum prevented on node ContosoFCNode1.
Alternatively, you can type the following command locally on the node:
IT EM DESC RIP T IO N
Node vote assignment Node votes should not be removed because all nodes are
equally important
IT EM DESC RIP T IO N
Number of node votes per site Node votes should not be removed from nodes at the
primary site, SiteA
Node votes should be removed from nodes at the
backup site, SiteB
If a long-term outage occurs at SiteA , votes must be
assigned to nodes at SiteB to enable a quorum
majority at that site as part of recovery
More information
Failover Clustering
Failover Clusters Windows PowerShell cmdlets
Understanding Cluster and Pool Quorum
Upgrade a Storage Spaces Direct cluster to Windows
Server 2019
8/18/2020 • 14 minutes to read • Edit Online
This topic describes how to upgrade a Storage Spaces Direct cluster to Windows Server 2019. There are four
approaches to upgrading a Storage Spaces Direct cluster from Windows Server 2016 to Windows Server 2019,
using the cluster OS rolling upgrade process —two that involve keeping the VMs running, and two that involve
stopping all VMs. Each approach has different strengths and weaknesses, so select that one that best suits the
needs of your organization:
In-place upgrade while VMs are running on each server in the cluster—this option incurs no VM
downtime, but you'll need to wait for storage jobs (mirror repair) to complete after each server is upgraded.
Clean-OS installation while VMs are running on each server in the cluster—this option incurs no VM
downtime, but you'll need to wait for storage jobs (mirror repair) to complete after each server is upgraded,
and you'll have to set up each server and all its apps and roles again.
In-place upgrade while VMs are stopped on each server in the cluster—this option incurs VM
downtime, but you don't need to wait for storage jobs (mirror repair), so it's faster.
Clean-OS install while VMs are stopped on each server in the cluster—This option incurs VM
downtime, but you don't need to wait for storage jobs (mirror repair) so it's faster.
Suspend-ClusterNode -Drain
c. Place the server in storage maintenance mode by running the following PowerShell commands:
d. Run the following cmdlet to check that the OperationalStatus value is In Maintenance Mode :
Get-PhysicalDisk
e. Perform an upgrade installation of Windows Server 2019 on the server by running setup.exe and
using the “Keep personal files and apps” option. After installation is complete, the server remains in
the cluster and the cluster service starts automatically.
f. Check that the newly upgraded server has the latest Windows Server 2019 updates. For more info,
see Windows 10 and Windows Server 2019 update history. The build number (see ver command)
should be 17763.292 or higher.
g. Remove the server from storage maintenance mode by using the following PowerShell command:
Resume-ClusterNode
i. Wait for storage repair jobs to finish and for all disks to return to a healthy state. This could take
considerable time depending on the number of VMs running during the server upgrade. Here are the
commands to run:
Get-StorageJob
Get-VirtualDisk
Update-ClusterFunctionalLevel
NOTE
We recommend updating the cluster functional level as soon as possible, though technically you have up to four
weeks to do so.
6. After the cluster functional level has been updated, use the following cmdlet to update the storage pool. At
this point, new cmdlets such as Get-ClusterPerf will be fully operational on any server in the cluster.
Update-StoragePool
7. Optionally upgrade VM configuration levels by stopping each VM, using the Update-VMVersion cmdlet, and
then starting the VMs again.
8. If you're using Software Defined Networking with SET switches and disabled VM live migration checks as
instructed to above, use the following cmdlet to re-enable VM Live verification checks:
9. Verify that the upgraded cluster functions as expected. Roles should fail-over correctly and if VM live
migration is used on the cluster, VMs should successfully live migrate.
10. Validate the cluster by running Cluster Validation ( Test-Cluster ) and examining the cluster validation
report.
Performing a clean OS installation while VMs are running
This option incurs no VM downtime, but you'll need to wait for storage jobs (mirror repair) to complete after each
server is upgraded. Although individual servers will be restarted sequentially during the upgrade process, the
remaining servers in the cluster, as well as all VMs, will remain running.
1. Check that all the servers in the cluster are running the latest updates. For more info, see Windows 10 and
Windows Server 2016 update history. At a minimum, install Microsoft Knowledge Base article 4487006
(Feb 19th, 2019). The build number (see ver command) should be 14393.2828 or higher.
2. If you're using Software Defined Networking with SET switches, open an elevated PowerShell session and
run the following command to disable VM live migration verification checks on all VMs on the cluster:
Suspend-ClusterNode -Drain
c. Place the server in storage maintenance mode by running the following PowerShell commands:
d. Run the following cmdlet to check that the OperationalStatus value is In Maintenance Mode :
Get-PhysicalDisk
e. Evict the server from the cluster by running the following PowerShell command:
Remove-ClusterNode <ServerName>
f. Perform a clean installation of Windows Server 2019 on the server: format the system drive, run
setup.exe and use the “Nothing” option. You'll have to configure the server identity, roles, features,
and applications after setup completes and the server restarts.
g. Install the Hyper-V role and Failover-Clustering feature on the server (you can use the
Install-WindowsFeature cmdlet).
h. Install the latest storage and networking drivers for your hardware that are approved by your server
manufacturer for use with Storage Spaces Direct.
i. Check that the newly upgraded server has the latest Windows Server 2019 updates. For more info,
see Windows 10 and Windows Server 2019 update history. The build number (see ver command)
should be 17763.292 or higher.
j. Rejoin the server to the cluster by using the following PowerShell command:
Add-ClusterNode
k. Remove the server from storage maintenance mode by using the following PowerShell commands:
l. Wait for storage repair jobs to finish and for all disks to return to a healthy state. This could take
considerable time depending on the number of VMs running during the server upgrade. Here are the
commands to run:
Get-StorageJob
Get-VirtualDisk
Update-ClusterFunctionalLevel
NOTE
We recommend updating the cluster functional level as soon as possible, though technically you have up to four
weeks to do so.
6. After the cluster functional level has been updated, use the following cmdlet to update the storage pool. At
this point, new cmdlets such as Get-ClusterPerf will be fully operational on any server in the cluster.
Update-StoragePool
7. Optionally upgrade VM configuration levels by stopping each VM and using the Update-VMVersion cmdlet,
and then starting the VMs again.
8. If you're using Software Defined Networking with SET switches and disabled VM live migration checks as
instructed to above, use the following cmdlet to re-enable VM Live verification checks:
9. Verify that the upgraded cluster functions as expected. Roles should fail-over correctly and if VM live
migration is used on the cluster, VMs should successfully live migrate.
10. Validate the cluster by running Cluster Validation ( Test-Cluster ) and examining the cluster validation
report.
Suspend-ClusterNode -Drain
b. Place the server in storage maintenance mode by running the following PowerShell commands:
c. Run the following cmdlet to check that the OperationalStatus value is In Maintenance Mode :
Get-PhysicalDisk
d. Perform an upgrade installation of Windows Server 2019 on the server by running setup.exe and
using the “Keep personal files and apps” option. After installation is complete, the server remains in
the cluster and the cluster service starts automatically.
e. Check that the newly upgraded server has the latest Windows Server 2019 updates. For more info,
see Windows 10 and Windows Server 2019 update history. The build number (see ver command)
should be 17763.292 or higher.
f. Remove the server from storage maintenance mode by using the following PowerShell commands:
Resume-ClusterNode
h. Wait for storage repair jobs to finish and for all disks to return to a healthy state. This should be
relatively fast, since VMs are not running. Here are the commands to run:
Get-StorageJob
Get-VirtualDisk
Update-ClusterFunctionalLevel
NOTE
We recommend updating the cluster functional level as soon as possible, though technically you have up to four
weeks to do so.
6. After the cluster functional level has been updated, use the following cmdlet to update the storage pool. At
this point, new cmdlets such as Get-ClusterPerf will be fully operational on any server in the cluster.
Update-StoragePool
7. Start the VMs on the cluster and check that they're working properly.
8. Optionally upgrade VM configuration levels by stopping each VM and using the Update-VMVersion cmdlet,
and then starting the VMs again.
9. Verify that the upgraded cluster functions as expected. Roles should fail-over correctly and if VM live
migration is used on the cluster, VMs should successfully live migrate.
10. Validate the cluster by running Cluster Validation ( Test-Cluster ) and examining the cluster validation
report.
Suspend-ClusterNode -Drain
c. Place the server in storage maintenance mode by running the following PowerShell commands:
d. Run the following cmdlet to check that the OperationalStatus value is In Maintenance Mode :
Get-PhysicalDisk
e. Evict the server from the cluster by running the following PowerShell command:
Remove-ClusterNode <ServerName>
f. Perform a clean installation of Windows Server 2019 on the server: format the system drive, run
setup.exe and use the “Nothing” option. You'll have to configure the server identity, roles, features,
and applications after setup completes and the server restarts.
g. Install the Hyper-V role and Failover-Clustering feature on the server (you can use the
Install-WindowsFeature cmdlet).
h. Install the latest storage and networking drivers for your hardware that are approved by your server
manufacturer for use with Storage Spaces Direct.
i. Check that the newly upgraded server has the latest Windows Server 2019 updates. For more info,
see Windows 10 and Windows Server 2019 update history. The build number (see ver command)
should be 17763.292 or higher.
j. Rejoin the server to the cluster by using the following PowerShell command:
Add-ClusterNode
k. Remove the server from storage maintenance mode by using the following PowerShell command:
l. Wait for storage repair jobs to finish and for all disks to return to a healthy state. This could take
considerable time depending on the number of VMs running during the server upgrade. Here are the
commands to run:
Get-StorageJob
Get-VirtualDisk
Update-ClusterFunctionalLevel
NOTE
We recommend updating the cluster functional level as soon as possible, though technically you have up to four
weeks to do so.
6. After the cluster functional level has been updated, use the following cmdlet to update the storage pool. At
this point, new cmdlets such as Get-ClusterPerf will be fully operational on any server in the cluster.
Update-StoragePool
7. Start the VMs on the cluster and check that they're working properly.
8. Optionally upgrade VM configuration levels by stopping each VM and using the Update-VMVersion cmdlet,
and then starting the VMs again.
9. Verify that the upgraded cluster functions as expected. Roles should fail-over correctly and if VM live
migration is used on the cluster, VMs should successfully live migrate.
10. Validate the cluster by running Cluster Validation ( Test-Cluster ) and examining the cluster validation
report.
Understand and deploy persistent memory
8/18/2020 • 10 minutes to read • Edit Online
Persistent memory (or PMem) is a new type of memory technology that delivers a unique combination of
affordable large capacity and persistence. This article provides background on PMem and the steps to deploy it in
Windows Server 2019 by using Storage Spaces Direct.
Background
PMem is a type of non-volatile RAM (NVDIMM) that retains its content through power cycles. Memory contents
remain even when system power goes down in the event of an unexpected power loss, user initiated shutdown,
system crash, and so on. This unique characteristic means that you can also use PMem as storage. This is why you
may hear people refer to PMem as "storage-class memory."
To see some of these benefits, let's look at the following demo from Microsoft Ignite 2018.
Any storage system that provides fault tolerance necessarily makes distributed copies of writes. Such operations
must traverse the network and amplify backend write traffic. For this reason, the absolute largest IOPS benchmark
numbers are typically achieved by measuring reads only, especially if the storage system has common-sense
optimizations to read from the local copy whenever possible. Storage Spaces Direct is optimized to do so.
When measured by using only read operations, the cluster delivers 13,798,674 IOPS.
If you watch the video closely, you'll notice that what's even more jaw-dropping is the latency. Even at over 13.7 M
IOPS, the file system in Windows is reporting latency that's consistently less than 40 µs! (That's the symbol for
microseconds, one-millionth of a second.) This speed is an order of magnitude faster than what typical all-flash
vendors proudly advertise today.
Together, Storage Spaces Direct in Windows Server 2019 and Intel® Optane™ DC persistent memory deliver
breakthrough performance. This industry-leading HCI benchmark of over 13.7M IOPS, accompanied by
predictable and extremely low latency, is more than double our previous industry-leading benchmark of 6.7M
IOPS. What's more, this time we needed only 12 server nodes—25 percent fewer than two years ago.
The test hardware was a 12-server cluster that was configured to use three-way mirroring and delimited ReFS
volumes, 12 x Intel® S2600WFT, 384 GiB memory, 2 x 28-core "CascadeLake," 1.5 TB Intel® Optane™ DC
persistent memory as cache, 32 TB NVMe (4 x 8 TB Intel® DC P4510) as capacity, 2 x Mellanox ConnectX-4 25
Gbps.
The following table shows the full performance numbers.
B EN C H M A RK P ERF O RM A N C E
Supported hardware
The following table shows supported persistent memory hardware for Windows Server 2019 and Windows
Server 2016.
NOTE
Intel Optane supports both Memory (volatile) and App Direct (persistent) modes.
NOTE
When you restart a system that has multiple Intel® Optane™ PMem modules in App Direct mode that are divided into
multiple namespaces, you might lose access to some or all of the related logical storage disks. This issue occurs on Windows
Server 2019 versions that are older than version 1903.
This loss of access occurs because a PMem module is untrained or otherwise fails when the system starts. In such a case, all
the storage namespaces on any PMem module on the system fail, including namespaces that do not physically map to the
failed module.
To restore access to all the namespaces, replace the failed module.
If a module fails on Windows Server 2019 version 1903 or newer versions, you lose access to only namespaces that
physically map to the affected module. Other namespaces are not affected.
Interleaved sets
Understanding interleaved sets
Recall that an NVDIMM resides in a standard DIMM (memory) slot, which puts data closer to the processor. This
configuration reduces latency and improves fetch performance. To further increase throughput, two or more
NVDIMMs create an n-way interleaved set to stripe read/write operations. The most common configurations are
two-way or four-way interleaving. An interleaved set also makes multiple persistent memory devices appear as a
single logical disk to Windows Server. You can use the Windows PowerShell get-PmemDisk cmdlet to review the
configuration of such logical disks, as follows:
Get-PmemDisk
We can see that the logical PMem disk #2 uses the physical devices Id20 and Id120, and logical PMem disk #3
uses the physical devices Id1020 and Id1120.
To retrieve further information about the interleaved set that a logical drive uses, run the Get-
PmemPhysicalDevice cmdlet:
(Get-PmemDisk)[0] | Get-PmemPhysicalDevice
Get-PmemUnusedRegion
To see all the PMem device information in the system, including device type, location, health and operational
status, and so on, run the following cmdlet on the local server:
Get-PmemPhysicalDevice
memory size
-------- ---------- ------------ ----------------- ---------------- ---------------- ---------------
------- --------------
1020 Intel INVDIMM device Healthy {Ok} CPU2_DIMM_C1 102005310 126 GB
0 GB
1120 Intel INVDIMM device Healthy {Ok} CPU2_DIMM_F1 102005310 126 GB
0 GB
120 Intel INVDIMM device Healthy {Ok} CPU1_DIMM_F1 102005310 126 GB
0 GB
20 Intel INVDIMM device Healthy {Ok} CPU1_DIMM_C1 102005310 126 GB
0 GB
Because we have an available unused PMem region, we can create new persistent memory disks. We can use the
unused region to create multiple persistent memory disks by running the following cmdlets:
Get-PmemUnusedRegion | New-PmemDisk
Creating new persistent memory disk. This may take a few moments.
Get-PmemDisk
It is worth noting that we can run Get-PhysicalDisk | Where MediaType -Eq SCM instead of Get-PmemDisk
to get the same results. The newly-created PMem disk corresponds one-to-one with drives that appear in
PowerShell and in Windows Admin Center.
Using persistent memory for cache or capacity
Storage Spaces Direct on Windows Server 2019 supports using persistent memory as either a cache or a capacity
drive. For more information about how to set up cache and capacity drives, see Understanding the cache in
Storage Spaces Direct.
Format-Volume -IsDax:$true
The following code snippet helps you create a DAX volume on a persistent memory disk.
# Here we use the first pmem disk to create the volume as an example
$disk = (Get-PmemDisk)[0] | Get-PhysicalDisk | Get-Disk
# Initialize the disk to GPT if it is not initialized
If ($disk.partitionstyle -eq "RAW") {$disk | Initialize-Disk -PartitionStyle GPT}
# Create a partition with drive letter 'S' (can use any available drive letter)
$disk | New-Partition -DriveLetter S -UseMaximumSize
DiskPath: \\?
\scmld#ven_8980&dev_097a&subsys_89804151&rev_0018#3&1b1819f6&0&03018089fb63494db728d8418b3cbbf549997891#
{53f56307-b6
bf-11d0-94f2-00a0c91efb8b}
UniqueId : {00000000-0000-0000-0000-
000100000000}SCMLD\VEN_8980&DEV_097A&SUBSYS_89804151&REV_0018\3&1B1819F6&0&03018089F
B63494DB728D8418B3CBBF549997891:WIN-8KGI228ULGA
AccessPaths : {S:\, \\?\Volume{cf468ffa-ae17-4139-a575-717547d4df09}\}
DiskNumber : 2
DiskPath : \\?
\scmld#ven_8980&dev_097a&subsys_89804151&rev_0018#3&1b1819f6&0&03018089fb63494db728d8418b3cbbf549997891#{5
3f56307-b6bf-11d0-94f2-00a0c91efb8b}
DriveLetter : S
Guid : {cf468ffa-ae17-4139-a575-717547d4df09}
IsActive : False
IsBoot : False
IsHidden : False
IsOffline : False
IsReadOnly : False
IsShadowCopy : False
IsDAX : True # <- True: DAX enabled
IsSystem : False
NoDefaultDriveLetter : False
Offset : 16777216
OperationalStatus : Online
PartitionNumber : 2
Size : 251.98 GB
Type : Basic
Monitoring health
When you use persistent memory, there are a few differences in the monitoring experience:
Persistent memory doesn't create Physical Disk performance counters, so you won't see it appear on charts in
Windows Admin Center.
Persistent memory doesn't create Storport 505 data, so you won't get proactive outlier detection.
Apart from that, the monitoring experience is the same as for any other physical disk. You can query for the health
of a persistent memory disk by running the following cmdlets:
Get-PmemDisk
Get-PmemPhysicalDevice
This cmdlet shows which persistent memory device is unhealthy. The unhealthy device (DeviceId 20) matches the
case in the previous example. The PhysicalLocation in BIOS can help identify which persistent memory device is
in faulty state.
Get-PmemDisk | Remove-PmemDisk
This will remove the persistent memory disk(s) from the system and will result in data loss.
Remove the persistent memory disk(s)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
Removing the persistent memory disk. This may take a few moments.
IMPORTANT
Removing a persistent memory disk causes data loss on that disk.
Another cmdlet you might need is Initialize-PmemPhysicalDevice . This cmdlet initializes the label storage
areas on the physical persistent memory devices, and can clear corrupted label storage information on the PMem
devices.
Get-PmemPhysicalDevice | Initialize-PmemPhysicalDevice
This will initialize the label storage area on the physical persistent memory device(s) and will result in
data loss.
Initializes the physical persistent memory device(s)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
Initializing the physical persistent memory device. This may take a few moments.
Initializing the physical persistent memory device. This may take a few moments.
Initializing the physical persistent memory device. This may take a few moments.
Initializing the physical persistent memory device. This may take a few moments.
IMPORTANT
Initialize-PmemPhysicalDevice causes data loss in persistent memory. Use it as a last resort to fix persistent memory-
related issues.
Additional References
Storage Spaces Direct overview
Storage-class Memory (NVDIMM-N) Health Management in Windows
Understand the cache
Manage Hyper-Converged Infrastructure with
Windows Admin Center
8/18/2020 • 12 minutes to read • Edit Online
TIP
Looking to acquire Hyper-Converged Infrastructure? Microsoft recommends these Windows Server Software-Defined
solutions from our partners. They are designed, assembled, and validated against our reference architecture to ensure
compatibility and reliability, so you get up and running quickly.
IMPORTANT
Some of the features described in this article are only available in Windows Admin Center Preview. How do I get this version?
Key features
Highlights of Windows Admin Center for Hyper-Converged Infrastructure include:
Unified single-pane-of-glass for compute, storage, and soon networking. View your virtual machines,
host servers, volumes, drives, and more within one purpose-built, consistent, interconnected experience.
Create and manage Storage Spaces and Hyper-V vir tual machines. Radically simple workflows to
create, open, resize, and delete volumes; and create, start, connect to, and move virtual machines; and much
more.
Powerful cluster-wide monitoring. The dashboard graphs memory and CPU usage, storage capacity, IOPS,
throughput, and latency in real-time, across every server in the cluster, with clear alerts when something's not
right.
Software Defined Networking (SDN) suppor t. Manage and monitor virtual networks, subnets, connect
virtual machines to virtual networks, and monitor SDN infrastructure.
Windows Admin Center for Hyper-Converged Infrastructure is being actively developed by Microsoft. It receives
frequent updates that improve existing features and add new features.
TIP
Windows Admin Center also offers a general-purpose management experience for any cluster supporting any workload,
available for Windows Server 2012 and later. If this sounds like a better fit, when you add your cluster to Windows Admin
Center, select Failover Cluster instead of Hyper-Converged Cluster .
Prepare your Windows Server 2016 cluster for Windows Admin Center
Windows Admin Center for Hyper-Converged Infrastructure depends on management APIs added after Windows
Server 2016 was released. Before you can manage your Windows Server 2016 cluster with Windows Admin
Center, you'll need to perform these two steps:
1. Verify that every server in the cluster has installed the 2018-05 Cumulative Update for Windows Server 2016
(KB4103723) or later. To download and install this update, go to Settings > Update & Security > Windows
Update and select Check online for updates from Microsoft Update .
2. Run the following PowerShell cmdlet as Administrator on the cluster:
TIP
You only need to run the cmdlet once, on any server in the cluster. You can run it locally in Windows PowerShell or use
Credential Security Service Provider (CredSSP) to run it remotely. Depending on your configuration, you may not be able to
run this cmdlet from within Windows Admin Center.
Prepare your Windows Server 2019 cluster for Windows Admin Center
If your cluster runs Windows Server 2019, the steps above are not necessary. Just add the cluster to Windows
Admin Center as described in the next section and you're good to go!
Configure Software Defined Networking (Optional)
You can configure your Hyper-Converged Infrastructure running Windows Server 2016 or 2019 to use Software
Defined Networking (SDN) with the following steps:
1. Prepare the VHD of the OS which is the same OS you installed on the hyper-converged infrastructure hosts.
This VHD will be used for all NC/SLB/GW VMs.
2. Download all the folder and files under SDN Express from
https://github.com/Microsoft/SDN/tree/master/SDNExpress.
3. Prepare a different VM using the deployment console. This VM should be able to access the SDN hosts. Also,
the VM should be have the RSAT Hyper-V tool installed.
4. Copy everything you downloaded for SDN Express to the deployment console VM. And share this SDNExpress
folder. Make sure every host can access the SDNExpress shared folder, as defined in the configuration file line
8:
\\$env:Computername\SDNExpress
5. Copy the VHD of the OS to the images folder under the SDNExpress folder on the deployment console VM.
6. Modify the SDN Express configuration with your environment setup. Finish the following two steps after you
modify the SDN Express configuration based on your environment information.
7. Run PowerShell with Admin privilege to deploy SDN:
Get started
Once your Hyper-Converged Infrastructure is deployed, you can manage it using Windows Admin Center.
Install Windows Admin Center
If you haven't already, download and install Windows Admin Center. The fastest way to get up and running is to
install it on your Windows 10 computer and manage your servers remotely. This takes less than five minutes.
Download now or learn more about other installation options.
Add Hyper-Converged Cluster
To add your cluster to Windows Admin Center:
1. Click + Add under All Connections.
2. Choose to add a Hyper-Converged Cluster Connection .
3. Type the name of the cluster and, if prompted, the credentials to use.
4. Click Add to finish.
The cluster will be added to your connections list. Click it to launch the Dashboard.
Add SDN -enabled Hyper-Converged Cluster (Windows Admin Center Preview)
The latest Windows Admin Center Preview supports Software Defined Networking management for Hyper-
Converged Infrastructure. By adding a Network Controller REST URI to your Hyper-Converged cluster connection,
you can use Hyper-converged Cluster Manager to manage your SDN resources and monitor SDN infrastructure.
1. Click + Add under All Connections.
2. Choose to add a Hyper-Converged Cluster Connection .
3. Type the name of the cluster and, if prompted, the credentials to use.
4. Check Configure the Network Controller to continue.
5. Enter the Network Controller URI and click Validate .
6. Click Add to finish.
The cluster will be added to your connections list. Click it to launch the Dashboard.
IMPORTANT
SDN environments with Kerberos authentication for Northbound communication are currently not supported.
Things to try
If you're just getting started, here are some quick tutorials to help you learn how Windows Admin Center for
Hyper-Converged Infrastructure is organized and works. Please exercise good judgement and be careful with
production environments. These videos were recorded with Windows Admin Center version 1804 and an Insider
Preview build of Windows Server 2019.
Manage Storage Spaces Direct volumes
(0:37) How to create a three-way mirror volume
(1:17) How to create a mirror-accelerated parity volume
(1:02) How to open a volume and add files
(0:51) How to turn on deduplication and compression
(0:47) How to expand a volume
(0:26) How to delete a volume
Open volume and add files https://www.youtube- Turn on deduplication and compression
nocookie.com/embed/j59z7ulohs4 https://www.youtube-nocookie.com/embed/PRibTacyKko
Connect a virtual machine to a virtual network (SDN -enabled HCI clusters using Windows Admin Center
Preview)
1. Select Vir tual Machines from the navigation on the left side.
2. Choose an existing virtual machine > Click Settings > Open the Networks tab in Settings .
3. Configure the Vir tual Network and Vir tual Subnet fields to connect the virtual machine to a virtual
network.
You can also configure the virtual network when creating a virtual machine.
Monitor Software Defined Networking infrastructure (SDN -enabled HCI clusters using Windows Admin Center
Preview)
1. Select SDN Monitoring from the navigation on the left side.
2. View detailed information about the health of Network Controller, Software Load Balancer, Virtual Gateway and
monitor your Virtual Gateway Pool, Public and Private IP Pool usage and SDN host status.
Give us feedback
It's all about your feedback! The most important benefit of frequent updates is to hear what's working and what
needs to be improved. Here are some ways to let us know what you're thinking:
Submit and vote for feature requests on UserVoice
Join the Windows Admin Center forum on Microsoft Tech Community
Tweet to @servermgmt
Additional References
Windows Admin Center
Storage Spaces Direct
Hyper-V
Software Defined Networking
Adding servers or drives to Storage Spaces Direct
8/18/2020 • 7 minutes to read • Edit Online
This topic describes how to add servers or drives to Storage Spaces Direct.
Adding servers
Adding servers, often called scaling out, adds storage capacity and can improve storage performance and unlock
better storage efficiency. If your deployment is hyper-converged, adding servers also provides more compute
resources for your workload.
Typical deployments are simple to scale out by adding servers. There are just two steps:
1. Run the cluster validation wizard using the Failover Cluster snap-in or with the Test-Cluster cmdlet in
PowerShell (run as Administrator). Include the new server <NewNode> you wish to add.
Test-Cluster -Node <Node>, <Node>, <Node>, <NewNode> -Include "Storage Spaces Direct", Inventory,
Network, "System Configuration"
This confirms that the new server is running Windows Server 2016 Datacenter Edition, has joined the same
Active Directory Domain Services domain as the existing servers, has all the required roles and features,
and has networking properly configured.
IMPORTANT
If you are re-using drives that contain old data or metadata you no longer need, clear them using Disk
Management or the Reset-PhysicalDisk cmdlet. If old data or metadata is detected, the drives aren't pooled.
2. Run the following cmdlet on the cluster to finish adding the server:
With two servers, you can only create two-way mirrored volumes (compare with distributed RAID-1). With three
servers, you can create three-way mirrored volumes for better fault tolerance. We recommend using three-way
mirroring whenever possible.
Two-way mirrored volumes cannot be upgraded in-place to three-way mirroring. Instead, you can create a new
volume and migrate (copy, such as by using Storage Replica) your data to it, and then remove the old volume.
To begin creating three-way mirrored volumes, you have several good options. You can use whichever you prefer.
Option 1
Specify PhysicalDiskRedundancy = 2 on each new volume upon creation.
Option 2
Instead, you can set PhysicalDiskRedundancyDefault = 2 on the pool's ResiliencySetting object named
Mirror . Then, any new mirrored volumes will automatically use three-way mirroring even if you don't specify it.
Option 3
Set PhysicalDiskRedundancy = 2 on the StorageTier template called Capacity, and then create volumes by
referencing the tier.
Option 2
Set PhysicalDiskRedundancy = 2 on the pool's ResiliencySetting object named Parity . Then, any new parity
volumes will automatically use dual parity even if you don't specify it
With four servers, you can also begin using mirror-accelerated parity, where an individual volume is part mirror
and part parity.
For this, you will need to update your StorageTier templates to have both Performance and Capacity tiers, as they
would be created if you had first run Enable-ClusterS2D at four servers. Specifically, both tiers should have the
MediaType of your capacity devices (such as SSD or HDD) and PhysicalDiskRedundancy = 2 . The Performance
tier should be ResiliencySettingName = Mirror , and the Capacity tier should be ResiliencySettingName =
Parity .
Option 3
You may find it easiest to simply remove the existing tier template and create the two new ones. This will not affect
any pre-existing volumes which were created by referring the tier template: it's just a template.
Remove-StorageTier -FriendlyName Capacity
That's it! You are now ready to create mirror-accelerated parity volumes by referencing these tier templates.
Example
2. Move this temporary fault-domain into the chassis or rack where the new server is located in the real world,
as specified by <ParentName>:
For more information, see Fault domain awareness in Windows Server 2016.
3. Add the server to the cluster as described in Adding servers. When the new server joins the cluster, it's
automatically associated (using its name) with the placeholder fault domain.
Adding drives
Adding drives, also known as scaling up, adds storage capacity and can improve performance. If you have available
slots, you can add drives to each server to expand your storage capacity without adding servers. You can add cache
drives or capacity drives independently at any time.
IMPORTANT
We strongly recommend that all servers have identical storage configurations.
To scale up, connect the drives and verify that Windows discovers them. They should appear in the output of the
Get-PhysicalDisk cmdlet in PowerShell with their CanPool property set to True . If they show as CanPool =
False , you can see why by checking their CannotPoolReason property.
Within a short time, eligible drives will automatically be claimed by Storage Spaces Direct, added to the storage
pool, and volumes will automatically be redistributed evenly across all the drives. At this point, you're finished and
ready to extend your volumes or create new ones.
If the drives don't appear, manually scan for hardware changes. This can be done using Device Manager , under
the Action menu. If they contain old data or metadata, consider reformatting them. This can be done using Disk
Management or with the Reset-PhysicalDisk cmdlet.
NOTE
Automatic pooling depends on you having only one pool. If you've circumvented the standard configuration to create
multiple pools, you will need to add new drives to your preferred pool yourself using Add-PhysicalDisk .
Get-StorageJob
You can manually optimize a storage pool with the Optimize-StoragePool cmdlet. Here's an example:
This topic provides guidance on how to properly restart or shutdown servers with Storage Spaces Direct.
With Storage Spaces Direct, taking a server offline (bringing it down) also means taking offline portions of the
storage that is shared across all servers in the cluster. Doing so requires pausing (suspending) the server you want
to take offline, moving roles to other servers in the cluster, and verifying that all data is available on the other
servers in the cluster so that the data remains safe and accessible throughout the maintenance.
Use the following procedures to properly pause a server in a Storage Spaces Direct cluster before taking it offline.
IMPORTANT
To install updates on a Storage Spaces Direct cluster, use Cluster-Aware Updating (CAU), which automatically performs the
procedures in this topic so you don't have to when installing updates. For more info, see Cluster Aware Updating (CAU).
Get-VirtualDisk
Verify that the HealthStatus property for every volume (virtual disk) is Healthy .
To do this in Failover Cluster Manager, go to Storage > Disks .
Verify that the Status column for every volume (virtual disk) shows Online .
In PowerShell, run the following cmdlet (as Administrator) to pause and drain.
Suspend-ClusterNode -Drain
To do this in Failover Cluster Manager, go to Nodes , right-click the node, and then select Pause > Drain Roles .
All virtual machines will begin live migrating to other servers in the cluster. This can take a few minutes.
NOTE
When you pause and drain the cluster node properly, Windows performs an automatic safety check to ensure it is safe to
proceed. If there are unhealthy volumes, it will stop and alert you that it's not safe to proceed.
Get-VirtualDisk
Incomplete or Degraded Operational Status is normal when nodes are shutting down or starting/stopping the
cluster service on a node and should not cause concern. All your volumes remain online and accessible.
Resume-ClusterNode
To move the roles that were previously running on this server back, use the optional -Failback flag.
To do this in Failover Cluster Manager, go to Nodes , right-click the node, and then select Resume > Fail Roles
Back .
Waiting for storage to resync
When the server resumes, any new writes that happened while it was unavailable need to resync. This happens
automatically. Using intelligent change tracking, it's not necessary for all data to be scanned or synchronized; only
the changes. This process is throttled to mitigate impact to production workloads. Depending on how long the
server was paused, and how much new data as written, it may take many minutes to complete.
You must wait for re-syncing to complete before taking any others servers in the cluster offline.
In PowerShell, run the following cmdlet (as Administrator) to monitor progress.
Get-StorageJob
The BytesTotal shows how much storage needs to resync. The PercentComplete displays progress.
WARNING
It's not safe to take another server offline until these repair jobs finish.
During this time, your volumes will continue to show as Warning , which is normal.
For example, if you use the Get-VirtualDisk cmdlet, you might see the following output:
FriendlyName ResiliencySettingName OperationalStatus HealthStatus IsManualAttach Size
------------ --------------------- ----------------- ------------ -------------- ----
MyVolume1 Mirror InService Warning True 1 TB
MyVolume2 Mirror InService Warning True 1 TB
MyVolume3 Mirror InService Warning True 1 TB
Once the jobs complete, verify that volumes show Healthy again by using the Get-VirtualDisk cmdlet. Here's
some example output:
It's now safe to pause and restart other servers in the cluster.
Additional References
Storage Spaces Direct overview
Cluster Aware Updating (CAU)
Removing servers in Storage Spaces Direct
8/18/2020 • 2 minutes to read • Edit Online
This topic describes how to remove servers in Storage Spaces Direct using PowerShell.
Remove-ClusterNode <Name>
This cmdlet succeeds quickly, regardless of any capacity considerations, because the storage pool "remembers" the
missing drives and expects them to come back. There is no data movement away from the missing drives. While
they remain missing, their OperationalStatus will show as "Lost Communication", and your volumes will show
"Incomplete".
When the drives come back, they are automatically detected and re-associated with the pool, even if they are now
in a new server.
WARNING
Do not distribute drives with pool data from one server into multiple other servers. For example, if one server with ten
drives fails (because its motherboard or boot drive failed, for instance), you can move all ten drives into one new server, but
you cannot move each of them separately into different other servers.
This cmdlet might take a long time (sometimes many hours) to run because Windows must move all the data
stored on that server to other servers in the cluster. Once this is complete, the drives are permanently removed
from the storage pool, returning affected volumes to a healthy state.
Requirements
To permanently scale-in (remove a server and its drives), your cluster must meet the following two requirements. If
it doesn't, the Remove-ClusterNode -CleanUpDisks cmdlet will return an error immediately, before it begins
any data movement, to minimize disruption.
Enough capacity
First, you must have enough storage capacity in the remaining servers to accommodate all your volumes.
For example, if you have four servers, each with 10 x 1 TB drives, you have 40 TB of total physical storage capacity.
After removing one server and all its drives, you will have 30 TB of capacity left. If the footprints of your volumes
are more than 30 TB together, they won't fit in the remaining servers, so the cmdlet will return an error and not
move any data.
Enough fault domains
Second, you must have enough fault domains (typically servers) to provide the resiliency of your volumes.
For example, if your volumes use three-way mirroring at the server level for resiliency, they cannot be fully healthy
unless you have at least three servers. If you have exactly three servers, and then attempt to remove one and all its
drives, the cmdlet will return an error and not move any data.
This table shows the minimum number of fault domains required for each resiliency type.
Two-way mirror 2
Three-way mirror 3
Dual parity 4
NOTE
It is okay to briefly have fewer servers, such as during failures or maintenance. However, in order for volumes to return to a
fully healthy state, you must have the minimum number of servers listed above.
Additional References
Storage Spaces Direct overview
Updating drive firmware
8/18/2020 • 9 minutes to read • Edit Online
Updating the firmware for drives has historically been a cumbersome task with a potential for downtime, which is
why we're making improvements to Storage Spaces, Windows Server, and Windows 10, version 1703 and newer. If
you have drives that support the new firmware update mechanism included in Windows, you can update drive
firmware of in-production drives without downtime. However, if you're going to update the firmware of a
production drive, make sure to read our tips on how to minimize the risk while using this powerful new
functionality.
WARNING
Firmware updates are a potentially risky maintenance operation and you should only apply them after thorough testing of
the new firmware image. It is possible that new firmware on unsupported hardware could negatively affect reliability and
stability, or even cause data loss. Administrators should read the release notes a given update comes with to determine its
impact and applicability.
Drive compatibility
To use Windows Server to update drive firmware, you must have supported drives. To ensure common device
behavior, we began by defining new and - for Windows 10 and Windows Server 2016 - optional Hardware Lab Kit
(HLK) requirements for SAS, SATA, and NVMe devices. These requirements outline which commands a SATA, SAS,
or NVMe device must support to be firmware-updatable using these new, Windows-native PowerShell cmdlets. To
support these requirements, there is a new HLK test to verify if vendor products support the right commands and
get them implemented in future revisions.
Contact your solution vendor for info about whether your hardware supports Windows updating the drive
firmware. Here are links to the various requirements:
SATA: Device.Storage.Hd.Sata - in the [If Implemented] Firmware Download & Activate section
SAS: Device.Storage.Hd.Sas - in the [If Implemented] Firmware Download & Activate section
NVMe: Device.Storage.ControllerDrive.NVMe - in sections 5.7 and 5.8 .
PowerShell cmdlets
The two cmdlets added to Windows are:
Get-StorageFirmwareInformation
Update-StorageFirmware
The first cmdlet provides you with detailed information about the device's capabilities, firmware images, and
revisions. In this case, the machine only contains a single SATA SSD with 1 firmware slot. Here's an example:
Get-PhysicalDisk | Get-StorageFirmwareInformation
SupportsUpdate : True
NumberOfSlots : 1
ActiveSlotNumber : 0
SlotNumber : {0}
IsSlotWritable : {True}
FirmwareVersionInSlot : {J3E16101}
Note that SAS devices always report "SupportsUpdate" as "True", since there is no way of explicitly querying the
device for support of these commands.
The second cmdlet, Update-StorageFirmware, enables administrators to update the drive firmware with an image
file, if the drive supports the new firmware update mechanism. You should obtain this image file from the OEM or
drive vendor directly.
NOTE
Before updating any production hardware, test the particular firmware image on identical hardware in a lab setting.
The drive will first load the new firmware image to an internal staging area. While this happens, I/O typically
continues. The image activates after downloading. During this time the drive will not be able to respond to I/O
commands as an internal reset occurs. This means that this drive serves no data during the activation. An
application accessing data on this drive would have to wait for a response until the firmware activation completes.
Here's an example of the cmdlet in action:
SupportsUpdate : True
NumberOfSlots : 1
ActiveSlotNumber : 0
SlotNumber : {0}
IsSlotWritable : {True}
FirmwareVersionInSlot : {J3E160@3}
Drives typically do not complete I/O requests when they activate a new firmware image. How long a drive takes to
activate depends on its design and the type of firmware you update. We have observed update times range from
fewer than 5 seconds to more than 30 seconds.
This drive performed the firmware update within ~5.8 seconds, as shown here:
Days : 0
Hours : 0
Minutes : 0
Seconds : 5
Milliseconds : 791
Ticks : 57913910
TotalDays : 6.70299884259259E-05
TotalHours : 0.00160871972222222
TotalMinutes : 0.0965231833333333
TotalSeconds : 5.791391
TotalMilliseconds : 5791.391
Updating drives in production
Before placing a server into production, we highly recommend updating the firmware of your drives to the
firmware recommended by the hardware vendor or OEM that sold and supports your solution (storage
enclosures, drives, and servers).
Once a server is in production, it's a good idea to make as few changes to the server as is practical. However, there
may be times when your solution vendor advises you that there is a critically important firmware update for your
drives. If this occurs, here are a few good practices to follow before applying any drive firmware updates:
1. Review the firmware release notes and confirm that the update addresses issues that could affect your
environment, and that the firmware doesn't contain any known issues that could adversely affect you.
2. Install the firmware on a server in your lab that has identical drives (including the revision of the drive if
there are multiple revisions of the same drive), and test the drive under load with the new firmware. For info
about doing synthetic load testing, see Test Storage Spaces Performance Using Synthetic Workloads.
To get the roll-out of the new firmware started in this Storage Spaces Direct cluster, simply upload the .xml to the
cluster DB:
Edit the file in your favorite editor, such as Visual Studio Code or Notepad, then save it.
If you would like to see the Health Service in action and learn more about its roll-out mechanism, have a look at
this video: https://channel9.msdn.com/Blogs/windowsserver/Update-Drive-Firmware-Without-Downtime-in-
Storage-Spaces-Direct
I am seeing an access denied or path-not-found error during roll out. How do I fix this
Ensure that the firmware image you would like to use for the update is accessible by all cluster nodes. The easiest
way to ensure this is to place it on a cluster shared volume.
Extending volumes in Storage Spaces Direct
8/18/2020 • 3 minutes to read • Edit Online
This topic provides instructions for resizing volumes on a Storage Spaces Direct cluster by using Windows Admin
Center.
WARNING
Not suppor ted: resizing the underlying storage used by Storage Spaces Direct. If you are running Storage
Spaces Direct in a virtualized storage environment, including in Azure, resizing or changing the characteristics of the storage
devices used by the virtual machines isn't supported and will cause data to become inaccessible. Instead, follow the
instructions in the Add servers or drives section to add additional capacity before extending volumes.
Get-VirtualDisk
To follow associations between objects in the stack, pipe one Get- cmdlet into the next.
For example, here's how to get from a virtual disk up to its volume:
If the cmdlet returns nothing, the virtual disk doesn't use storage tiers.
No storage tiers
If the virtual disk has no storage tiers, you can resize it directly using the Resize-Vir tualDisk cmdlet.
Provide the new size in the -Size parameter.
When you resize the Vir tualDisk , the Disk follows automatically and is resized too.
Then, for each tier, provide the new size in the -Size parameter.
TIP
If your tiers are different physical media types (such as MediaType = SSD and MediaType = HDD ) you need to ensure
you have enough capacity of each media type in the storage pool to accommodate the new, larger footprint of each tier.
When you resize the StorageTier (s), the Vir tualDisk and Disk follow automatically and are resized too.
When you resize the Par tition , the Volume and ClusterSharedVolume follow automatically and are resized
too.
That's it!
TIP
You can verify the volume has the new size by running Get-Volume .
Additional References
Storage Spaces Direct in Windows Server 2016
Planning volumes in Storage Spaces Direct
Creating volumes in Storage Spaces Direct
Deleting volumes in Storage Spaces Direct
Deleting volumes in Storage Spaces Direct
8/18/2020 • 2 minutes to read • Edit Online
This topic provides instructions for deleting volumes in on a Storage Spaces Direct cluster by using Windows
Admin Center.
Watch a quick video on how to delete a volume.
Additional References
Storage Spaces Direct in Windows Server 2016
Planning volumes in Storage Spaces Direct
Creating volumes in Storage Spaces Direct
Extending volumes in Storage Spaces Direct
Performance history for Storage Spaces Direct
8/18/2020 • 6 minutes to read • Edit Online
Performance history is a new feature that gives Storage Spaces Direct administrators easy access to historical
compute, memory, network, and storage measurements across host servers, drives, volumes, virtual machines,
and more. Performance history is collected automatically and stored on the cluster for up to one year.
IMPORTANT
This feature is new in Windows Server 2019. It is not available in Windows Server 2016.
Get started
Performance history is collected by default with Storage Spaces Direct in Windows Server 2019. You do not need
to install, configure, or start anything. An Internet connection is not required, System Center is not required, and
an external database is not required.
To see your cluster's performance history graphically, use Windows Admin Center:
To query and process it programmatically, use the new Get-ClusterPerf cmdlet. See Usage in PowerShell.
What's collected
Performance history is collected for 7 types of objects:
Each object type has many series: for example, ClusterNode.Cpu.Usage is collected for each server.
For details of what's collected for each object type and how to interpret them, refer to these sub-topics:
O B JEC T SERIES
Many series are aggregated across peer objects to their parent: for example, NetAdapter.Bandwidth.Inbound is
collected for each network adapter separately and aggregated to the overall server; likewise
ClusterNode.Cpu.Usage is aggregated to the overall cluster; and so on.
Timeframes
Performance history is stored for up to one year, with diminishing granularity. For the most recent hour,
measurements are available every ten seconds. Thereafter, they are intelligently merged (by averaging or
summing, as appropriate) into less granular series that span more time. For the most recent day, measurements
are available every five minutes; for the most recent week, every fifteen minutes; and so on.
In Windows Admin Center, you can select the timeframe in the upper-right above the chart.
In PowerShell, use the -TimeFrame parameter.
Here are the available timeframes:
Usage in PowerShell
Use the Get-ClusterPerformanceHistory cmdlet to query and process performance history in PowerShell.
Get-ClusterPerformanceHistory
TIP
Use the Get-ClusterPerf alias to save some keystrokes.
Example
Get the CPU usage of virtual machine MyVM for the last hour:
For more advanced examples, see the published sample scripts that provide starter code to find peak values,
calculate averages, plot trend lines, run outlier detection, and more.
Specify the object
You can specify the object you want by the pipeline. This works with 7 types of objects:
O B JEC T F RO M P IP EL IN E EXA M P L E
If you don't specify, performance history for the overall cluster is returned.
Specify the series
You can specify the series you want with these parameters:
PA RA M ET ER EXA M P L E L IST
TIP
Use tab completion to discover available series.
If you don't specify, every series available for the specified object is returned.
Specify the timeframe
You can specify the timeframe of history you want with the -TimeFrame parameter.
TIP
Use tab completion to discover available timeframes.
How it works
Performance history storage
Shortly after Storage Spaces Direct is enabled, an approximately 10 GB volume named
ClusterPerformanceHistory is created and an instance of the Extensible Storage Engine (also known as Microsoft
JET) is provisioned there. This lightweight database stores the performance history without any Administrator
involvement or management.
The volume is backed by Storage Spaces and uses either simple, two-way mirror, or three-way mirror resiliency,
depending on the number of nodes in the cluster. It is repaired after drive or server failures just like any other
volume in Storage Spaces Direct.
The volume uses ReFS but is not Cluster Shared Volume (CSV), so it only appears on the Cluster Group owner
node. Besides being automatically created, there is nothing special about this volume: you can see it, browse it,
resize it, or delete it (not recommended). If something goes wrong, see Troubleshooting.
Object discovery and data collection
Performance history automatically discovers relevant objects, such as virtual machines, anywhere in the cluster
and begins streaming their performance counters. The counters are aggregated, synchronized, and inserted into
the database. Streaming runs continuously and is optimized for minimal system impact.
Collection is handled by the Health Service, which is highly available: if the node where it's running goes down, it
will resume moments later on another node in the cluster. Performance history may lapse briefly, but it will
resume automatically. You can see the Health Service and its owner node by running
Get-ClusterResource Health in PowerShell.
Start-ClusterPerformanceHistory
Stop-ClusterPerformanceHistory -DeleteHistory
TIP
During initial deployment, you can prevent performance history from starting by setting the
-CollectPerformanceHistory parameter of Enable-ClusterStorageSpacesDirect to $False .
Troubleshooting
The cmdlet doesn't work
An error message like "The term 'Get-ClusterPerf' is not recognized as the name of a cmdlet" means the feature
is not available or installed. Verify that you have Windows Server Insider Preview build 17692 or later, that
you've installed Failover Clustering, and that you're running Storage Spaces Direct.
NOTE
This feature is not available on Windows Server 2016 or earlier.
No data available
If a chart shows "No data available" as pictured, here's how to troubleshoot:
1. If the object was newly added or created, wait for it to be discovered (up to 15 minutes).
2. Refresh the page, or wait for the next background refresh (up to 30 seconds).
3. Certain special objects are excluded from performance history – for example, virtual machines that aren't
clustered, and volumes that don't use the Cluster Shared Volume (CSV) filesystem. Check the sub-topic for
the object type, like Performance history for volumes, for the fine print.
4. If the problem persists, open PowerShell as Administrator and run the Get-ClusterPerf cmdlet. The
cmdlet includes troubleshooting logic to identify common problems, such as if the
ClusterPerformanceHistory volume is missing, and provides remediation instructions.
5. If the command in the previous step returns nothing, you can try restarting the Health Service (which
collects performance history) by running Stop-ClusterResource Health ; Start-ClusterResource Health in
PowerShell.
Additional References
Storage Spaces Direct overview
Performance history for drives
8/18/2020 • 2 minutes to read • Edit Online
This sub-topic of Performance history for Storage Spaces Direct describes in detail the performance history
collected for drives. Performance history is available for every drive in the cluster storage subsystem, regardless of
bus or media type. However, it is not available for OS boot drives.
NOTE
Performance history cannot be collected for drives in a server that is down. Collection will resume automatically when the
server comes back up.
SERIES UN IT
physicaldisk.latency.read seconds
physicaldisk.latency.write seconds
physicaldisk.latency.average seconds
physicaldisk.size.total bytes
physicaldisk.size.used bytes
How to interpret
SERIES H O W TO IN T ERP RET
SERIES H O W TO IN T ERP RET
physicaldisk.throughput.total Total quantity of data read from or written to the drive per
second.
SERIES SO URC E C O UN T ER
NOTE
Counters are measured over the entire interval, not sampled. For example, if the drive is idle for 9 seconds but completes 30
IOs in the 10th second, its physicaldisk.iops.total will be recorded as 3 IOs per second on average during this 10-
second interval. This ensures its performance history captures all activity and is robust to noise.
The size.* series are collected from the MSFT_PhysicalDisk class in WMI, one instance per drive.
physicaldisk.size.total Size
physicaldisk.size.used VirtualDiskFootprint
Usage in PowerShell
Use the Get-PhysicalDisk cmdlet:
Additional References
Performance history for Storage Spaces Direct
Performance history for network adapters
8/18/2020 • 2 minutes to read • Edit Online
This sub-topic of Performance history for Storage Spaces Direct describes in detail the performance history
collected for network adapters. Network adapter performance history is available for every physical network
adapter in every server in the cluster. Remote Direct Memory Access (RDMA) performance history is available for
every physical network adapter with RDMA enabled.
NOTE
Performance history cannot be collected for network adapters in a server that is down. Collection will resume automatically
when the server comes back up.
SERIES UN IT
NOTE
Network adapter performance history is recorded in bits per second, not bytes per second. One 10 GbE network adapter
can send and receive approximately 1,000,000,000 bits = 125,000,000 bytes = 1.25 GB per second at its theoretical
maximum.
How to interpret
SERIES H O W TO IN T ERP RET
netadapter.bandwidth.rdma.total Total rate of data received or sent over RDMA by the network
adapter.
SERIES SO URC E C O UN T ER
The rdma.* series are collected from the RDMA Activity performance counter set on the server where the network
adapter is installed, one instance per network adapter with RDMA enabled.
SERIES SO URC E C O UN T ER
NOTE
Counters are measured over the entire interval, not sampled. For example, if the network adapter is idle for 9 seconds but
transfers 200 bits in the 10th second, its netadapter.bandwidth.total will be recorded as 20 bits per second on average
during this 10-second interval. This ensures its performance history captures all activity and is robust to noise.
Usage in PowerShell
Use the Get-NetAdapter cmdlet:
Additional References
Performance history for Storage Spaces Direct
Performance history for servers
8/18/2020 • 2 minutes to read • Edit Online
This sub-topic of Performance history for Storage Spaces Direct describes in detail the performance history
collected for servers. Performance history is available for every server in the cluster.
NOTE
Performance history cannot be collected for a server that is down. Collection will resume automatically when the server
comes back up.
SERIES UN IT
clusternode.cpu.usage percent
clusternode.cpu.usage.guest percent
clusternode.cpu.usage.host percent
clusternode.memory.total bytes
clusternode.memory.available bytes
clusternode.memory.usage bytes
clusternode.memory.usage.guest bytes
clusternode.memory.usage.host bytes
In addition, drive series such as physicaldisk.size.total are aggregated for all eligible drives attached to the
server, and network adapter series such as networkadapter.bytes.total are aggregated for all eligible network
adapters attached to the server.
How to interpret
SERIES H O W TO IN T ERP RET
SERIES SO URC E C O UN T ER
Using the % Total Run Time counters ensures that performance history attributes all usage.
If Hyper-V is NOT enabled:
SERIES SO URC E C O UN T ER
clusternode.cpu.usage.guest zero
With the same caveat, clusternode.cpu.usage.guest is always the sum of vm.cpu.usage for all virtual machines on
the host server.
The memory.* series are (COMING SOON).
NOTE
Counters are measured over the entire interval, not sampled. For example, if the server is idle for 9 seconds but spikes to
100% CPU in the 10th second, its clusternode.cpu.usage will be recorded as 10% on average during this 10-second
interval. This ensures its performance history captures all activity and is robust to noise.
Usage in PowerShell
Use the Get-ClusterNode cmdlet:
Additional References
Performance history for Storage Spaces Direct
Performance history for virtual hard disks
8/18/2020 • 2 minutes to read • Edit Online
This sub-topic of Performance history for Storage Spaces Direct describes in detail the performance history
collected for virtual hard disk (VHD) files. Performance history is available for every VHD attached to a running,
clustered virtual machine. Performance history is available for both VHD and VHDX formats, however it is not
available for Shared VHDX files.
NOTE
It may take several minutes for collection to begin for newly created or moved VHD files.
SERIES UN IT
vhd.latency.average seconds
vhd.size.current bytes
vhd.size.maximum bytes
How to interpret
SERIES H O W TO IN T ERP RET
vhd.throughput.read Quantity of data read from the virtual hard disk per second.
vhd.throughput.write Quantity of data written to the virtual hard disk per second.
vhd.throughput.total Total quantity of data read from or written to the virtual hard
disk per second.
vhd.size.current The current file size of the virtual hard disk, if dynamically
expanding. If fixed, the series is not collected.
SERIES SO URC E C O UN T ER
vhd.latency.average Latency
NOTE
Counters are measured over the entire interval, not sampled. For example, if the VHD is inactive for 9 seconds but completes
30 IOs in the 10th second, its vhd.iops.total will be recorded as 3 IOs per second on average during this 10-second
interval. This ensures its performance history captures all activity and is robust to noise.
Usage in PowerShell
Use the Get-VHD cmdlet:
Get-VHD <Path> | Get-ClusterPerf
NOTE
The Get-VHD cmdlet requires a file path to be provided. It does not support enumeration.
Additional References
Performance history for Storage Spaces Direct
Performance history for virtual machines
8/18/2020 • 2 minutes to read • Edit Online
This sub-topic of Performance history for Storage Spaces Direct describes in detail the performance history
collected for virtual machines (VM). Performance history is available for every running, clustered VM.
NOTE
It may take several minutes for collection to begin for newly created or renamed VMs.
SERIES UN IT
vm.cpu.usage percent
vm.memory.assigned bytes
vm.memory.available bytes
vm.memory.maximum bytes
vm.memory.minimum bytes
vm.memory.pressure -
vm.memory.startup bytes
vm.memory.total bytes
In addition, all virtual hard disk (VHD) series, such as vhd.iops.total , are aggregated for every VHD attached to
the VM.
How to interpret
SERIES DESC RIP T IO N
vmnetworkadapter.bandwidth.inbound Rate of data received by the virtual machine across all its
virtual network adapters.
vmnetworkadapter.bandwidth.outbound Rate of data sent by the virtual machine across all its virtual
network adapters.
NOTE
Counters are measured over the entire interval, not sampled. For example, if the VM is idle for 9 seconds but spikes to use
50% of host CPU in the 10th second, its vm.cpu.usage will be recorded as 5% on average during this 10-second interval.
This ensures its performance history captures all activity and is robust to noise.
Usage in PowerShell
Use the Get-VM cmdlet:
NOTE
The Get-VM cmdlet only returns virtual machines on the local (or specified) server, not across the cluster.
Additional References
Performance history for Storage Spaces Direct
Performance history for volumes
8/18/2020 • 2 minutes to read • Edit Online
This sub-topic of Performance history for Storage Spaces Direct describes in detail the performance history
collected for volumes. Performance history is available for every Cluster Shared Volume (CSV) in the cluster.
However, it is not available for OS boot volumes nor any other non-CSV storage.
NOTE
It may take several minutes for collection to begin for newly created or renamed volumes.
SERIES UN IT
volume.latency.read seconds
volume.latency.write seconds
volume.latency.average seconds
volume.size.total bytes
volume.size.available bytes
How to interpret
SERIES H O W TO IN T ERP RET
volume.throughput.total Total quantity of data read from or written to this volume per
second.
SERIES SO URC E C O UN T ER
volume.iops.read Reads/sec
volume.iops.write Writes/sec
TIP
These are the same counters used by the popular VM Fleet benchmark framework.
The size.* series are collected from the MSFT_Volume class in WMI, one instance per volume.
volume.size.total Size
volume.size.available SizeRemaining
Usage in PowerShell
Use the Get-Volume cmdlet:
Additional References
Performance history for Storage Spaces Direct
Performance history for clusters
8/18/2020 • 2 minutes to read • Edit Online
This sub-topic of Performance history for Storage Spaces Direct describes the performance history collected for
clusters.
There are no series that originate at the cluster level. Instead, server series, such as clusternode.cpu.usage , are
aggregated for all servers in the cluster. Volume series, such as volume.iops.total , are aggregated for all volumes
in the cluster. And drive series, such as physicaldisk.size.total , are aggregated for all drives in the cluster.
Usage in PowerShell
Use the Get-Cluster cmdlet:
Get-Cluster | Get-ClusterPerf
Additional References
Performance history for Storage Spaces Direct
Scripting with PowerShell and Storage Spaces Direct
performance history
8/18/2020 • 13 minutes to read • Edit Online
In Windows Server 2019, Storage Spaces Direct records and stores extensive performance history for virtual
machines, servers, drives, volumes, network adapters, and more. Performance history is easy to query and process
in PowerShell so you can quickly go from raw data to actual answers to questions like:
1. Were there any CPU spikes last week?
2. Is any physical disk exhibiting abnormal latency?
3. Which VMs are consuming the most storage IOPS right now?
4. Is my network bandwidth saturated?
5. When will this volume run out of free space?
6. In the past month, which VMs used the most memory?
The Get-ClusterPerf cmdlet is built for scripting. It accepts input from cmdlets like Get-VM or Get-PhysicalDisk
by the pipeline to handle association, and you can pipe its output into utility cmdlets like Sort-Object ,
Where-Object , and Measure-Object to quickly compose powerful queries.
This topic provides and explains 6 sample scripts that answer the 6 questions above. They present
patterns you can apply to find peaks, find averages, plot trend lines, run outlier detection, and more, across a
variety of data and timeframes. They are provided as free starter code for you to copy, extend, and reuse.
NOTE
For brevity, the sample scripts omit things like error handling that you might expect of high-quality PowerShell code. They
are intended primarily for inspiration and education rather than production use.
How it works
The output from Get-ClusterPerf pipes nicely into the built-in Measure-Object cmdlet, we just specify the Value
property. With its -Maximum , -Minimum , and -Average flags, Measure-Object gives us the first three columns
almost for free. To do the quartile analysis, we can pipe to Where-Object and count how many values were -Gt
(greater than) 25, 50, or 75. The last step is to beautify with Format-Hours and Format-Percent helper functions –
certainly optional.
Script
Here's the script:
Function Format-Hours {
Param (
$RawValue
)
# Weekly timeframe has frequency 15 minutes = 4 points per hour
[Math]::Round($RawValue/4)
}
Function Format-Percent {
Param (
$RawValue
)
[String][Math]::Round($RawValue) + " " + "%"
}
[PsCustomObject]@{
"ClusterNode" = $_.Name
"MinCpuObserved" = Format-Percent $Min
"MaxCpuObserved" = Format-Percent $Max
"AvgCpuObserved" = Format-Percent $Avg
"HrsOver25%" = Format-Hours ($Data | Where-Object Value -Gt 25).Length
"HrsOver50%" = Format-Hours ($Data | Where-Object Value -Gt 50).Length
"HrsOver75%" = Format-Hours ($Data | Where-Object Value -Gt 75).Length
}
}
IMPORTANT
For brevity, this script does not implement safeguards against low variance, does not handle partial missing data, does not
distinguish by model or firmware, etc. Please exercise good judgement and do not rely on this script alone to determine
whether to replace a hard disk. It is presented here for educational purposes only.
Screenshot
In the screenshot below, we see there are no outliers:
How it works
First, we exclude idle or nearly idle drives by checking that PhysicalDisk.Iops.Total is consistently -Gt 1 . For
every active HDD, we pipe its LastHour timeframe, comprised of 360 measurements at 10 second intervals, to
Measure-Object -Average to obtain its average latency in the last hour. This sets up our population.
We implement the widely-known formula to find the mean μ and standard deviation σ of the population. For
every active HDD, we compare its average latency to the population average and divide by the standard deviation.
We keep the raw values, so we can Sort-Object our results, but use Format-Latency and
Format-StandardDeviation helper functions to beautify what we'll show – certainly optional.
Function Format-Latency {
Param (
$RawValue
)
$i = 0 ; $Labels = ("s", "ms", "μs", "ns") # Petabits, just in case!
Do { $RawValue *= 1000 ; $i++ } While ( $RawValue -Lt 1 )
# Return
[String][Math]::Round($RawValue, 2) + " " + $Labels[$i]
}
}
Function Format-StandardDeviation {
Param (
$RawValue
)
If ($RawValue -Gt 0) {
$Sign = "+"
}
Else {
$Sign = "-"
}
# Return
$Sign + [String][Math]::Round([Math]::Abs($RawValue), 2) + "σ"
}
[PsCustomObject]@{
"FriendlyName" = $_.FriendlyName
"SerialNumber" = $_.SerialNumber
"MediaType" = $_.MediaType
"AvgLatencyPopulation" = $null # Set below
"AvgLatencyThisHDD" = Format-Latency $AvgLatency
"RawAvgLatencyThisHDD" = $AvgLatency
"Deviation" = $null # Set below
"RawDeviation" = $null # Set below
}
}
}
$FoundOutlier = $False
$Output | ForEach-Object {
$Deviation = ($_.RawAvgLatencyThisHDD - $μ) / $σ
$_.AvgLatencyPopulation = Format-Latency $μ
$_.Deviation = Format-StandardDeviation $Deviation
$_.RawDeviation = $Deviation
# If distribution is Normal, expect >99% within 3σ
If ($Deviation -Gt 3) {
$FoundOutlier = $True
}
}
If ($FoundOutlier) {
Write-Host -BackgroundColor Black -ForegroundColor Red "Oh no! There's an HDD significantly slower
than the others."
}
Else {
Write-Host -BackgroundColor Black -ForegroundColor Green "Good news! No outlier found."
}
$Output | Sort-Object RawDeviation -Descending | Format-Table FriendlyName, SerialNumber, MediaType,
AvgLatencyPopulation, AvgLatencyThisHDD, Deviation
}
Else {
Write-Warning "There aren't enough active drives to look for outliers right now."
}
How it works
Unlike Get-PhysicalDisk , the Get-VM cmdlet isn't cluster-aware – it only returns VMs on the local server. To query
from every server in parallel, we wrap our call in Invoke-Command (Get-ClusterNode).Name { ... } . For every VM,
we get the VHD.Iops.Total , VHD.Iops.Read , and VHD.Iops.Write measurements. By not specifying the -TimeFrame
parameter, we get the MostRecent single data point for each.
TIP
These series reflect the sum of this VM's activity to all its VHD/VHDX files. This is an example where performance history is
being automatically aggregated for us. To get the per-VHD/VHDX breakdown, you could pipe an individual Get-VHD into
Get-ClusterPerf instead of the VM.
The results from every server come together as $Output , which we can Sort-Object and then
Select-Object -First 10 . Notice that Invoke-Command decorates results with a PsComputerName property indicating
where they came from, which we can print to know where the VM is running.
Script
Here's the script:
$Output = Invoke-Command (Get-ClusterNode).Name {
Function Format-Iops {
Param (
$RawValue
)
$i = 0 ; $Labels = (" ", "K", "M", "B", "T") # Thousands, millions, billions, trillions...
Do { if($RawValue -Gt 1000){$RawValue /= 1000 ; $i++ } } While ( $RawValue -Gt 1000 )
# Return
[String][Math]::Round($RawValue) + " " + $Labels[$i]
}
Get-VM | ForEach-Object {
$IopsTotal = $_ | Get-ClusterPerf -VMSeriesName "VHD.Iops.Total"
$IopsRead = $_ | Get-ClusterPerf -VMSeriesName "VHD.Iops.Read"
$IopsWrite = $_ | Get-ClusterPerf -VMSeriesName "VHD.Iops.Write"
[PsCustomObject]@{
"VM" = $_.Name
"IopsTotal" = Format-Iops $IopsTotal.Value
"IopsRead" = Format-Iops $IopsRead.Value
"IopsWrite" = Format-Iops $IopsWrite.Value
"RawIopsTotal" = $IopsTotal.Value # For sorting...
}
}
}
How it works
We repeat our Invoke-Command trick from above to Get-NetAdapter on every server and pipe into Get-ClusterPerf
. Along the way, we grab two relevant properties: its LinkSpeed string like "10 Gbps", and its raw Speed integer
like 10000000000. We use Measure-Object to obtain the average and peak from the last day (reminder: each
measurement in the LastDay timeframe represents 5 minutes) and multiply by 8 bits per byte to get an apples-to-
apples comparison.
NOTE
Some vendors, like Chelsio, include remote-direct memory access (RDMA) activity in their Network Adapter performance
counters, so it's included in the NetAdapter.Bandwidth.Total series. Others, like Mellanox, may not. If your vendor doesn't,
simply add the NetAdapter.Bandwidth.RDMA.Total series in your version of this script.
Script
Here's the script:
Function Format-BitsPerSec {
Param (
$RawValue
)
$i = 0 ; $Labels = ("bps", "kbps", "Mbps", "Gbps", "Tbps", "Pbps") # Petabits, just in case!
Do { $RawValue /= 1000 ; $i++ } While ( $RawValue -Gt 1000 )
# Return
[String][Math]::Round($RawValue) + " " + $Labels[$i]
}
Get-NetAdapter | ForEach-Object {
$InterfaceDescription = $_.InterfaceDescription
$LinkSpeed = $_.LinkSpeed
$Saturated = $False
[PsCustomObject]@{
"NetAdapter" = $InterfaceDescription
"LinkSpeed" = $LinkSpeed
"MaxInbound" = Format-BitsPerSec $MaxInbound
"MaxOutbound" = Format-BitsPerSec $MaxOutbound
"Saturated" = $Saturated
}
}
}
}
IMPORTANT
This estimate is linear and based only on the most recent 14 daily measurements. More sophisticated and accurate
techniques exist. Please exercise good judgement and do not rely on this script alone to determine whether to invest in
expanding your storage. It is presented here for educational purposes only.
Script
Here's the script:
Function Format-Bytes {
Param (
$RawValue
)
$i = 0 ; $Labels = ("B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB")
Do { $RawValue /= 1024 ; $i++ } While ( $RawValue -Gt 1024 )
# Return
[String][Math]::Round($RawValue) + " " + $Labels[$i]
}
Function Format-Trend {
Param (
$RawValue
)
If ($RawValue -Eq 0) {
"0"
}
Else {
If ($RawValue -Gt 0) {
$Sign = "+"
}
Else {
$Sign = "-"
}
# Return
$Sign + $(Format-Bytes [Math]::Abs($RawValue)) + "/day"
}
}
Function Format-Days {
Param (
$RawValue
)
[Math]::Round($RawValue)
}
If ($RawTrend -Gt 0) {
$DaysToFull = Format-Days ($_.SizeRemaining / $RawTrend)
}
Else {
$DaysToFull = "-"
}
}
Else {
$Trend = "InsufficientHistory"
$DaysToFull = "-"
}
[PsCustomObject]@{
"Volume" = $_.FileSystemLabel
"Size" = Format-Bytes ($_.Size)
"Used" = Format-Bytes ($_.Size - $_.SizeRemaining)
"Trend" = $Trend
"DaysToFull" = $DaysToFull
}
}
$Output | Format-Table
Sample 6: Memory hog, you can run but you can't hide
Because performance history is collected and stored centrally for the whole cluster, you never need to stitch
together data from different machines, no matter how many times VMs move between hosts. This sample uses the
VM.Memory.Assigned series from the LastMonth timeframe to identify the virtual machines consuming the most
memory over the last 35 days.
Screenshot
In the screenshot below, we see the Top 10 virtual machines by memory usage last month:
How it works
We repeat our Invoke-Command trick, introduced above, to Get-VM on every server. We use
Measure-Object -Average to obtain the monthly average for every VM, then Sort-Object followed by
Select-Object -First 10 to obtain our leaderboard. (Or maybe it's our Most Wanted list?)
Script
Here's the script:
$Output = Invoke-Command (Get-ClusterNode).Name {
Function Format-Bytes {
Param (
$RawValue
)
$i = 0 ; $Labels = ("B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB")
Do { if( $RawValue -Gt 1024 ){ $RawValue /= 1024 ; $i++ } } While ( $RawValue -Gt 1024 )
# Return
[String][Math]::Round($RawValue) + " " + $Labels[$i]
}
Get-VM | ForEach-Object {
$Data = $_ | Get-ClusterPerf -VMSeriesName "VM.Memory.Assigned" -TimeFrame "LastMonth"
If ($Data) {
$AvgMemoryUsage = ($Data | Measure-Object -Property Value -Average).Average
[PsCustomObject]@{
"VM" = $_.Name
"AvgMemoryUsage" = Format-Bytes $AvgMemoryUsage.Value
"RawAvgMemoryUsage" = $AvgMemoryUsage.Value # For sorting...
}
}
}
}
That's it! Hopefully these samples inspire you and help you get started. With Storage Spaces Direct performance
history and the powerful, scripting-friendly Get-ClusterPerf cmdlet, you are empowered to ask – and answer! –
complex questions as you manage and monitor your Windows Server 2019 infrastructure.
Additional References
Getting started with Windows PowerShell
Storage Spaces Direct overview
Performance history
Delimit the allocation of volumes in Storage Spaces
Direct
8/18/2020 • 9 minutes to read • Edit Online
Windows Server 2019 introduces an option to manually delimit the allocation of volumes in Storage Spaces Direct.
Doing so can significantly increase fault tolerance under certain conditions, but imposes some added management
considerations and complexity. This topic explains how it works and gives examples in PowerShell.
IMPORTANT
This feature is new in Windows Server 2019. It is not available in Windows Server 2016.
Prerequisites
Consider using this option if:
Your cluster has six or more servers; and
Your cluster uses only three-way mirror resiliency
Do not use this option if:
Your cluster has fewer than six servers; or
Your cluster uses parity or mirror-accelerated parity resiliency
Understand
Review: regular allocation
With regular three-way mirroring, the volume is divided into many small "slabs" that are copied three times and
distributed evenly across every drive in every server in the cluster. For more details, read this deep dive blog.
This default allocation maximizes parallel reads and writes, leading to better performance, and is appealing in its
simplicity: every server is equally busy, every drive is equally full, and all volumes stay online or go offline together.
Every volume is guaranteed to survive up to two concurrent failures, as these examples illustrate.
However, with this allocation, volumes can't survive three concurrent failures. If three servers fail at once, or if
drives in three servers fail at once, volumes become inaccessible because at least some slabs were (with very high
probability) allocated to the exact three drives or servers that failed.
In the example below, servers 1, 3, and 5 fail at the same time. Although many slabs have surviving copies, some
do not:
The volume goes offline and becomes inaccessible until the servers are recovered.
New: delimited allocation
With delimited allocation, you specify a subset of servers to use (minimum four). The volume is divided into slabs
that are copied three times, like before, but instead of allocating across every server, the slabs are allocated
only to the subset of ser vers you specify .
For example, if you have an 8 node cluster (nodes 1 through 8), you can specify a volume to be located only on
disks in nodes 1, 2, 3, 4.
Advantages
With the example allocation, the volume is likely to survive three concurrent failures. If nodes 1, 2, and 6 go down,
only 2 of the nodes that hold the 3 copies of data for the volume are down and the volume will stay online.
Survival probability depends on the number of servers and other factors – see Analysis for details.
Disadvantages
Delimited allocation imposes some added management considerations and complexity:
1. The administrator is responsible for delimiting the allocation of each volume to balance storage utilization
across servers and uphold high probability of survival, as described in the Best practices section.
2. With delimited allocation, reserve the equivalent of one capacity drive per ser ver (with no maximum) .
This is more than the published recommendation for regular allocation, which maxes out at four capacity
drives total.
3. If a server fails and needs to be replaced, as described in Remove a server and its drives, the administrator is
responsible for updating the delimitation of affected volumes by adding the new server and removing the
failed one – example below.
Usage in PowerShell
You can use the New-Volume cmdlet to create volumes in Storage Spaces Direct.
For example, to create a regular three-way mirror volume:
TIP
In Storage Spaces Direct, the term 'Storage Scale Unit' refers to all the raw storage attached to one server, including
direct-attached drives and direct-attached external enclosures with drives. In this context, it's the same as 'server'.
2. Specify which servers to use with the new -StorageFaultDomainsToUse parameter and by indexing into
$Servers . For example, to delimit the allocation to the first, second, third, and fourth servers (indices 0, 1, 2,
and 3):
Note that only Server1, Server2, Server3, and Server4 contain slabs of MyVolume.
Change a delimited allocation
Use the new Add-StorageFaultDomain and Remove-StorageFaultDomain cmdlets to change how the allocation is
delimited.
For example, to move MyVolume over by one server:
1. Specify that the fifth server can store slabs of MyVolume:
PS C:\> .\Get-VirtualDiskFootprintBySSU.ps1
Note that Server1 does not contain slabs of MyVolume anymore – instead, Server5 does.
Best practices
Here are the best practices to follow when using delimited volume allocation:
Choose four servers
Delimit each three-way mirror volume to four servers, not more.
Balance storage
Balance how much storage is allocated to each server, accounting for volume size.
Stagger delimited allocation volumes
To maximize fault tolerance, make each volume's allocation unique, meaning it does not share all its servers with
another volume (some overlap is okay).
For example on an eight-node system: Volume 1: Servers 1, 2, 3, 4 Volume 2: Servers 5, 6, 7, 8 Volume 3: Servers 3,
4, 5, 6 Volume 4: Servers 1, 2, 7, 8
Analysis
This section derives the mathematical probability that a volume stays online and accessible (or equivalently, the
expected fraction of overall storage that stays online and accessible) as a function of the number of failures and the
cluster size.
NOTE
This section is optional reading. If you're keen to see the math, read on! But if not, don't worry: Usage in PowerShell and Best
practices is all you need to implement delimited allocation successfully.
Additional References
Storage Spaces Direct overview
Fault tolerance in Storage Spaces Direct
Appendix
This script helps you see how your volumes are allocated.
To use it as described above, copy/paste and save as Get-VirtualDiskFootprintBySSU.ps1 .
Function ConvertTo-PrettyCapacity {
Param (
[Parameter(
Mandatory = $True,
ValueFromPipeline = $True
)
]
[Int64]$Bytes,
[Int64]$RoundTo = 0
)
If ($Bytes -Gt 0) {
$Base = 1024
$Labels = ("bytes", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB")
$Order = [Math]::Floor( [Math]::Log($Bytes, $Base) )
$Order = [Math]::Floor( [Math]::Log($Bytes, $Base) )
$Rounded = [Math]::Round($Bytes/( [Math]::Pow($Base, $Order) ), $RoundTo)
[String]($Rounded) + " " + $Labels[$Order]
}
Else {
"0"
}
Return
}
Function Get-VirtualDiskFootprintByStorageFaultDomain {
################################################
### Step 1: Gather Configuration Information ###
################################################
Try {
$GetCluster = Get-Cluster -ErrorAction Stop
}
Catch {
throw $ErrorCannotGetCluster
}
If ($GetCluster.S2DEnabled -Ne 1) {
throw $ErrorNotS2DEnabled
}
Try {
$GetClusterNode = Get-ClusterNode -ErrorAction Stop
}
Catch {
throw $ErrorCannotGetClusterNode
}
Try {
$GetStoragePool = Get-StoragePool -IsPrimordial $False -ErrorAction Stop
}
Catch {
throw $ErrorCannotGetStoragePool
}
###########################################################
### Step 2: Create SfdList[] and PhysicalDiskToSfdMap{} ###
###########################################################
##################################################################################################
### Step 3: Create VirtualDisk.FriendlyName -> { StorageFaultDomain.FriendlyName -> Size } Map ###
##################################################################################################
$VirtualDiskMap = @{}
$GetVirtualDisk | ForEach {
# Map of PhysicalDisk.UniqueId -> Size for THIS virtual disk
$PhysicalDiskToSizeMap = @{}
$_ | Get-PhysicalExtent | ForEach {
$PhysicalDiskToSizeMap[$_.PhysicalDiskUniqueId] += $_.Size
}
# Map of StorageFaultDomain.FriendlyName -> Size for THIS virtual disk
$SfdToSizeMap = @{}
$PhysicalDiskToSizeMap.keys | ForEach {
$SfdToSizeMap[$PhysicalDiskToSfdMap[$_]] += $PhysicalDiskToSizeMap[$_]
}
# Store
$VirtualDiskMap[$_.FriendlyName] = $SfdToSizeMap
}
#########################
### Step 4: Write-Out ###
#########################
$VirtualDiskFriendlyName = $_.FriendlyName
$Row | Add-Member -MemberType NoteProperty "VirtualDiskFriendlyName" $VirtualDiskFriendlyName
$SfdList | ForEach {
$Size = $VirtualDiskMap[$VirtualDiskFriendlyName][$_.FriendlyName] | ConvertTo-PrettyCapacity
$Row | Add-Member -MemberType NoteProperty $_.FriendlyName $Size
}
$Row
}
$ActualWindowWidth = (Get-Host).UI.RawUI.WindowSize.Width
If (!($ActualWindowWidth)) {
# Cannot get window width, probably ISE, Format-List
# Cannot get window width, probably ISE, Format-List
Write-Warning "Could not determine window width. For the best experience, use a Powershell window
instead of ISE"
$Output | Format-Table
}
ElseIf ($ActualWindowWidth -Lt $RequiredWindowWidth) {
# Narrower window, Format-List
Write-Warning "For the best experience, try making your PowerShell window at least
$RequiredWindowWidth characters wide. Current width is $ActualWindowWidth characters."
$Output | Format-List
}
Else {
# Wider window, Format-Table
$Output | Format-Table
}
}
Get-VirtualDiskFootprintByStorageFaultDomain
Use Azure Monitor to send emails for Health Service
Faults
8/18/2020 • 12 minutes to read • Edit Online
Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive
solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps
you understand how your applications are performing and proactively identifies issues affecting them and the
resources they depend on.
This is particularly helpful for your on-premises hyper-converged cluster. With Azure Monitor integrated, you will
be able to configure email, text (SMS), and other alerts to ping you when something is wrong with your cluster (or
when you want to flag some other activity based on the data collected). Below, we will briefly explain how Azure
Monitor works, how to install Azure Monitor, and how to configure it to send you notifications.
If you are using System Center, check out the Storage Spaces Direct management pack that monitors both
Windows Server 2019 and Windows Server 2016 Storage Spaces Direct clusters.
This management pack includes:
Physical disk health and performance monitoring
Storage Node health and performance monitoring
Storage Pool health and performance monitoring
Volume resiliency type and Deduplication status
2. Logs contain different kinds of data organized into records with different sets of properties for each type.
Telemetry such as events and traces are stored as logs in addition to performance data so that it can all be
combined for analysis. Log data collected by Azure Monitor can be analyzed with queries to quickly retrieve,
consolidate, and analyze collected data. You can create and test queries using Log Analytics in the Azure portal
and then either directly analyze the data using these tools or save queries for use with visualizations or alert
rules.
During this onboarding flow, the steps below are happening under the hood. We detail how to configure them in
detail in case you want to manually setup your cluster.
Configuring Health Service
The first thing that you need to do is configure your cluster. As you may know, the Health Service improves the
day-to-day monitoring and operational experience for clusters running Storage Spaces Direct.
As we saw above, Azure Monitor collects logs from each node that it is running on in your cluster. So, we have to
configure the Health Service to write to an event channel, which happens to be:
When you run the cmdlet above to set the Health Settings, you cause the events we want to begin being written to
the Microsoft-Windows-Health/Operational event channel.
Configuring Log Analytics
Now that you have setup the proper logging on your cluster, the next step is to properly configure log analytics.
To give an overview, Azure Log Analytics can collect data directly from your physical or virtual Windows computers
in your datacenter or other cloud environment into a single repository for detailed analysis and correlation.
To understand the supported configuration, review supported Windows operating systems and network firewall
configuration.
If you don't have an Azure subscription, create a free account before you begin.
Login in to Azure Portal
Log in to the Azure portal at https://portal.azure.com.
Create a workspace
For more details on the steps listed below, see the Azure Monitor documentation.
1. In the Azure portal, click All ser vices . In the list of resources, type Log Analytics . As you begin typing, the
list filters based on your input. Select Log Analytics .
2. Click Create , and then select choices for the following items:
Provide a name for the new Log Analytics Workspace , such as DefaultLAWorkspace.
Select a Subscription to link to by selecting from the drop-down list if the default selected is not
appropriate.
For Resource Group , select an existing resource group that contains one or more Azure virtual
machines.
3. After providing the required information on the Log Analytics Workspace pane, click OK .
While the information is verified and the workspace is created, you can track its progress under Notifications
from the menu.
Obtain workspace ID and key
Before installing the Microsoft Monitoring Agent for Windows, you need the workspace ID and key for your Log
Analytics workspace. This information is required by the setup wizard to properly configure the agent and ensure it
can successfully communicate with Log Analytics.
1. In the Azure portal, click All ser vices found in the upper left-hand corner. In the list of resources, type Log
Analytics . As you begin typing, the list filters based on your input. Select Log Analytics .
2. In your list of Log Analytics workspaces, select DefaultLAWorkspace created earlier.
3. Select Advanced settings .
4. Select Connected Sources , and then select Windows Ser vers .
5. The value to the right of Workspace ID and Primar y Key . Save both temporarily - copy and paste both into
your favorite editor for the time being.
Installing the agent on Windows
The following steps install and configure the Microsoft Monitoring Agent. Be sure to install this agent on each
ser ver in your cluster and indicate that you want the agent to run at Windows Star tup.
1. On the Windows Ser vers page, select the appropriate Download Windows Agent version to download
depending on the processor architecture of the Windows operating system.
2. Run Setup to install the agent on your computer.
3. On the Welcome page, click Next .
4. On the License Terms page, read the license and then click I Agree .
5. On the Destination Folder page, change or keep the default installation folder and then click Next .
6. On the Agent Setup Options page, choose to connect the agent to Azure Log Analytics and then click Next .
7. On the Azure Log Analytics page, perform the following:
a. Paste the Workspace ID and Workspace Key (Primar y Key) that you copied earlier. a. If the computer
needs to communicate through a proxy server to the Log Analytics service, click Advanced and provide
the URL and port number of the proxy server. If your proxy server requires authentication, type the
username and password to authenticate with the proxy server and then click Next .
8. Click Next once you have completed providing the necessary configuration settings.
9. On the Ready to Install page, review your choices and then click Install .
10. On the Configuration completed successfully page, click Finish .
When complete, the Microsoft Monitoring Agent appears in Control Panel . You can review your configuration
and verify that the agent is connected to Log Analytics. When connected, on the Azure Log Analytics tab, the
agent displays a message stating: The Microsoft Monitoring Agent has successfully connected to the
Microsoft Log Analytics ser vice.
To understand the supported configuration, review supported Windows operating systems and network firewall
configuration.
These are the alerts and their default conditions that you can opt into:
System critical error Any critical alert in the cluster system event log
Once you configure the alerts in Windows Admin Center, you can see the alerts in your log analytics workspace in
Azure.
During this onboarding flow, the steps below are happening under the hood. We detail how to configure them in
detail in case you want to manually setup your cluster.
Collecting event and performance data
Log Analytics can collect events from the Windows event log and performance counters that you specify for longer
term analysis and reporting, and take action when a particular condition is detected. Follow these steps to
configure collection of events from the Windows event log, and several common performance counters to start
with.
1. In the Azure portal, click More ser vices found on the lower left-hand corner. In the list of resources, type Log
Analytics . As you begin typing, the list filters based on your input. Select Log Analytics .
2. Select Advanced settings .
3. Select Data , and then select Windows Event Logs .
4. Here, add the Health Service event channel by typing in the name below and the click the plus sign + .
Click Add the selected performance counters . They are added and preset with a ten second collection
sample interval.
9. Click Save at the top of the page to save the configuration.
Event
Data is returned in the default list view, and you can see how many total records were returned.
On the left side of the screen is the filter pane which allows you to add filtering to the query without modifying it
directly. Several record properties are displayed for that record type, and you can select one or more property
values to narrow your search results.
Select the checkbox next to Error under EVENTLEVELNAME or type the following to limit the results to error
events.
After you have the approriate queries made for events you care about, save them for the next step.
Create alerts
Now, let's walk through an example for creating an alert.
1. In the Azure portal, click All ser vices . In the list of resources, type Log Analytics . As you begin typing, the
list filters based on your input. Select Log Analytics .
2. In the left-hand pane, select Aler ts and then click New Aler t Rule from the top of the page to create a new
alert.
3. For the first step, under the Create Aler t section, you are going to select your Log Analytics workspace as
the resource, since this is a log based alert signal. Filter the results by choosing the specific Subscription
from the drop-down list if you have more than one, which contains Log Analytics workspace created earlier.
Filter the Resource Type by selecting Log Analytics from the drop-down list. Finally, select the Resource
DefaultL AWorkspace and then click Done .
4. Under the section Aler t Criteria , click Add Criteria to select your saved query and then specify logic that
the alert rule follows.
5. Configure the alert with the following information: a. From the Based on drop-down list, select Metric
measurement . A metric measurement will create an alert for each object in the query with a value that
exceeds our specified threshold. b. For the Condition , select Greater than and specify a thershold. c. Then
define when to trigger the alert. For example you could select Consecutive breaches and from the drop-
down list select Greater than a value of 3. d. Under Evaluation based on section, modify the Period value
to 30 minutes and Frequency to 5. The rule will run every five minutes and return records that were
created within the last thirty minutes from the current time. Setting the time period to a wider window
accounts for the potential of data latency, and ensures the query returns data to avoid a false negative
where the alert never fires.
6. Click Done to complete the alert rule.
7. Now moving onto the second step, provide a name of your alert in the Aler t rule name field, such as
Aler t on all Error Events . Specify a Description detailing specifics for the alert, and select Critical(Sev
0) for the Severity value from the options provided.
8. To immediately activate the alert rule on creation, accept the default value for Enable rule upon creation .
9. For the third and final step, you specify an Action Group , which ensures that the same actions are taken
each time an alert is triggered and can be used for each rule you define. Configure a new action group with
the following information: a. Select New action group and the Add action group pane appears. b. For
Action group name , specify a name such as IT Operations - Notify and a Shor t name such as itops-n .
c. Verify the default values for Subscription and Resource group are correct. If not, select the correct one
from the drop-down list. d. Under the Actions section, specify a name for the action, such as Send Email
and under Action Type select Email/SMS/Push/Voice from the drop-down list. The
Email/SMS/Push/Voice properties pane will open to the right in order to provide additional information.
e. On the Email/SMS/Push/Voice pane, select and setup your preference. For example, enable Email and
provide a valid email SMTP address to deliver the message to. f. Click OK to save your changes.
10. Click OK to complete the action group.
11. Click Create aler t rule to complete the alert rule. It starts running immediately.
Example alert
For reference, this is what an example alert looks like in Azure.
Below is an example of the email that you will be send by Azure Monitor:
Additional References
Storage Spaces Direct overview
For more detailed information, read the Azure Monitor documentation.
Read this for an overview on how to connect to other Azure hybrid services.
Troubleshoot Storage Spaces Direct
8/18/2020 • 20 minutes to read • Edit Online
Use the following information to troubleshoot your Storage Spaces Direct deployment.
In general, start with the following steps:
1. Confirm the make/model of SSD is certified for Windows Server 2016 and Windows Server 2019 using the
Windows Server Catalog. Confirm with vendor that the drives are supported for Storage Spaces Direct.
2. Inspect the storage for any faulty drives. Use storage management software to check the status of the drives. If
any of the drives are faulty, work with your vendor.
3. Update storage and drive firmware if necessary. Ensure the latest Windows Updates are installed on all nodes.
You can get the latest updates for Windows Server 2016 from Windows 10 and Windows Server 2016 update
history and for Windows Server 2019 from Windows 10 and Windows Server 2019 update history.
4. Update network adapter drivers and firmware.
5. Run cluster validation and review the Storage Space Direct section, ensure the drives that will used for the cache
are reported correctly and no errors.
If you're still having issues, review the scenarios below.
Additionally, after an attempt to bring the virtual disk online, the following information is logged in the Cluster log
(DiskRecoveryAction).
[Verbose] 00002904.00001040::YYYY/MM/DD-12:03:44.891 INFO [RES] Physical Disk <DiskName>: OnlineThread:
SuGetSpace returned 0.
[Verbose] 00002904.00001040:: YYYY/MM/DD -12:03:44.891 WARN [RES] Physical Disk < DiskName>: Underlying
virtual disk is in 'no redundancy' state; its volume(s) may fail to mount.
[Verbose] 00002904.00001040:: YYYY/MM/DD -12:03:44.891 ERR [RES] Physical Disk <DiskName>: Failing online due
to virtual disk in 'no redundancy' state. If you would like to attempt to online the disk anyway, first set
this resource's private property 'DiskRecoveryAction' to 1. We will try to bring the disk online for recovery,
but even if successful, its volume(s) or CSV may be unavailable.
The No Redundancy Operational Status can occur if a disk failed or if the system is unable to access data on
the virtual disk. This issue can occur if a reboot occurs on a node during maintenance on the nodes.
To fix this issue, follow these steps:
1. Remove the affected Virtual Disks from CSV. This will put them in the "Available storage" group in the
cluster and start showing as a ResourceType of "Physical Disk."
2. On the node that owns the Available Storage group, run the following command on every disk that's in a No
Redundancy state. To identify which node the "Available Storage" group is on you can run the following
command.
Get-ClusterGroup
3. Set the disk recovery action and then start the disk(s).
4. A repair should automatically start. Wait for the repair to finish. It may go into a suspended state and start
again. To monitor the progress:
Run Get-StorageJob to monitor the status of the repair and to see when it is completed.
Run Get-Vir tualDisk and verify that the Space returns a HealthStatus of Healthy.
5. After the repair finishes and the Virtual Disks are Healthy, change the Virtual Disk parameters back.
6. Take the disk(s) offline and then online again to have the DiskRecoveryAction take effect:
Stop-ClusterResource "VdiskName"
Start-ClusterResource "VdiskName"
DiskRecover yAction is an override switch that enables attaching the Space volume in read-write mode without
any checks. The property enables you to do diagnostics into why a volume won't come online. It's very similar to
Maintenance Mode but you can invoke it on a resource in a Failed state. It also lets you access the data, which can
be helpful in situations such as "No Redundancy," where you can get access to whatever data you can and copy it.
The DiskRecoveryAction property was added in the February 22, 2018, update, KB 4077525.
Once you have resolved the condition listed above, you can online the disk by using the following commands in
PowerShell:
The Detached Operational Status can occur if the dirty region tracking (DRT) log is full. Storage Spaces uses
dirty region tracking (DRT) for mirrored spaces to make sure that when a power failure occurs, any in-flight
updates to metadata are logged to make sure that the storage space can redo or undo operations to bring the
storage space back into a flexible and consistent state when power is restored and the system comes back up. If the
DRT log is full, the virtual disk can't be brought online until the DRT metadata is synchronized and flushed. This
process requires running a full scan, which can take several hours to finish.
To fix this issue, follow these steps:
1. Remove the affected Virtual Disks from CSV.
2. Run the following commands on every disk that's not coming online.
This task should be initiated on all nodes on which the detached volume is online. A repair should
automatically start. Wait for the repair to finish. It may go into a suspended state and start again. To monitor
the progress:
Run Get-StorageJob to monitor the status of the repair and to see when it is completed.
Run Get-Vir tualDisk and verify the Space returns a HealthStatus of Healthy.
The "Data Integrity Scan for Crash Recovery" is a task that doesn't show as a storage job, and
there is no progress indicator. If the task is showing as running, it is running. When it
completes, it will show completed.
Additionally, you can view the status of a running schedule task by using the following cmdlet:
4. As soon as the "Data Integrity Scan for Crash Recovery" is finished, the repair finishes and the Virtual Disks
are Healthy, change the Virtual Disk parameters back.
5. Take the disk(s) offline and then online again to have the DiskRecoveryAction take effect:
Stop-ClusterResource "VdiskName"
Start-ClusterResource "VdiskName"
DiskRunChkdsk value 7 is used to attach the Space volume and have the partition in read-only mode.
This enables Spaces to self-discover and self-heal by triggering a repair. Repair will run automatically once
mounted. It also allows you to access the data, which can be helpful to get access to whatever data you can
to copy. For some fault conditions, such as a full DRT log, you need to run the Data Integrity Scan for Crash
Recovery scheduled task.
Data Integrity Scan for Crash Recover y task is used to synchronize and clear a full dirty region tracking (DRT)
log. This task can take several hours to complete. The "Data Integrity Scan for Crash Recovery" is a task that doesn't
show as a storage job, and there is no progress indicator. If the task is showing as running, it is running. When it
completes, it will show as completed. If you cancel the task or restart a node while this task is running, the task will
need to start over from the beginning.
For more information, see Troubleshooting Storage Spaces Direct health and operational states.
You might get event 5120 with STATUS_IO_TIMEOUT c00000b5 after you restart a node on Windows Server 2016
with cumulative update that were released from May 8, 2018 KB 4103723 to October 9, 2018 KB 4462917
installed.
When you restart the node, Event 5120 is logged in the System event log and includes one of the following error
codes:
Cluster Shared Volume 'CSVName' ('Cluster Virtual Disk (CSVName)') has entered a paused state because of
'STATUS_CONNECTION_DISCONNECTED(c000020c)'. All I/O will temporarily be queued until a path to the volume is
reestablished.
When an Event 5120 is logged, a live dump is generated to collect debugging information that may cause
additional symptoms or have a performance effect. Generating the live dump creates a brief pause to enable taking
a snapshot of memory to write the dump file. Systems that have lots of memory and are under stress may cause
nodes to drop out of cluster membership and also cause the following Event 1135 to be logged.
A change introduced in May 8, 2018 to Windows Server 2016, which was a cumulative update to add SMB
Resilient Handles for the Storage Spaces Direct intra-cluster SMB network sessions. This was done to improve
resiliency to transient network failures and improve how RoCE handles network congestion. These improvements
also inadvertently increased time-outs when SMB connections try to reconnect and waits to time-out when a node
is restarted. These issues can affect a system that is under stress. During unplanned downtime, IO pauses of up to
60 seconds have also been observed while the system waits for connections to time-out. To fix this issue, install the
October 18, 2018, cumulative update for Windows Server 2016 or a later version.
Note This update aligns the CSV time-outs with SMB connection time-outs to fix this issue. It does not implement
the changes to disable live dump generation mentioned in the Workaround section.
Shutdown process flow:
1. Run the Get-VirtualDisk cmdlet, and make sure that the HealthStatus value is Healthy.
2. Drain the node by running the following cmdlet:
Suspend-ClusterNode -Drain
3. Put the disks on that node in Storage Maintenance Mode by running the following cmdlet:
4. Run the Get-PhysicalDisk cmdlet, and make sure that the OperationalStatus value is In Maintenance
Mode.
5. Run the Restar t-Computer cmdlet to restart the node.
6. After node restarts, remove the disks on that node from Storage Maintenance Mode by running the
following cmdlet:
Resume-ClusterNode
8. Check the status of the resync jobs by running the following cmdlet:
Get-StorageJob
This procedure can prevent the collection of diagnostic information that Microsoft Support may need to
investigate this problem. A Support agent may have to ask you to re-enable live dump generation based on
specific troubleshooting scenarios.
There are two methods to disable live dumps, as described below.
Method 1 (recommended in this scenario)
To completely disable all dumps, including live dumps system-wide, follow these steps:
1. Create the following registry key:
HKLM\System\CurrentControlSet\Control\CrashControl\ForceDumpsDisabled
2. Under the new ForceDumpsDisabled key, create a REG_DWORD property as GuardedHost, and then set its
value to 0x10000000.
3. Apply the new registry key to each cluster node.
NOTE
You have to restart the computer for the nregistry change to take effect.
After this registry key is set, live dump creation will fail and generate a "STATUS_NOT_SUPPORTED" error.
Method 2
By default, Windows Error Reporting will allow only one LiveDump per report type per 7 days and only 1
LiveDump per machine per 5 days. You can change that by setting the following registry keys to only allow one
LiveDump on the machine forever.
reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\FullLiveKernelReports" /v
SystemThrottleThreshold /t REG_DWORD /d 0xFFFFFFFF /f
Note You have to restart the computer for the change to take effect.
Method 3
To disable cluster generation of live dumps (such as when an Event 5120 is logged), run the following cmdlet:
This cmdlet has an immediate effect on all cluster nodes without a computer restart.
Slow IO performance
If you are seeing slow IO performance, check if cache is enabled in your Storage Spaces Direct configuration.
There are two ways to check:
1. Using the cluster log. Open the cluster log in text editor of choice and search for "[=== SBL Disks ===]."
This will be a list of the disk on the node the log was generated on.
Cache Enabled Disks Example: Note here that the state is CacheDiskStateInitializedAndBound and there is a
GUID present here.
Cache Not Enabled: Here we can see there is no GUID present and the state is CacheDiskStateNonHybrid.
Cache Not Enabled: When all disks are of the same type case is not enabled by default. Here we can see
there is no GUID present and the state is CacheDiskStateIneligibleDataPartition.
{d543f90c-798b-d2fe-7f0a-cb226c77eeed},10,false,false,1,20,{00000000-0000-0000-0000-
000000000000},CacheDiskStateIneligibleDataPartition,0,0,0,false,false,NVMe ,INTEL SSDPE7KX02,
PHLF7330004V2P0LGN,0170,{79b4d631-976f-4c94-a783-df950389fd38},[R/M 0 R/U 0 R/T 0 W/M 0 W/U 0 W/T 0],
Now, if you run Get-PhysicalDisk on any of the nodes, you'll see all the disks that were in the pool. For example,
in a lab with a 4-Node cluster with 4 SAS disks, 100GB each presented to each node. In that case, after Storage
Space Direct is disabled, which removes the SBL (Storage Bus Layer) but leaves the filter, if you run Get-
PhysicalDisk , it should report 4 disks excluding the local OS disk. Instead it reported 16 instead. This is the same
for all nodes in the cluster. When you run a Get-Disk command, you'll see the locally attached disks numbered as
0, 1, 2 and so on, as seen in this sample output:
To fix this issue, ensure the HBA adapter is configured in HBA mode. No HBA should be configured in RAID mode.
O P ERAT IO
M EDIAT Y SERIA L N U F RIEN DLY N A L STAT
UN IQ UEID DEVIC EID PE B UST Y P E M B ER SIZ E C ANPOOL NAME US
To fix this issue, update the firmware on the Intel drives to the latest version. Firmware version QDV101B1 from
May 2018 is known to resolve this issue.
The May 2018 release of the Intel SSD Data Center Tool includes a firmware update, QDV101B1, for the Intel SSD
DC P4600 series.
Use the UniqueId parameter to specify the disk (again from WMI MSFT_PhysicalDisk or Get-
PhysicalDIsk ).
Clear-PhysicalDiskHealthData -Intent -Policy -UniqueId 00000000000000000 -Verbose -Force
Expected events that you would see on rest of the nodes during the
reboot of a node.
It is safe to ignore these events:
Event ID 205: Windows lost communication with physical disk {XXXXXXXXXXXXXXXXXXXX }. This can occur if a cable
failed or was disconnected, or if the disk itself failed.
Event ID 203: Windows lost communication with physical disk {xxxxxxxxxxxxxxxxxxxxxxxx }. This can occur if a
cable failed or was disconnected, or if the disk itself failed.
NOTE
Individual OEMs may have devices that are based on the Intel P3x00 family of NVMe devices with unique firmware version
strings. Contact your OEM for more information of the latest firmware version.
If you are using hardware in your deployment based on the Intel P3x00 family of NVMe devices, we recommend
that you immediately apply the latest available firmware (at least Maintenance Release 8). This Microsoft Support
article provides additional information about this issue.
Troubleshoot Storage Spaces and Storage Spaces
Direct health and operational states
8/18/2020 • 14 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012,
Windows Server (Semi-Annual Channel), Windows 10, Windows 8.1
This topic describes the health and operational states of storage pools, virtual disks (which sit underneath volumes
in Storage Spaces), and drives in Storage Spaces Direct and Storage Spaces. These states can be invaluable when
trying to troubleshoot various issues such as why you can't delete a virtual disk because of a read-only
configuration. It also discusses why a drive can't be added to a pool (the CannotPoolReason).
Storage Spaces has three primary objects - physical disks (hard drives, SSDs, etc.) that are added to a storage pool,
virtualizing the storage so that you can create virtual disks from free space in the pool, as shown here. Pool
metadata is written to each drive in the pool. Volumes are created on top of the virtual disks and store your files,
but we're not going to talk about volumes here.
You can view health and operational states in Server Manager, or with PowerShell. Here's an example of a variety
of (mostly bad) health and operational states on a Storage Spaces Direct cluster that's missing most of its cluster
nodes (right-click the column headers to add Operational Status ). This isn't a happy cluster.
Storage pool states
Every storage pool has a health status - Healthy , Warning , or Unknown /Unhealthy , as well as one or more
operational states.
To find out what state a pool is in, use the following PowerShell commands:
Here's an example output showing a storage pool in the Unknown health state with the Read-only operational
status:
Degraded There are failed or missing drives in the storage pool. This
condition occurs only with drives hosting pool metadata.
Action : Check the state of your drives and replace any failed
drives before there are additional failures.
Action:
1. Reconnect any missing drives, and if
you're using Storage Spaces Direct,
bring all servers online.
2. Set the pool back to read-write by
opening a PowerShell session with
administrative permissions and then
typing:
Get-StoragePool -IsPrimordial
$False | Set-StoragePool -
IsReadOnly $false
Get-StoragePool | Set-StoragePool
-IsReadOnly $false
O P ERAT IO N A L STAT E REA D- O N LY REA SO N DESC RIP T IO N
Here's an example of output showing a detached virtual disk and a degraded/incomplete virtual disk:
Action :
1. Reconnect any missing drives, replace any failed drives, and
if you're using Storage Spaces Direct, bring online any servers
that are offline.
2. If you're not using Storage Spaces Direct, next repair the
virtual disk using the Repair-VirtualDisk cmdlet.
Storage Spaces Direct automatically starts a repair if needed
after reconnecting or replacing a drive.
Action :
1. Reconnect any missing drives, replace any failed drives, and
if you're using Storage Spaces Direct, bring online any servers
that are offline.
2. If you're not using Storage Spaces Direct, next repair the
virtual disk using the Repair-VirtualDisk cmdlet.
Storage Spaces Direct automatically starts a repair if needed
after reconnecting or replacing a drive.
No redundancy The virtual disk has lost data because too many drives failed.
Action : Replace failed drives and then restore your data from
backup.
Get-VirtualDisk | Where-Object -
Filter { $_.OperationalStatus -eq
"Detached" } | Connect-
VirtualDisk
Get-VirtualDisk | Set-VirtualDisk
-ismanualattach $false
Action :
1. Reconnect any missing drives, and if
you're using Storage Spaces Direct,
bring online any servers that are offline.
2. After all drives and servers are online,
replace any failed drives. See Health
Service for details.
Storage Spaces Direct automatically
starts a repair if needed after
reconnecting or replacing a drive.
3. If you're not using Storage Spaces
Direct, next repair the virtual disk using
the Repair-VirtualDisk cmdlet.
Action :
1. Reconnect any missing drives, and if
you're using Storage Spaces Direct,
bring online any servers that are offline.
2. After all drives and servers are online,
replace any failed drives. See Health
Service for details.
Storage Spaces Direct automatically
starts a repair if needed after
reconnecting or replacing a drive.
3. If you're not using Storage Spaces
Direct, next repair the virtual disk using
the Repair-VirtualDisk cmdlet.
Lost communication The drive is missing. If you're using Storage Spaces Direct, this
could be because a server is down.
Removing from pool Storage Spaces is in the process of removing the drive from its
storage pool.
Starting maintenance mode Storage Spaces is in the process of putting the drive in
maintenance mode after an administrator put the drive in
maintenance mode. This is a temporary state - the drive
should soon be in the In maintenance mode state.
Stopping maintenance mode An administrator took the drive out of maintenance mode,
and Storage Spaces is in the process of bringing the drive
back online. This is a temporary state - the drive should soon
be in another state - ideally Healthy.
Action :
1. If the drive doesn't transition back to the OK state, you can
try using the Reset-PhysicalDisk cmdlet to wipe the drive.
2. Use Repair-VirtualDisk to restore the resiliency of affected
virtual disks.
3. If this keeps happening, replace the drive.
O P ERAT IO N A L STAT E DESC RIP T IO N
Transient error There was a temporary error with the drive. This usually
means the drive was unresponsive, but it could also mean
that the Storage Spaces protective partition was
inappropriately removed from the drive.
Action :
1. If the drive doesn't transition back to the OK state, you can
try using the Reset-PhysicalDisk cmdlet to wipe the drive.
2. Use Repair-VirtualDisk to restore the resiliency of affected
virtual disks.
3. If this keeps happening, replace the drive, or try getting
detailed diagnostic info about this drive by following the steps
in Troubleshooting using Windows Error Reporting > Physical
disk failed to come online.
Not usable This drive can't be used by Storage Spaces. For more info see
Storage Spaces Direct hardware requirements; if you're not
using Storage Spaces Direct, see Storage Spaces overview.
Action : Reset the drive, erasing all data from the drive and
adding it back to the pool as an empty drive. To do so, open a
PowerShell session as an administrator, run the Reset-
PhysicalDisk cmdlet, and then run Repair-VirtualDisk.
Action : To wipe the drive and add it to the current pool, reset
the drive. To reset the drive, open a PowerShell session as an
administrator, run the Reset-PhysicalDisk cmdlet, and then run
Repair-VirtualDisk.
O P ERAT IO N A L STAT E DESC RIP T IO N
Failed media The drive failed and won't be used by Storage Spaces
anymore.
The following table gives a little more detail on each of the reasons.
Not healthy The drive isn't in a healthy state and might need to be
replaced.
Insufficient capacity This typically occurs when there are partitions taking up the
free space on the drive.
Verification in progress The Health Service is checking to see if the drive or firmware
on the drive is approved for use by the server administrator.
Verification failed The Health Service couldn't check to see if the drive or
firmware on the drive is approved for use by the server
administrator.
Firmware not compliant The firmware on the physical drive isn't in the list of approved
firmware revisions specified by the server administrator by
using the Health Service.
REA SO N DESC RIP T IO N
Hardware not compliant The drive isn't in the list of approved storage models specified
by the server administrator by using the Health Service.
Additional References
Storage Spaces Direct
Storage Spaces Direct hardware requirements
Understanding cluster and pool quorum
Collect diagnostic data with Storage Spaces Direct
8/18/2020 • 5 minutes to read • Edit Online
There are various diagnostic tools that can be used to collect the data needed to troubleshoot Storage Spaces
Direct and Failover Cluster. In this article, we will focus on Get-SDDCDiagnosticInfo - a one touch tool that will
gather all relevant information to help you diagnose your cluster.
Given that the logs and other information that Get-SDDCDiagnosticInfo are dense, the information on
troubleshooting presented below will be helpful for troubleshooting advanced issues that have been escalated and
that may require data to be sent to Microsoft for triaging.
Installing Get-SDDCDiagnosticInfo
The Get-SDDCDiagnosticInfo PowerShell cmdlet (a.k.a. Get-PCStorageDiagnosticInfo , previously known as
Test-StorageHealth ) can be used to gather logs for and perform health checks for Failover Clustering (Cluster,
Resources, Networks, Nodes), Storage Spaces (Physical Disks, Enclosures, Virtual Disks), Cluster Shared Volumes,
SMB File Shares, and Deduplication.
There are two methods of installing the script, both of which are outlines below.
PowerShell Gallery
The PowerShell Gallery is a snapshot of the GitHub Repo. Note that installing items from the PowerShell Gallery
requires the latest version of the PowerShellGet module, which is available in Windows 10, in Windows
Management Framework (WMF) 5.0, or in the MSI-based installer (for PowerShell 3 and 4).
We install the latest version of the Microsoft Networking Diagnostics tools during this process as well since Get-
SDDCDiagnosticInfo relies on this. This manifest module contains network diagnostic and troubleshooting tool,
which are maintained by the Microsoft Core Networking Product Group at Microsoft.
You can install the module by running following command in PowerShell with administrator privileges:
Update-Module PrivateCloud.DiagnosticInfo
GitHub
The GitHub Repo is the most up-to-date version of the module, since we are continually iterating here. To install the
module from GitHub, download the latest module from the archive and extract the PrivateCloud.DiagnosticInfo
directory to the correct PowerShell modules path pointed by $env:PSModulePath
# Allowing Tls12 and Tls11 -- e.g. github now requires Tls12
# If this is not set, the Invoke-WebRequest fails with "The request was aborted: Could not create SSL/TLS
secure channel."
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$module = 'PrivateCloud.DiagnosticInfo'
Invoke-WebRequest -Uri https://github.com/PowerShell/$module/archive/master.zip -OutFile $env:TEMP\master.zip
Expand-Archive -Path $env:TEMP\master.zip -DestinationPath $env:TEMP -Force
if (Test-Path $env:SystemRoot\System32\WindowsPowerShell\v1.0\Modules\$module) {
rm -Recurse $env:SystemRoot\System32\WindowsPowerShell\v1.0\Modules\$module -ErrorAction Stop
Remove-Module $module -ErrorAction SilentlyContinue
} else {
Import-Module $module -ErrorAction SilentlyContinue
}
if (-not ($m = Get-Module $module -ErrorAction SilentlyContinue)) {
$md = "$env:ProgramFiles\WindowsPowerShell\Modules"
} else {
$md = (gi $m.ModuleBase -ErrorAction SilentlyContinue).PsParentPath
Remove-Module $module -ErrorAction SilentlyContinue
rm -Recurse $m.ModuleBase -ErrorAction Stop
}
cp -Recurse $env:TEMP\$module-master\$module $md -Force -ErrorAction Stop
rm -Recurse $env:TEMP\$module-master,$env:TEMP\master.zip
Import-Module $module -Force
If you need to get this module on an offline cluster, download the zip, move it to your target server node, and
install the module.
Gathering Logs
After you have enabled event channels and completed the installation process, you can use the Get-
SDDCDiagnosticInfo PowerShell cmdlet in the module to get:
Reports on storage health, plus details on unhealthy components
Reports of storage capacity by pool, volume and deduplicated volume
Event logs from all cluster nodes and a summary error report
Assume that your storage cluster has the name "CLUS01".
To execute against a remote storage cluster:
Get-SDDCDiagnosticInfo
As you can see, all data are being written to SDDCDiagTemp folder
After script will finish, it will create ZIP in your users directory
Let's generate a report into a text file
For reference, here is a link to the sample report and sample zip.
To view this in Windows Admin Center (version 1812 onwards), navigate to the Diagnostics tab. As you see in the
screenshot below, you can
Install diagnostic tools
Update them (if they are out-of-date),
Schedule daily diagnostic runs (these have a low impact on your system, usually take <5 minutes in the
background, and won't take up more than 500mb on your cluster)
View previously collected diagnostic information if you need to give it to support or analyze it yourself.
Get-SDDCDiagnosticInfo output
The following are the files included in the zipped output of Get-SDDCDiagnosticInfo.
Health Summary Report
The health summary report is saved as:
0_CloudHealthSummary.log
This file is generated after parsing all the data collected and is meant to provide a quick summary of your system. It
contains:
System information
Storage health overview (number of nodes up, resources online, cluster shared volumes online, unhealthy
components, etc.)
Details on unhealthy components (cluster resources that are offline, failed, or online pending)
Firmware and driver information
Pool, physical disk, and volume details
Storage Performance (performance counters are collected)
This report is being continually updated to include more useful information. For the latest information, see the
GitHub README.
Logs and XML files
The script runs various log gathering scripts and saves the output as xml files. We collect cluster and health logs,
system information (MSInfo32), unfiltered event logs (failover clustering, dis diagnostics, hyper-v, storage spaces,
and more), and storage diagnostics information (operational logs). For the latest information on what information
is collected, see the GitHub README (what we collect).
ipmo storage
$d = import-clixml <filename>
$d
This article lists some common and frequently asked questions related to Storage Spaces Direct.
When you use Storage Spaces Direct with 3 nodes, can you get both
performance and capacity tiers?
Yes, you can get both a performance and capacity tier in a 2-node or 3-node Storage Spaces Direct configuration.
However, you must make sure that you have 2 capacity devices. That means that you must use all the three types of
devices: NVME, SSD, and HDD.
Refs file system provides real-time tiering with Storage Spaces Direct.
Does REFS provide the same functionality with shared storage spaces in
2016?
No, you won't get real-time tiering with shared storage spaces with 2016. This is only for Storage Spaces Direct.
The Storage Spaces Direct was created using the autoconfig:0 switch
and the pool was created manually. When I try to query the Storage
Spaces Direct pool to create a new volume, I get a message saying:
"Enable-ClusterS2D again." What should I do?
By default, when you configure Storage Spaces Direct by using the enable-S2D cmdlet, the cmdlet does everything
for you. It creates the pool and the tiers. When using autoconfig:0, everything must be done manually. If you
created only the pool, the tier is not necessarily created. You will receive an "Enable-ClusterS2D again" error
message if you have either not created Tiers at all or not created Tiers in a manner corresponding to the devices
attached. We recommend that you do not use the autoconfig switch in a production environment.
How can I determine the size of cache that is being used by Storage
Spaces Direct?
Use the built-in utility PerfMon to inspect the cache misses. Review the cache miss reads/sec from the Cluster
Storage Hybrid Disk counter. Remember that if too many reads are missing the cache, your cache is undersized and
you may want to expand it.
Is there a calculator that shows the exact size of the disks that are being
set aside for cache, capacity, and resiliency that would enable me to
plan better?
You can use the Storage Spaces Calculator to help with your planning. It is available at https://aka.ms/s2dcalc.
Which command can you use to check the physical extent for a virtual
disk?
This one:
Applies To: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel), Windows
10
This article provides system administrators and IT Pros with information about error handling and health
management specific to storage-class memory (NVDIMM-N) devices in Windows, highlighting the differences
between storage-class memory and traditional storage devices.
If you aren't familiar with Windows' support for storage-class memory devices, these short videos provide an
overview:
Using Non-volatile Memory (NVDIMM-N) as Block Storage in Windows Server 2016
Using Non-volatile Memory (NVDIMM-N) as Byte-Addressable Storage in Windows Server 2016
Accelerating SQL Server 2016 performance with Persistent Memory in Windows Server 2016
Also see Understand and deploy persistent memory in Storage Spaces Direct.
JEDEC-compliant NVDIMM-N storage-class memory devices are supported in Windows with native drivers,
starting in Windows Server 2016 and Windows 10 (version 1607). While these devices behave similar to other
disks (HDDs and SSDs), there are some differences.
All conditions listed here are expected to be very rare occurrences, but depend on the conditions in which the
hardware is used.
The various cases below may refer to Storage Spaces configurations. The particular configuration of interest is one
where two NVDIMM-N devices are utilized as a mirrored write-back cache in a storage space. To set up such a
configuration, see Configuring Storage Spaces with a NVDIMM-N write-back cache.
In Windows Server 2016, the Storage Spaces GUI shows NVDIMM-N bus type as UNKNOWN. It doesn't have any
fuctionality loss or inability in creation of Pool, Storage VD. You can verify the bus type by running the following
command:
PS C:\>Get-PhysicalDisk | fl
The parameter BusType in output of cmdlet will correctly show bus type as "SCM"
PS C:\> Get-PhysicalDisk | where BusType -eq "SCM" | select SerialNumber, HealthStatus, OperationalStatus,
OperationalDetails
802c-01-1602-117cb5fc Healthy OK
NOTE
To find the Physical location of an NVDIMM-N device specified in an event, on the Details tab of the event in Event Viewer,
go to EventData > Location . Note that Windows Server 2016 lists the incorrect location NVDIMM-N devices, but this is
fixed in Windows Server, version 1709.
For help understanding the various health conditions, see the following sections.
802c-01-1602-117cb5fc Healthy OK
Storage Spaces behavior Device remains fully operational. This is a warning, not an
error.
802c-01-1602-117cb5fc Healthy OK
Root Cause NVDIMM-N devices rely on a back-up power source for their
persistence – usually a battery or super-cap. If this back-up
power source is unavailable or the device cannot perform a
backup for any reason (Controller/Flash Error), data is at risk
and Windows will prevent any further writes to the affected
devices. Reads are still possible to evacuate data.
Storage Spaces behavior Storage Space will remain operational as long as only one
NVDIMM-N is affected. If multiple devices are affected, writes
to the Storage Space will fail.
The PhysicalDisk Health Status field will show "Unhealthy" for
all affected NVDIMM-N devices.
802c-01-1602-117cb5fc Healthy OK
Root Cause NVDIMM-N devices are DRAM based. When a corrupt DRAM
address is referenced, most CPUs will initiate a machine check
and restart the server. Some server platforms then un-map
the NVDIMM, preventing the OS from accessing it and
potentially causing another machine check. This may also
occur if the BIOS detects that the NVDIMM-N has failed and
needs to be replaced.
Root Cause A failure in the backup or restore procedure will likely result in
all data on the NVDIMM-N to be lost. When the operating
system loads, it will appear as a brand new NVDIMM-N
without a partition or file system and surface as RAW,
meaning it doesn't have a file system.
Storage Spaces behavior Storage Spaces remains operational if only one NVDIMM is
affected).
NVDIMM-N physical disk object will be shown with the Health
Status "Unhealthy" and is not used by Storage Spaces.
What to do If the user doesn't want to replace the affected device, they
can use the Reset-PhysicalDisk cmdlet to clear the read-
only condition on the affected NVDIMM-N. In Storage Spaces
environments this will also attempt to re-integrate the
NVDIMM-N into Storage Space and start the repair process.
Interleaved Sets
Interleaved sets can often be created in a platform's BIOS to make multiple NVDIMM-N devices appear as a single
device to the host operating system.
Windows Server 2016 and Windows 10 Anniversary Edition do not support interleaved sets of NVDIMM-Ns.
At the time of this writing, there is no mechanism for the host operating system to correctly identify individual
NVDIMM-Ns in such a set and clearly communicate to the user which particular device may have caused an error
or needs to be serviced.
Work Folders overview
8/18/2020 • 10 minutes to read • Edit Online
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2019, Windows Server 2016, Windows
Server 2012 R2, Windows 10, Windows 8.1, Windows 7
This topic discusses Work Folders, a role service for file servers running Windows Server that provides a
consistent way for users to access their work files from their PCs and devices.
If you're looking to download or use Work Folders on Windows 10, Windows 7, or an Android or iOS device, see
the following:
Work Folders for Windows 10
Work Folders for Windows 7 (64 bit download)
Work Folders for Windows 7 (32 bit download)
Work Folders for iOS
Work Folders for Android
Role description
With Work Folders users can store and access work files on personal computers and devices, often referred to as
bring-your-own device (BYOD), in addition to corporate PCs. Users gain a convenient location to store work files,
and they can access them from anywhere. Organizations maintain control over corporate data by storing the files
on centrally managed file servers, and optionally specifying user device policies such as encryption and lock-
screen passwords.
Work Folders can be deployed with existing deployments of Folder Redirection, Offline Files, and home folders.
Work Folders stores user files in a folder on the server called a sync share. You can specify a folder that already
contains user data, which enables you to adopt Work Folders without migrating servers and data or immediately
phasing out your existing solution.
Practical applications
Administrators can use Work Folders to provide users with access to their work files while keeping centralized
storage and control over the organization's data. Some specific applications for Work Folders include:
Provide a single point of access to work files from a user's work and personal computers and devices
Access work files while offline, and then sync with the central file server when the PC or device next has
Internet or intranet connectivity
Deploy with existing deployments of Folder Redirection, Offline Files, and home folders
Use existing file server management technologies, such as file classification and folder quotas, to manage
user data
Specify security policies to instruct user's PCs and devices to encrypt Work Folders and use a lock screen
password
Use Failover Clustering with Work Folders to provide a high-availability solution
Important functionality
Work Folders includes the following functionality.
Work Folders role service in Server Windows Server 2019, Windows Server File and Storage Services provides a
Manager 2016, or Windows Server 2012 R2 way to set up sync shares (folders that
store user's work files), monitors Work
Folders, and manages sync shares and
user access
Work Folders cmdlets Windows Server 2019, Windows Server A Windows PowerShell module that
2016, or Windows Server 2012 R2 contains comprehensive cmdlets for
managing Work Folders servers
Work Folders integration with Windows Windows 10 Work Folders provides the following
Windows 8.1 functionality in Windows computers:
- A Control Panel item that sets up
Windows RT 8.1 and monitors Work Folders
Windows 7 (download required) - File Explorer integration that
enables easy access to files in Work
Folders
- A sync engine that transfers files
to and from a central file server
while maximizing battery life and
system performance
Work Folders app for devices Android An app that allows popular devices to
Apple iPhone and iPad® access files in Work Folders
Improved logging New in Windows Server 2019 Event logs on the Work Folders server
can be used to monitor sync activity
and identify users that are failing sync
sessions. Use Event ID 4020 in the
Microsoft-Windows-
SyncShare/Operational event log to
identify which users are failing sync
sessions. Use Event ID 7000 and Event
ID 7001 in the Microsoft-Windows-
SyncShare/Reporting event log to
monitor users that are successfully
completing upload and download sync
sessions.
Performance counters New in Windows Server 2019 The following performance counters
were added: Bytes downloaded/sec,
Bytes uploaded/sec, Connected Users,
Files downloaded/sec, Files
uploaded/sec, Users with change
detection, Incoming requests/sec and
Outstanding requests.
F EAT URE/ F UN C T IO N A L IT Y N EW O R UP DAT ED? DESC RIP T IO N
Improved server performance Updated in Windows Server 2019 Performance improvements were made
to handle more users per server. The
limit per server varies and is based on
the number of files and file churn. To
determine the limit per server, users
should be added to the server in
phases.
On-demand file access Added to Windows 10 version 1803 Enables you to see and access all of
your files. You control which files are
stored on your PC and available offline.
The rest of your files are always visible
and don’t take up any space on your
PC, but you need connectivity to the
Work Folders file server to access them.
Azure AD Application Proxy support Added to Windows 10 version 1703, Remote users can securely access their
Android, iOS files on the Work Folders server using
Azure AD Application Proxy.
Faster change replication Updated in Windows 10 and Windows For Windows Server 2012 R2, when file
Server 2016 changes are synced to the Work
Folders server, clients are not notified
of the change and wait up to 10
minutes to get the update. When using
Windows Server 2016, the Work
Folders server immediately notifies
Windows 10 clients and the file
changes are synced immediately. This
capability is new in Windows Server
2016 and requires a Windows 10 client.
If you're using an older client or the
Work Folders server is Windows Server
2012 R2, the client will continue to poll
every 10 minutes for changes.
Integrated with Windows Information Added to Windows 10 version 1607 If an administrator deploys WIP, Work
Protection (WIP) Folders can enforce data protection by
encrypting the data on the PC. The
encryption is using a key associated
with the Enterprise ID, which can be
remotely wiped by using a supported
mobile device management package
such as Microsoft Intune.
Software requirements
Work Folders has the following software requirements for file servers and your network infrastructure:
A server running Windows Server 2019, Windows Server 2016, or Windows Server 2012 R2 for hosting
sync shares with user files
A volume formatted with the NTFS file system for storing user files
To enforce password policies on Windows 7 PCs, you must use Group Policy password policies. You also
have to exclude the Windows 7 PCs from Work Folders password policies (if you use them).
A server certificate for each file server that will host Work Folders. These certificates should be from a
certification authority (CA) that is trusted by your users—ideally a public CA.
(Optional) An Active Directory Domain Services forest with the schema extensions in Windows Server
2012 R2 to support automatically referring PCs and devices to the correct file server when using multiple
file servers.
To enable users to sync across the Internet, there are additional requirements:
The ability to make a server accessible from the Internet by creating publishing rules in your organization's
reverse proxy or network gateway
(Optional) A publicly registered domain name and the ability to create additional public DNS records for
the domain
(Optional) Active Directory Federation Services (AD FS) infrastructure when using AD FS authentication
Work Folders has the following software requirements for client computers:
PCs and devices must be running one of the following operating systems:
Windows 10
Windows 8.1
Windows RT 8.1
Windows 7
Android 4.4 KitKat and later
iOS 10.2 and later
Windows 7 PCs must be running one of the following editions of Windows:
Windows 7 Professional
Windows 7 Ultimate
Windows 7 Enterprise
Windows 7 PCs must be joined to your organization's domain (they can't be joined to a workgroup).
Enough free space on a local, NTFS-formatted drive to store all the user's files in Work Folders, plus an
additional 6 GB of free space if Work Folders is located on the system drive, as it is by default. Work
Folders uses the following location by default: %USERPROFILE%\Work Folders
However, users can change the location during setup (microSD cards and USB drives formatted with the
NTFS file system are supported locations, though sync will stop if the drives are removed).
The maximum size for individual files is 10 GB by default. There is no per-user storage limit, although
administrators can use the quotas functionality of File Server Resource Manager to implement quotas.
Work Folders doesn't support rolling back the virtual machine state of client virtual machines. Instead
perform backup and restore operations from inside the client virtual machine by using System Image
Backup or another backup app.
Technology Syncs files that are Syncs files that are Syncs files that are Syncs personal files
summar y stored on a file server stored on a file server stored in Office 365 that are stored in
with PCs and devices with PCs that have or in SharePoint with OneDrive with PCs,
access to the PCs and devices Mac computers, and
corporate network inside or outside a devices
(can be replaced by corporate network,
Work Folders) and provides
document
collaboration
functionality
Internal network File servers running File servers SharePoint server None
ser vers Windows Server (optional)
2012 R2, Windows
Server 2016, and
Windows Server
2019
Suppor ted clients PCs, iOS, Android PCs in a corporate PCs, iOS, Android, PCs, Mac computers,
network or connected Windows Phone Windows Phone, iOS,
through DirectAccess, Android
VPNs, or other
remote access
technologies
NOTE
In addition to the sync technologies listed in the previous table, Microsoft offers other replication technologies, including
DFS Replication, which is designed for server-to-server replication, and BranchCache, which is designed as a branch office
WAN acceleration technology. For more information, see DFS Namespaces and DFS Replication and BranchCache Overview
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows 10, Windows 8.1, Windows 7
This topic explains the design process for a Work Folders implementation, and assumes that you have the
following background:
Have a basic understanding of Work Folders (as described in Work Folders)
Have a basic understanding of Active Directory Domain Services (AD DS) concepts
Have a basic understanding of Windows file sharing and related technologies
Have a basic understanding of SSL certificate usage
Have a basic understanding of enabling web access to internal resources via a web reverse proxy
The following sections will help you design your Work Folders implementation. Deploying Work Folders is
discussed in the next topic, Deploying Work Folders.
Software requirements
Work Folders has the following software requirements for file servers and your network infrastructure:
A server running Windows Server 2012 R2 or Windows Server 2016 for hosting sync shares with user files
A volume formatted with the NTFS file system for storing user files
To enforce password policies on Windows 7 PCs, you must use Group Policy password policies. You also
have to exclude the Windows 7 PCs from Work Folders password policies (if you use them).
A server certificate for each file server that will host Work Folders. These certificates should be from a
certification authority (CA) that is trusted by your users—ideally a public CA.
(Optional) An Active Directory Domain Services forest with schema extensions in Windows Server 2012 R2
to support automatically referring PCs and devices to the correct file server when using multiple file
servers.
To enable users to sync across the Internet, there are additional requirements:
The ability to make a server accessible from the Internet by creating publishing rules in your organization's
reverse proxy or network gateway
(Optional) A publicly registered domain name and the ability to create additional public DNS records for
the domain
(Optional) Active Directory Federation Services (AD FS) infrastructure when using AD FS authentication
Work Folders has the following software requirements for client computers:
Computers must be running one of the following operating systems:
Windows 10
Windows 8.1
Windows RT 8.1
Windows 7
Android 4.4 KitKat and later
iOS 10.2 and later
Windows 7 PCs must be running one of the following editions of Windows:
Windows 7 Professional
Windows 7 Ultimate
Windows 7 Enterprise
Windows 7 PCs must be joined to your organization's domain (they can't be joined to a workgroup).
Enough free space on a local, NTFS-formatted drive to store all the user's files in Work Folders, plus an
additional 6 GB of free space if Work Folders is located on the system drive, as it is by default. Work Folders
uses the following location by default: %USERPROFILE%\Work Folders
However, users can change the location during setup (microSD cards and USB drives formatted with the
NTFS file system are supported locations, though sync will stop if the drives are removed).
The maximum size for individual files is 10 GB by default. There is no per-user storage limit, although
administrators can use the quotas functionality of File Server Resource Manager to implement quotas.
Work Folders doesn't support rolling back the virtual machine state of client virtual machines. Instead
perform backup and restore operations from inside the client virtual machine by using System Image
Backup or another backup app.
NOTE
Make sure to install the Windows 8.1 and Windows Server 2012 R2 General Availability update rollup on all Work Folders
servers and any client computers running Windows 8.1 or Windows Server 2012 R2. For more information, see article
2883200 in the Microsoft Knowledge Base.
Deployment scenarios
Work Folders can be implemented on any number of file servers within a customer environment. This allows
Work Folders implementations to scale based on customer needs and can result in highly individualized
deployments. However, most deployments will fall into one of the following three basic scenarios.
Single -Site Deployment
In a single-site deployment, file servers are hosted within a central site in the customer infrastructure. This
deployment type is seen most often in customers with a highly centralized infrastructure or with smaller branch
offices that do not maintain local file servers. This deployment model can be easier for IT staff to administer, since
all server assets are local, and internet ingress/egress is likely centralized at this location as well. However, this
deployment model also relies on good WAN connectivity between the central site and any branch offices, and
users in branch offices are vulnerable to an interruption of service due to network conditions.
Multiple -Site Deployment
In a multiple-site deployment, file servers are hosted in multiple locations within the customer's infrastructure.
This could mean multiple datacenters or it could mean that branch offices maintain individual file servers. This
deployment type is seen most often in larger customer environments or in customers that have several larger
branch offices that maintain local server assets. This deployment model is more complex for IT personnel to
administer, and relies on careful coordination of data storage and maintenance of Active Directory Domain
Services (AD DS) to ensure that users are using the correct sync server for Work Folders.
Hosted Deployment
In a hosted deployment, sync servers are deployed in an IAAS (Infrastructure-as-a-Service) solution such as
Windows Azure VM. This deployment method has the advantage of making the availability of file servers less
dependent on WAN connectivity within a customer's business. If a device is able to connect to the Internet, it can
get to its sync server. However, the servers deployed in the hosted environment still need to be able to reach the
organization's Active Directory domain to authenticate users, and the customer trades infrastructure requirements
on-premises for additional complexity in maintaining that connection.
Deployment technologies
Work Folders deployments consist of a number of technologies that work together to provide service to devices
on both the internal and external networks. Before designing a Work Folders deployment, customers should be
familiar with the requirements of each of the following technologies.
Active Directory Domain Services
AD DS provides two important services in a Work Folders deployment. First, as the back-end for Windows
authentication, AD DS provides the security and authentication services that are used to grant access to user data.
If a domain controller cannot be reached, a file server will be unable to authenticate an incoming request and the
device will not be able to access any data stored in that file server's sync share.
Second, AD DS (with the Windows Server 2012 R2 schema update) maintains the msDS-SyncServerURL attribute
on each user, which is used to automatically direct users to the appropriate sync server.
File Servers
File servers running Windows Server 2012 R2 or Windows Server 2016 host the Work Folders role service, and
host the sync shares that store users' Work Folders data. File servers can also host data stored by other
technologies operating on the internal network (such as file shares), and can be clustered to provide fault
tolerance for user data.
Group Policy
If you have Windows 7 PCs in your environment, we recommend the following:
Use Group Policy to control password policies for all domain-joined PCs that use Work Folders.
Use the Work Folders Automatically lock screen, and require a password policy on PCs that aren't
joined to your domain.
You can also use Group Policy to specify a Work Folders server to domain-joined PCs. This simplifies Work
Folders setup a little bit– users would otherwise need to enter their work email address to lookup the
settings (assuming that Work Folders is set up properly), or enter the Work Folders URL that you explicitly
provided them via email or another means of communication.
You can also use Group Policy to forcibly set up Work Folders on a per-user or per-computer basis, though
doing so causes Work Folders to sync on every PC a user signs in to (when using the per-user policy
setting), and prevents users from specifying an alternate location for Work Folders on their PC (such as on
a microSD card to conserve space on the primary drive). We suggest carefully evaluating your user's needs
before forcing automatic setup.
Windows Intune
Windows Intune also provides a layer of security and manageability for non-domain-joined devices that would
not otherwise be present. You can use Windows Intune to configure and manage users' personal devices such as
tablets that connect to Work Folders from across the Internet. Windows Intune can provide devices with the sync
server URL to use – otherwise users must enter their work email address to lookup the settings (if you publish a
public Work Folders URL in the form of https://workfolders.contoso.com), or enter the sync server URL directly.
Without a Windows Intune deployment, users must configure external devices manually, which can result in
increased demands on a customer's help desk staff.
You can also use Windows Intune to selectively wipe the data from Work Folders on a user's device without
affecting the rest of their data – handy for if a user leaves your organization or has their device stolen.
Web Application Proxy/Azure AD Application Proxy
Work Folders is built around the concept of allowing Internet-connected devices to retrieve business data securely
from the internal network, which allows users to "take their data with them" on their tablets and devices that
would not normally be able to access work files. To do this, a reverse proxy must be used to publish sync server
URLs and make them available to Internet clients.
Work Folders supports using Web Application Proxy, Azure AD Application Proxy or 3rd party reverse proxy
solutions:
Web Application Proxy is an on-premises reverse proxy solution. To learn more, see Web Application Proxy
in Windows Server 2016.
Azure AD Application Proxy is a cloud reverse proxy solution. To learn more, see How to provide secure
remote access to on-premises applications
NOTE
When using multiple sync servers, we recommend setting up automatic server discovery for users. This process relies upon
the configuration of an attribute on each user account in AD DS. The attribute is named msDS-SyncSer verURL and
becomes available on user accounts after a Windows Server 2012 R2 domain controller is added to the domain or the
Active Directory schema updates are applied. This attribute should be set for each user to ensure that users connect to the
appropriate sync server. By using automatic server discovery, organizations can publish Work Folders behind a "friendly"
URL such as https://workfolders.contoso.com, regardless of the number of sync servers in operation.
Design checklist
The following set of design questions is intended to aid customers in designing a Work Folders implementation
that best serves their environment. Customers should work through this checklist prior to attempting to deploy
servers.
Intended Users
Which users will use Work Folders?
How are users organized? (Geographically, by office, by department, etc)
Do any users have special requirements for data storage, security, or retention?
Do any users have specific device policy requirements, such as encryption?
Which client computers and devices do you need to support? (Windows 8.1, Windows RT 8.1,
Windows 7)
If you're supporting Windows 7 PCs and want to use password policies, exclude the domain storing
their computer accounts from the Work Folders password policy, and instead use Group Policy
password policies for domain-joined PCs in that domain.
Do you need to interoperate with or migrate from other user data management solutions such as
Folder Redirection?
Do users from multiple domains need to sync across the Internet with a single server?
Do you need to support users who aren't members of the Local Administrators group on their
domain-joined PCs? (If so, you'll need to exclude the relevant domains from Work Folders device
policies such as encryption and password policies)
Infrastructure and Capacity Planning
In what sites should sync servers be located on the network?
Will any sync servers be hosted by an Infrastructure as a Service (IaaS) provider such as in an Azure
VM?
Will dedicated servers be needed for any specific user groups, and if so, how many users for each
dedicated server?
Where are the Internet ingress/egress points on the network?
Will sync servers be clustered for fault-tolerance?
Will sync servers need to maintain multiple data volumes to host user data?
Data Security
Will multiple sync shares need to be created on any sync servers?
What groups will be used to provide access to sync shares?
If you're using multiple sync servers, what security group will you create for the delegated ability to
modify the msDS-SyncServerURL property of user objects?
Are there any special security or auditing requirements for individual sync shares?
Is multi-factor authentication (MFA) required?
Do you need the ability to remotely wipe Work Folders data from PCs and devices?
Device Access
What URL will be used to provide access for Internet-based devices (the default URL that is required
for email-based automatic server discovery is workfolders.domainname)?
How will the URL be published to the Internet?
Will automatic server discovery be used?
Will Group Policy be used to configure domain-joined PCs?
Will Windows Intune be used to configure external devices?
Will Device Registration be required for devices to connect?
Next steps
After designing your Work Folders implementation, it's time to deploy Work Folders. For more information, see
Deploying Work Folders.
Additional References
For additional related information, see the following resources.
C O N T EN T T Y P E REF EREN C ES
Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2,
Windows 10, Windows 8.1, Windows 7
This topic discusses the steps needed to deploy Work Folders. It assumes that you've already read Planning a
Work Folders deployment.
To deploy Work Folders, a process that can involve multiple servers and technologies, use the following steps.
TIP
The simplest Work Folders deployment is a single file server (often called a sync server) without support for syncing over
the Internet, which can be a useful deployment for a test lab or as a sync solution for domain-joined client computers. To
create a simple deployment, these are minimum steps to follow:
Step 1: Obtain SSL certificates
Step 2: Create DNS records
Step 3: Install Work Folders on file servers
Step 4: Binding the SSL certificate on the sync servers
Step 5: Create security groups for Work Folders
Step 7: Create sync shares for user data
Add-WindowsFeature FS-SyncShareService
NOTE
The delegation operation might take a while to run in domains with a large number of users.
5. On the Specify the structure for user folders page, choose a naming convention for user folders
within the sync share. There are two options available:
User alias creates user folders that don't include a domain name. If you are using a file share that is
already in use with Folder Redirection or another user data solution, select this naming convention.
You can optionally select the Sync only the following subfolder checkbox to sync only a specific
subfolder, such as the Documents folder.
User alias@domain creates user folders that include a domain name. If you aren't using a file
share already in use with Folder Redirection or another user data solution, select this naming
convention to eliminate folder naming conflicts when multiple users of the share have identical
aliases (which can happen if the users belong to different domains).
6. On the Enter the sync share name page, specify a name and a description for the sync share. This is not
advertised on the network but is visible in Server Manager and Windows Powershell to help distinguish
sync shares from each other.
7. On the Grant sync access to groups page, specify the group that you created that lists the users allowed
to use this sync share.
IMPORTANT
To improve performance and security, grant access to groups instead of individual users and be as specific as
possible, avoiding generic groups such as Authenticated Users and Domain Users. Granting access to groups with
large numbers of users increases the time it takes Work Folders to query AD DS. If you have a large number of
users, create multiple sync shares to help disperse the load.
8. On the Specify device policies page, specify whether to request any security restrictions on client PCs
and devices. There are two device policies that can be individually selected:
Encr ypt Work Folders Requests that Work Folders be encrypted on client PCs and devices
Automatically lock screen, and require a password Requests that client PCs and devices
automatically lock their screens after 15 minutes, require a six-character or longer password to
unlock the screen, and activate a device lockout mode after 10 failed retries
IMPORTANT
To enforce password policies for Windows 7 PCs and for non-administrators on domain-joined PCs, use
Group Policy password policies for the computer domains and exclude these domains from the Work Folders
password policies. You can exclude domains by using the Set-Syncshare -PasswordAutoExcludeDomain
cmdlet after creating the sync share. For information about setting Group Policy password policies, see
Password Policy.
9. Review your selections and complete the wizard to create the sync share.
You can create sync shares using Windows PowerShell by using the New-SyncShare cmdlet. Below is an example
of this method:
New-SyncShare "HR Sync Share" K:\Share-1 –User "HR Sync Share Users"
The example above creates a new sync share named Share01 with the path K:\Share-1, and access granted to the
group named HR Sync Share Users
TIP
After you create sync shares you can use File Server Resource Manager functionality to manage the data in the shares. For
example, you can use the Quota tile inside the Work Folders page in Server Manager to set quotas on the user folders. You
can also use File Screening Management to control the types of files that Work Folders will sync, or you can use the
scenarios described in Dynamic Access Control for more sophisticated file classification tasks.
NOTE
The msDS-SyncServerURL property in Active Directory should not be defined for remote users that are accessing Work
Folders through a reverse proxy solution such as Web Application Proxy or Azure AD Application Proxy. If the msDS-
SyncServerURL property is defined, the Work Folders client will try to access an internal URL that's not accessible through
the reverse proxy solution. When using Web Application Proxy or Azure AD Application Proxy, you need to create unique
proxy applications for each Work Folders server. For more details, see Deploying Work Folders with AD FS and Web
Application Proxy: Overview or Deploying Work Folders with Azure AD Application Proxy.
Before you can do so, you must install a Windows Server 2012 R2 domain controller or update the forest and
domain schemas by using the Adprep /forestprep and Adprep /domainprep commands. For information on how
to safely run these commands, see Running Adprep.
You probably also want to create a security group for file server administrators and give them delegated
permissions to modify this particular user attribute, as described in Step 5 and Step 6. Without these steps you
would need to get a member of the Domain Admins or Enterprise Admins group to configure automatic
discovery for each user.
To specify the sync server for users
1. Open Server Manager on a computer with Active Directory Administration Tools installed.
2. On the Tools menu, click Active Director y Administration Center . Active Directory Administration
Center appears.
3. Navigate to the Users container in the appropriate domain, right-click the user you want to assign to a
sync share, and then click Proper ties .
4. In the Navigation pane, click Extensions .
5. Click the Attribute Editor tab, select msDS-SyncSer verUrl and then click Edit . The Multi-valued String
Editor dialog box appears.
6. In the Value to add box, type the URL of the sync server with which you want this user to sync, click Add ,
click OK , and then click OK again.
NOTE
The sync server URL is simply https:// or http:// (depending on whether you want to require a secure
connection) followed by the fully qualified domain name of the sync server. For example,
https://sync1.contoso.com .
To populate the attribute for multiple users, use Active Directory PowerShell. Below is an example that populates
the attribute for all members of the HR Sync Share Users group, discussed in Step 5.
$SyncServerURL = "https://sync1.contoso.com"
$GroupName = "HR Sync Share Users"
NOTE
These policy settings are available only when editing Group Policy from a computer running Group Policy Management on
Windows 8.1, Windows Server 2012 R2 or later. Versions of Group Policy Management from earlier operating systems do
not have this setting available. These policy settings do apply to Windows 7 PCs on which the Work Folders for Windows 7
app has been installed.
See also
For additional related information, see the following resources.
C O N T EN T T Y P E REF EREN C ES
The topics in this section provide instructions for deploying Work Folders with Active Directory Federation
Services (AD FS) and Web Application Proxy. The instructions are designed to help you create a complete
functioning Work Folders setup with client machines that are ready to start using Work Folders either on-
premises or over the Internet.
Work Folders is a component introduced in Windows Server 2012 R2 that allows information workers to sync
work files between their devices. For more information about Work Folders, see Work Folders Overview.
To enable users to sync their Work Folders across the Internet, you need to publish Work Folders through a
reverse proxy, making Work Folders available externally on the Internet. Web Application Proxy, which is included
in AD FS, is one option that you can use to provide reverse proxy functionality. Web Application Proxy pre-
authenticates access to the Work Folders web application by using AD FS, so that users on any device can access
Work Folders from outside the corporate network.
NOTE
The instructions covered in this section are for a Windows Server 2016 environment. If you're using Windows Server 2012
R2, follow the Windows Server 2012 R2 instructions.
Prerequisites
To follow the procedures and examples in these topics, you need to have the following components ready:
An Active Directory® Domain Services forest with schema extensions in Windows Server 2012 R2 to
support automatic referral of PCs and devices to the correct file server when you are using multiple file
servers. It is preferable that DNS be enabled in the forest, but this is not required.
A domain controller: A server that has the AD DS role enabled, and is configured with a domain (for the
test example, contoso.com).
A domain controller running at least Windows Server 2012 R2 is needed in order to support device
registration for Workplace Join. If you don't want to use Workplace Join, you can run Windows Server
2012 on the domain controller.
Two servers that are joined to the domain (e.g., contoso.com) and that are running Windows Server 2016.
One server will be for used for AD FS, and the other will be used for Work Folders.
One server that is not domain joined and that is running Windows Server 2016. This server will run Web
Application Proxy, and it must have one network card for the network domain (e.g., contoso.com) and
another network card for the external network.
One domain-joined client computer that is running Windows 7 or later.
One non-domain-joined client computer that is running Windows 7 or later.
For the test environment that we're covering in this guide, you should have the topology that is shown in the
following diagram. The computers can be physical machines or virtual machines (VMs).
Deployment overview
In this group of topics, you'll walk through a step-by-step example of setting up AD FS, Web Application Proxy,
and Work Folders in a test environment. The components will be set up in this order:
1. AD FS
2. Work Folders
3. Web Application Proxy
4. The domain-joined workstation and non-domain-joined workstation
You will also use a Windows PowerShell Script to create self-signed certificates.
Deployment steps
To perform the deployment by using the Windows Server user interface, follow the steps in these topics:
Deploy Work Folders with AD FS and Web Application Proxy: Step 1, Set Up AD FS
Deploy Work Folders with AD FS and Web Application Proxy: Step 2, AD FS Post-Configuration Work
Deploy Work Folders with AD FS and Web Application Proxy: Step 3, Set Up Work Folders
Deploy Work Folders with AD FS and Web Application Proxy: Step 4, Set Up Web Application Proxy
Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set Up Clients
See Also
Work Folders Overview Designing a Work Folders Implementation Deploying Work Folders
Deploy Work Folders with AD FS and Web
Application Proxy: Step 1, Set-up AD FS
8/18/2020 • 6 minutes to read • Edit Online
This topic describes the first step in deploying Work Folders with Active Directory Federation Services (AD FS) and
Web Application Proxy. You can find the other steps in this process in these topics:
Deploy Work Folders with AD FS and Web Application Proxy: Overview
Deploy Work Folders with AD FS and Web Application Proxy: Step 2, AD FS Post-Configuration Work
Deploy Work Folders with AD FS and Web Application Proxy: Step 3, Set Up Work Folders
Deploy Work Folders with AD FS and Web Application Proxy: Step 4, Set Up Web Application Proxy
Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set Up Clients
NOTE
The instructions covered in this section are for a Windows Server 2019 or Windows Server 2016 environment. If you're
using Windows Server 2012 R2, follow the Windows Server 2012 R2 instructions.
To set up AD FS for use with Work Folders, use the following procedures.
Pre-installment work
If you intend to convert the test environment that you're setting up with these instructions to production, there are
two things that you might want to do before you start:
Set up an Active Directory domain administrator account to use to run the AD FS service.
Obtain a Secure Sockets Layer (SSL) subject alternative name (SAN) certificate for server authentication. For
the test example, you will use a self-signed certificate but for production you should use a publicly trusted
certificate.
Obtaining these items can take some time, depending on your company's policies, so it can be beneficial to start
the request process for the items before you begin to create the test environment.
There are many commercial certificate authorities (CAs) from which you can purchase the certificate. You can find
a list of the CAs that are trusted by Microsoft in KB article 931125. Another alternative is to get a certificate from
your company's enterprise CA.
For the test environment, you will use a self-signed certificate that is created by one of the provided scripts.
NOTE
AD FS does not support Cryptography Next Generation (CNG) certificates, which means that you cannot create the self-
signed certificate by using the Windows PowerShell cmdlet New-SelfSignedCertificate. You can, however, use the
makecert.ps1 script included in the Deploying Work Folders with AD FS and Web Application Proxy blog post. This script
creates a self-signed certificated that works with AD FS and prompts for the SAN names that will be needed to create the
certificate.
.\makecert.ps1
6. When you are prompted to change the subject certificate, enter the new value for the subject. In this
example, the value is blueadfs.contoso.com .
7. When you are prompted to enter SAN names, press Y and then enter the SAN names, one at a time.
For this example, type blueadfs.contoso.com and press Enter, then type 2016-adfs.contoso.com and
press Enter, then type enterpriseregistration.contoso.com and press Enter.
When all of the SAN names have been entered, press Enter on an empty line.
8. When you are prompted to install the certificates to the Trusted Root Certification Authority store, press Y.
The AD FS certificate must be a SAN certificate with the following values:
AD FS service name.domain
enterpriseregistration.domain
AD FS server name.domain
In the test example, the values are:
blueadfs.contoso.com
enterpriseregistration.contoso.com
2016-adfs.contoso.com
The enterpriseregistration SAN is needed for Workplace Join.
Set the server IP address
Change your server IP address to a static IP address. For the test example, use IP class A, which is 192.168.0.160 /
subnet mask: 255.255.0.0 / Default Gateway: 192.168.0.1 / Preferred DNS: 192.168.0.150 (the IP address of your
domain controller).
Add-WindowsFeature RSAT-AD-Tools
Add-WindowsFeature ADFS-Federation –IncludeManagementTools
Configure AD FS
Next, configure AD FS by using either Server Manager or Windows PowerShell.
Configure AD FS by using Server Manager
To configure AD FS by using Server Manager, follow these steps:
1. Open Server Manager.
2. Click the Notifications flag at the top of the Server Manager window, and then click Configure the
federation ser vice on this ser ver .
3. The Active Directory Federation Services Configuration Wizard launches. On the Connect to AD DS page,
enter the domain administrator account that you want to use as the AD FS account, and click Next .
4. On the Specify Ser vice Proper ties page, enter the subject name of the SSL certificate to use for AD FS
communication. In the test example, this is blueadfs.contoso.com .
5. Enter the Federation Service name. In the test example, this is blueadfs.contoso.com . Click Next .
NOTE
The Federation Service name must not use the name of an existing server in the environment. If you do use the
name of an existing server, the AD FS installation will fail and must be restarted.
6. On the Specify Ser vice Account page, enter the name that you would like to use for the managed service
account. For the test example, select Create a Group Managed Ser vice Account , and in Account
Name , enter ADFSSer vice . Click Next .
7. On the Specify Configuration Database page, select Create a database on this ser ver using
Windows Internal Database , and click Next .
8. The Review Options page shows you an overview of the options you have selected. Click Next .
9. The Pre-requisite Checks page indicates whether all the prerequisite checks passed successfully. If there
are no issues, click Configure .
NOTE
If you used the name of the AD FS server or any other existing machine for the Federation Service Name, an error
message is displayed. You must start the installation over and choose a name other than the name of an existing
machine.
10. When the configuration completes successfully, the Results page confirms that AD FS was successfully
configured.
Configure AD FS by using PowerShell
To accomplish the equivalent configuration of AD FS via Windows PowerShell, use the following commands.
To install AD FS:
Add-WindowsFeature RSAT-AD-Tools
Add-WindowsFeature ADFS-Federation -IncludeManagementTools
After you configure AD FS, you must set up an AD FS farm by using the managed service account that you created
in the previous step and the certificate you created in the pre-configuration steps.
To set up an AD FS farm:
Next step: Deploy Work Folders with AD FS and Web Application Proxy: Step 2, AD FS Post-Configuration Work
See Also
Work Folders Overview
Deploy Work Folders with AD FS and Web
Application Proxy: Step 2, AD FS Post-Configuration
Work
8/18/2020 • 7 minutes to read • Edit Online
This topic describes the second step in deploying Work Folders with Active Directory Federation Services (AD FS)
and Web Application Proxy. You can find the other steps in this process in these topics:
Deploy Work Folders with AD FS and Web Application Proxy: Overview
Deploy Work Folders with AD FS and Web Application Proxy: Step 1, Set Up AD FS
Deploy Work Folders with AD FS and Web Application Proxy: Step 3, Set Up Work Folders
Deploy Work Folders with AD FS and Web Application Proxy: Step 4, Set Up Web Application Proxy
Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set Up Clients
NOTE
The instructions covered in this section are for a Windows Server 2019 or Windows Server 2016 environment. If you're
using Windows Server 2012 R2, follow the Windows Server 2012 R2 instructions.
In step 1, you installed and configured AD FS. Now, you need to perform the following post-configuration steps
for AD FS.
IMPORTANT
When you set up AD FS by using the Windows Server user interface (UI) instead of Windows PowerShell, you must
create an A record instead of a CNAME record for AD FS. The reason is that the service principal name (SPN) that is
created via the UI contains only the alias that is used to set up the AD FS service as the host.
4. In IP address , enter the IP address for the AD FS server. In the test example, this is 192.168.0.160 . Click
Add Host .
5. In the Forward Lookup Zones folder, right-click on your domain again, and select New Alias (CNAME) .
6. In the New Resource Record window, add the alias name enterpriseregistration and enter the FQDN
for the AD FS server. This alias is used for Device Join and must be called enterpriseregistration .
7. Click OK .
To accomplish the equivalent steps via Windows PowerShell, use the following command. The command must be
executed on the domain controller.
See Also
Work Folders Overview
Deploy Work Folders with AD FS and Web
Application Proxy: Step 3, Set-up Work Folders
8/18/2020 • 8 minutes to read • Edit Online
This topic describes the third step in deploying Work Folders with Active Directory Federation Services (AD FS)
and Web Application Proxy. You can find the other steps in this process in these topics:
Deploy Work Folders with AD FS and Web Application Proxy: Overview
Deploy Work Folders with AD FS and Web Application Proxy: Step 1, Set Up AD FS
Deploy Work Folders with AD FS and Web Application Proxy: Step 2, AD FS Post-Configuration Work
Deploy Work Folders with AD FS and Web Application Proxy: Step 4, Set Up Web Application Proxy
Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set Up Clients
NOTE
The instructions covered in this section are for a Windows Server 2019 or Windows Server 2016 environment. If you're
using Windows Server 2012 R2, follow the Windows Server 2012 R2 instructions.
Pre-installment work
In order to install Work Folders, you must have a server that is joined to the domain and running Windows Server
2016. The server must have a valid network configuration.
For the test example, join the machine that will run Work Folders to the Contoso domain and set up the network
interface as described in the following sections.
Set the server IP address
Change your server IP address to a static IP address. For the test example, use IP class A, which is 192.168.0.170 /
subnet mask: 255.255.0.0 / Default Gateway: 192.168.0.1 / Preferred DNS: 192.168.0.150 (the IP address of your
domain controller).
Create the CNAME record for Work Folders
To create the CNAME record for Work Folders, follow these steps:
1. On your domain controller, open DNS Manager .
2. Expand the Forward Lookup Zones folder, right-click on your domain, and click New Alias (CNAME) .
3. In the New Resource Record window, in the Alias name field, enter the alias for Work Folders. In the test
example, this is workfolders .
4. In the Fully qualified domain name field, the value should be workfolders.contoso.com .
5. In the Fully qualified domain name for target host field, enter the FQDN for the Work Folders server.
In the test example, this is 2016-WF.contoso.com .
6. Click OK .
To accomplish the equivalent steps via Windows PowerShell, use the following command. The command must be
executed on the domain controller.
6. When you are prompted to change the subject certificate, enter the new value for the subject. In this
example, the value is workfolders.contoso.com .
7. When you are prompted to enter subject alternative name (SAN) names, press Y and then enter the SAN
names, one at a time.
For this example, type workfolders.contoso.com , and press Enter. Then type 2016-WF.contoso.com
and press Enter.
When all of the SAN names have been entered, press Enter on an empty line.
8. When you are prompted to install the certificates to the Trusted Root Certification Authority store, press Y.
The Work Folders certificate must be a SAN certificate with the following values:
workfolders .domain
machine name .domain
In the test example, the values are:
workfolders.contoso.com
2016-WF.contoso.com
$subject = "workfolders.contoso.com"
Try
{
#In case there are multiple certificates with the same subject, get the latest version
$cert = Get-ChildItem CERT:\LocalMachine\My |where {$_.Subject -match $subject} | sort $_.NotAfter -
Descending | select -first 1
$thumbprint = $cert.Thumbprint
$Command = "http add sslcert ipport=0.0.0.0:443 certhash=$thumbprint appid={CE66697B-3AA0-49D1-BDBD-
A25C8359FD5D} certstorename=MY"
$Command | netsh
}
Catch
{
" Error: unable to locate certificate for $($subject)"
Exit
}
The following example uses the New-WebBinding cmdlet to find the certificate with the subject
workfolders.contoso.com and bind it to port 443:
$subject = "workfolders.contoso.com"
Try
{
#In case there are multiple certificates with the same subject, get the latest version
$cert =Get-ChildItem CERT:\LocalMachine\My |where {$_.Subject -match $subject } | sort $_.NotAfter -
Descending | select -first 1
$thumbprint = $cert.Thumbprint
New-WebBinding -Name "Default Web Site" -IP * -Port 443 -Protocol https
#The default IIS website name must be used for the binding. Because Work Folders uses Hostable Web Core and
its own configuration file, its website name, 'ECSsite', will not work with the cmdlet. The workaround is to
use the default IIS website name, even though IIS is not enabled, because the NewWebBinding cmdlet looks for
a site in the default IIS configuration file.
Push-Location IIS:\SslBindings
Get-Item cert:\LocalMachine\MY\$thumbprint | new-item *!443
Pop-Location
}
Catch
{
" Error: unable to locate certificate for $($subject)"
Exit
}
Set up AD FS authentication
To configure Work Folders to use AD FS for authentication, follow these steps:
1. Open Ser ver Manager .
2. Click Ser vers , and then select your Work Folders server in the list.
3. Right-click the server name, and click Work Folders Settings .
4. In the Work Folder Settings window, select Active Director y Federation Ser vices , and type in the
Federation Service URL. Click Apply .
In the test example, the URL is https://blueadfs.contoso.com .
The cmdlet to accomplish the same task via Windows PowerShell is:
If you're setting up AD FS with self-signed certificates, you might receive an error message that says the
Federation Service URL is incorrect, unreachable, or a relying party trust has not been set up.
This error can also happen if the AD FS certificate was not installed on the Work Folders server or if the CNAME
for AD FS was not set up correctly. You must correct these issues before proceeding.
Export the Work Folders certificate
The self-signed Work Folders certificate must be exported so that you can later install it on the following machines
in the test environment:
The server that is used for Web Application Proxy
The domain-joined Windows client
The non-domain-joined Windows client
To export the certificate, follow the same steps you used to export the AD FS certificate earlier, as described in
Deploy Work Folders with AD FS and Web Application Proxy: Step 2, AD FS Post-Configuration Work, Export the
AD FS certificate.
Next step: Deploy Work Folders with AD FS and Web Application Proxy: Step 4, Set Up Web Application Proxy
See Also
Work Folders Overview
Deploy Work Folders with AD FS and Web
Application Proxy: Step 4, Set-up Web Application
Proxy
8/18/2020 • 4 minutes to read • Edit Online
This topic describes the fourth step in deploying Work Folders with Active Directory Federation Services (AD FS)
and Web Application Proxy. You can find the other steps in this process in these topics:
Deploy Work Folders with AD FS and Web Application Proxy: Overview
Deploy Work Folders with AD FS and Web Application Proxy: Step 1, Set Up AD FS
Deploy Work Folders with AD FS and Web Application Proxy: Step 2, AD FS Post-Configuration Work
Deploy Work Folders with AD FS and Web Application Proxy: Step 3, Set Up Work Folders
Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set Up Clients
NOTE
The instructions covered in this section are for a Windows Server 2019 or Windows Server 2016 environment. If you're
using Windows Server 2012 R2, follow the Windows Server 2012 R2 instructions.
To set up Web Application Proxy for use with Work Folders, use the following procedures.
NOTE
If you have multiple Work Folders servers, you need to publish a Work Folders web application for each Work
Folders server (repeat steps 1-10).
Next step: Deploy Work Folders with AD FS and Web Application Proxy: Step 5, Set Up Clients
See Also
Work Folders Overview
Deploy Work Folders with AD FS and Web
Application Proxy: Step 5, Set-up Clients
8/18/2020 • 4 minutes to read • Edit Online
This topic describes the fifth step in deploying Work Folders with Active Directory Federation Services (AD FS)
and Web Application Proxy. You can find the other steps in this process in these topics:
Deploy Work Folders with AD FS and Web Application Proxy: Overview
Deploy Work Folders with AD FS and Web Application Proxy: Step 1, Set Up AD FS
Deploy Work Folders with AD FS and Web Application Proxy: Step 2, AD FS Post-Configuration Work
Deploy Work Folders with AD FS and Web Application Proxy: Step 3, Set Up Work Folders
Deploy Work Folders with AD FS and Web Application Proxy: Step 4, Set Up Web Application Proxy
Use the following procedures to set up the domain-joined and non-domain joined Windows clients. You can use
these clients to test whether files are syncing correctly between the clients' Work Folders.
See Also
Work Folders Overview
Storage Quality of Service
8/18/2020 • 29 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
Storage Quality of Service (QoS) in Windows Server 2016 provides a way to centrally monitor and manage
storage performance for virtual machines using Hyper-V and the Scale-Out File Server roles. The feature
automatically improves storage resource fairness between multiple virtual machines using the same file server
cluster and allows policy-based minimum and maximum performance goals to be configured in units of
normalized IOPs.
You can use Storage QoS in Windows Server 2016 to accomplish the following:
Mitigate noisy neighbor issues. By default, Storage QoS ensures that a single virtual machine cannot
consume all storage resources and starve other virtual machines of storage bandwidth.
Monitor end to end storage performance. As soon as virtual machines stored on a Scale-Out File
Server are started, their performance is monitored. Performance details of all running virtual machines and
the configuration of the Scale-Out File Server cluster can be viewed from a single location
Manage Storage I/O per workload business needs Storage QoS policies define performance
minimums and maximums for virtual machines and ensures that they are met. This provides consistent
performance to virtual machines, even in dense and overprovisioned environments. If policies cannot be
met, alerts are available to track when VMs are out of policy or have invalid policies assigned.
This document outlines how your business can benefit from the new Storage QoS functionality. It assumes that
you have a previous working knowledge of Windows Server, Windows Server Failover Clustering, Scale-Out File
Server, Hyper-V, and Windows PowerShell.
Overview
This section describes the requirements for using Storage QoS, an overview of a software-defined solution using
Storage QoS, and a list of Storage QoS related terminologies.
Storage QoS Requirements
Storage QoS supports two deployment scenarios:
Hyper-V using a Scale-Out File Ser ver This scenario requires both of the following:
Storage cluster that is a Scale-Out File Server cluster
Compute cluster that has least one server with the Hyper-V role enabled
For Storage QoS, the Failover Cluster is required on Storage servers, but the compute servers are not
required to be in a failover cluster. All servers (used for both Storage and Compute) must be running
Windows Server 2016.
If you do not have a Scale-Out File Server cluster deployed for evaluation purposes, for step by step
instructions to build one using either existing servers or virtual machines, see Windows Server 2012 R2
Storage: Step-by-step with Storage Spaces, SMB Scale-Out and Shared VHDX (Physical).
Hyper-V using Cluster Shared Volumes. This scenario requires both of the following:
Compute cluster with the Hyper-V role enabled
Hyper-V using Cluster Shared Volumes (CSV) for storage
Failover Cluster is required. All servers must be running the same version of Windows Server 2016.
Using Storage QoS in a software -defined storage solution
Storage Quality of Service is built into the Microsoft software-defined storage solution provided by Scale-Out File
Server and Hyper-V. The Scale-Out File Server exposes file shares to the Hyper-V servers using the SMB3 protocol.
A new Policy Manager has been added to the File Server cluster, which provides the central storage performance
monitoring.
Figure 1: Using Storage QoS in a software-defined storage solution in Scale-Out File Ser ver
As Hyper-V servers launch virtual machines, they are monitored by the Policy Manager. The Policy Manager
communicates the Storage QoS policy and any limits or reservations back to the Hyper-V server, which controls
the performance of the virtual machine as appropriate.
When there are changes to Storage QoS policies or to the performance demands by virtual machines, the Policy
Manager notifies the Hyper-V servers to adjust their behavior. This feedback loop ensures that all virtual machines
VHDs perform consistently according to the Storage QoS policies as defined.
Glossary
T ERM DESC RIP T IO N
InitiatorID An identifier matching the virtual machine ID. This can always
be used to uniquely identify individual flows virtual machines
even if the virtual machines have the same InitiatorName.
Policy Storage QoS policies are stored in the cluster database, and
have the following properties: PolicyId, MinimumIOPS,
MaximumIOPS, ParentPolicy, and PolicyType.
PS C:\> Get-StorageQosFlow
The following sample command is formatted to show virtual machine name, Hyper-V host name, IOPs, and VHD
file name, sorted by IOPS.
FilePath : C:\ClusterStorage\Volume2\SHARES\TWO\BUILDWORKLOAD\BUILDVM1.V
HDX
FlowId : ebfecb54-e47a-5a2d-8ec0-0940994ff21c
InitiatorId : ae4e3dd0-3bde-42ef-b035-9064309e6fec
InitiatorIOPS : 464
InitiatorLatency : 26.2684
InitiatorName : BuildVM1
InitiatorNodeName : plang-c2.plang.nttest.microsoft.com
Interval : 300000
Limit : 500
PolicyId : b145e63a-3c9e-48a8-87f8-1dfc2abfe5f4
Reservation : 500
Status : Ok
StorageNodeIOPS : 475
StorageNodeLatency : 7.9725
StorageNodeName : plang-fs1.plang.nttest.microsoft.com
TimeStamp : 2/12/2015 2:58:49 PM
VolumeId : 4d91fc3a-1a1e-4917-86f6-54853b2a6787
PSComputerName :
MaximumIops : 500
MinimumIops : 500
Interval : 300000
IOPS : 0
Latency : 0
Limit : 0
Reservation : 0
Status : Ok
TimeStamp : 2/12/2015 2:59:38 PM
VolumeId : 434f561f-88ae-46c0-a152-8c6641561504
PSComputerName :
MaximumIops : 0
MinimumIops : 0
Interval : 300000
IOPS : 1097
Latency : 3.1524
Limit : 0
Reservation : 1568
Status : Ok
TimeStamp : 2/12/2015 2:59:38 PM
VolumeId : 4d91fc3a-1a1e-4917-86f6-54853b2a6787
PSComputerName :
MaximumIops : 0
MinimumIops : 1568
Interval : 300000
IOPS : 5354
Latency : 6.5084
Limit : 0
Reservation : 781
Status : Ok
TimeStamp : 2/12/2015 2:59:38 PM
VolumeId : 0d2fd367-8d74-4146-9934-306726913dda
PSComputerName :
MaximumIops : 0
MinimumIops : 781
$desktopVmPolicy = New-StorageQosPolicy -Name Desktop -PolicyType Dedicated -MinimumIops 100 -MaximumIops 200
Next, apply it to the appropriate virtual machines' hard disk drives on the Hyper-V server. Note the PolicyId from
the previous step or store it in a variable in your scripts.
On the Scale-Out File Server, using PowerShell, create a Storage QoS policy and get its Policy ID as shown in the
following example:
C:\> $desktopVmPolicy.PolicyId
Guid
----
cd6e6b87-fb13-492b-9103-41c6f631f8e0
On the Hyper-V server, using PowerShell, set the Storage QoS Policy using the Policy ID as shown in the following
example:
On the Hyper-V server, you can also use the provided script Get-VMHardDiskDrivePolicy.ps1 to see what policy
is applied to a virtual hard disk drive.
Path : \\plang-fs.plang.nttest.microsoft.com\two\BuildWorkload
\BuildVM1.vhdx
DiskNumber :
MaximumIOPS : 0
MinimumIOPS : 0
QoSPolicyID : cd6e6b87-fb13-492b-9103-41c6f631f8e0
SupportPersistentReservations : False
ControllerLocation : 0
ControllerNumber : 0
ControllerType : IDE
PoolName : Primordial
Name : Hard Drive
Id : Microsoft:AE4E3DD0-3BDE-42EF-B035-9064309E6FEC\83F8638B
-8DCA-4152-9EDA-2CA8B33039B4\0\0\D
VMId : ae4e3dd0-3bde-42ef-b035-9064309e6fec
VMName : BuildVM1
VMSnapshotId : 00000000-0000-0000-0000-000000000000
VMSnapshotName :
ComputerName : PLANG-C2
IsDeleted : False
PS C:\> Get-StorageQosPolicy
Status can change over time based on how the system is performing.
Ok - All flows using that policy are receiving their requested MinimumIOPs.
InsufficientThroughput - One or more of the flows using this policy are not receiving the Minimum IOPs
You can also pipe a policy to Get-StorageQosPolicy to get the status of all flows configured to use the policy as
follows:
PS C:\> $highPerf = New-StorageQosPolicy -Name SqlWorkload -MinimumIops 1000 -MaximumIops 5000 -PolicyType
Aggregated
[plang-fs]: PS C:\Users\plang\Documents> $highPerf.PolicyId
Guid
----
7e2f3e73-1ae4-4710-8219-0769a4aba072
The following example shows how to apply the Storage QoS Policy on Hyper-V server using the policyID obtained
in the preceding example:
The following example shows how to viewing effects of the Storage QoS policy from file server:
PS C:\> Get-StorageQosFlow -InitiatorName WinOltp1 | format-list InitiatorName, PolicyId, MinimumIOPs,
MaximumIOPs, StorageNodeIOPs, FilePath
InitiatorName : WinOltp1
PolicyId : 7e2f3e73-1ae4-4710-8219-0769a4aba072
MinimumIops : 250
MaximumIops : 1250
StorageNodeIOPs : 0
FilePath : C:\ClusterStorage\Volume2\SHARES\TWO\BASEVHD\9914.0.AMD64FRE.WIN
MAIN.141218-1718_SERVER_SERVERDATACENTER_EN-US.VHDX
InitiatorName : WinOltp1
PolicyId : 7e2f3e73-1ae4-4710-8219-0769a4aba072
MinimumIops : 250
MaximumIops : 1250
StorageNodeIOPs : 0
FilePath : C:\ClusterStorage\Volume3\SHARES\THREE\WINOLTP1\BOOT.VHDX
InitiatorName : WinOltp1
PolicyId : 7e2f3e73-1ae4-4710-8219-0769a4aba072
MinimumIops : 1000
MaximumIops : 5000
StorageNodeIOPs : 4550
FilePath : C:\ClusterStorage\Volume3\SHARES\THREE\WINOLTP1\IOMETER.VHDX
PS C:\> Get-StorageQosFlow -InitiatorName WinOltp1 | for
mat-list InitiatorName, PolicyId, MinimumIOPs, MaximumIOPs, StorageNodeIOPs, FilePath
InitiatorName : WinOltp1
PolicyId : 7e2f3e73-1ae4-4710-8219-0769a4aba072
MinimumIops : 250
MaximumIops : 1250
StorageNodeIOPs : 0
FilePath : C:\ClusterStorage\Volume2\SHARES\TWO\BASEVHD\9914.0.AMD64FRE.WIN
MAIN.141218-1718_SERVER_SERVERDATACENTER_EN-US.VHDX
InitiatorName : WinOltp1
PolicyId : 7e2f3e73-1ae4-4710-8219-0769a4aba072
MinimumIops : 250
MaximumIops : 1250
StorageNodeIOPs : 0
FilePath : C:\ClusterStorage\Volume3\SHARES\THREE\WINOLTP1\BOOT.VHDX
InitiatorName : WinOltp1
PolicyId : 7e2f3e73-1ae4-4710-8219-0769a4aba072
MinimumIops : 1000
MaximumIops : 5000
StorageNodeIOPs : 4550
FilePath : C:\ClusterStorage\Volume3\SHARES\THREE\WINOLTP1\IOMETER.VHDX
Each virtual hard disk will have the MinimumIOPs and MaximumIOPs and MaximumIobandwidth value adjusted
based on its load. This ensures that the total amount of bandwidth used for the group of disks stays within the
range defined by policy. In the example above, the first two disks are idle, and the third one is allowed to use up to
the maximum IOPs. If the first two disks start issuing IO again, then the maximum IOPs of the third disk will be
lowered automatically.
Modify an existing policy
The properties of Name, MinimumIOPs, MaximumIOPs, and MaximumIoBandwidthcan be changed after a policy is
created. However, the Policy Type (Aggregated/Dedicated) cannot be changed once the policy is created.
The following Windows PowerShell cmdlet shows how to change the MaximumIOPs property for an existing
policy:
[DBG]: PS C:\demoscripts>> Get-StorageQosPolicy -Name SqlWorkload | Set-StorageQosPolicy -MaximumIops 6000
Confirm
Are you sure you want to perform this action?
Performing the operation "DeletePolicy" on target "MSFT_StorageQoSPolicy (PolicyId =
"7e2f3e73-1ae4-4710-8219-0769a4aba072")".
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):
InitiatorName PolicyId
------------- --------
WinOltp1 7e2f3e73-1ae4-4710-8219-0769a4aba072
WinOltp1 7e2f3e73-1ae4-4710-8219-0769a4aba072
WinOltp1 7e2f3e73-1ae4-4710-8219-0769a4aba072
Once the PolicyId is removed from the virtual hard disk settings, the status will be "Ok" and no minimum or
maximum will be applied.
You can determine flows for any status, including InsufficientThroughput as shown in the following example:
FilePath : C:\ClusterStorage\Volume3\SHARES\THREE\WINOLTP1\IOMETER.VHDX
FlowId : 1ca356ff-fd33-5b5d-b60a-2c8659dc803e
InitiatorId : 2ceabcef-2eba-4f1b-9e66-10f960b50bbf
InitiatorIOPS : 12168
InitiatorLatency : 22.983
InitiatorName : WinOltp1
InitiatorNodeName : plang-c1.plang.nttest.microsoft.com
Interval : 300000
Limit : 20000
PolicyId : 5d1bf221-c8f0-4368-abcf-aa139e8a7c72
Reservation : 15000
Status : InsufficientThroughput
StorageNodeIOPS : 12181
StorageNodeLatency : 22.0514
StorageNodeName : plang-fs2.plang.nttest.microsoft.com
TimeStamp : 2/13/2015 12:07:30 PM
VolumeId : 0d2fd367-8d74-4146-9934-306726913dda
PSComputerName :
MaximumIops : 20000
MinimumIops : 15000
EventTime :
FaultId : 0d16d034-9f15-4920-a305-f9852abf47c3
FaultingObject :
FaultingObjectDescription : Storage QoS Policy 5d1bf221-c8f0-4368-abcf-aa139e8a7c72
FaultingObjectLocation :
FaultType : Storage QoS policy used by consumer does not exist.
PerceivedSeverity : Minor
Reason : One or more storage consumers (usually Virtual Machines) are
using a non-existent policy with id
5d1bf221-c8f0-4368-abcf-aa139e8a7c72. Consumer details:
EventTime :
FaultId : dfb4b672-22a6-4229-b2ed-c29d7485bede
FaultingObject :
FaultingObjectDescription : Virtual disk 'Two'
FaultingObjectLocation :
FaultType : VirtualDiskDegradedFaultType
PerceivedSeverity : Minor
Reason : Virtual disk 'Two' does not have enough redundancy remaining to
successfully repair or regenerate its data.
RecommendedActions : {Rebalance the pool, replace failed physical disks, or add new
physical disks to the storage pool, then repair the virtual
disk.}
PSComputerName :
param($cimSession)
# Register and display events
Register-CimIndicationEvent -Namespace root\microsoft\windows\storage -ClassName msft_storagefaultevent -
CimSession $cimSession
while ($true)
{
$e = (Wait-Event)
$e.SourceEventArgs.NewEvent
Remove-Event $e.SourceIdentifier
}
PS C:\Windows\system32> Get-StorageQosPolicy
PS C:\Windows\system32> Get-StorageQoSFlow | fL
InitiatorName,FilePath,InitiatorIOPS,InitiatorLatency,InitiatorBandwidth
InitiatorName : testsQoS
FilePath : C:\ClusterStorage\Volume2\TESTSQOS\VIRTUAL HARD DISKS\TESTSQOS.VHDX
InitiatorIOPS : 5
InitiatorLatency : 1.5455
InitiatorBandwidth : 37888
PS C:\Windows\system32> Get-StorageQosPolicyStore
IOPSNormalizationSize
---------------------
8192
IOPSNormalizationSize
---------------------
32768
See Also
Windows Server 2016
Storage Replica in Windows Server 2016
Storage Spaces Direct in Windows Server 2016
Change history for storage topics in Windows Server
8/18/2020 • 7 minutes to read • Edit Online
Applies to: Windows Server 2019, Windows Server 2016, Windows Server (Semi-Annual Channel)
This topic lists new and updated topics in the Storage documentation for Windows Server.
If you're looking for update history for Windows Server, see Windows 10 and Windows Server 2019 update
history or Windows Server 2016 update history.
January 2020
N EW O R C H A N GED TO P IC DESC RIP T IO N
December 2019
N EW O R C H A N GED TO P IC DESC RIP T IO N
Troubleshooting Disk Management Edited to further refine the guidance, based on customer
requests.
Change a dynamic disk back to a basic disk Fixed an error in the command line and added some info
based on customer feedback.
August 2019
N EW O R C H A N GED TO P IC DESC RIP T IO N
Storage Migration Service FAQ Updated to reflect new support for Linux sources.
June 2019
N EW O R C H A N GED TO P IC DESC RIP T IO N
May 2019
N EW O R C H A N GED TO P IC DESC RIP T IO N
Create volumes Added steps and videos for creating a volume in Windows
Admin Center.
Extend volumes Added steps and video for resizing a volume in Windows
Admin Center.
March 2019
N EW O R C H A N GED TO P IC DESC RIP T IO N
February 2019
N EW O R C H A N GED TO P IC DESC RIP T IO N
January 2019
N EW O R C H A N GED TO P IC DESC RIP T IO N
December 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
Use Storage Migration Service to migrate a server Added some clarification on how we transfer files
Cluster to Cluster Storage Replica cross region in Azure Added validation steps
Cluster to Cluster Storage Replica within the same region in Added validation steps
Azure
Storage Replica frequently asked questions Added support statement for Data Deduplication
November 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
DFS Replication: Frequently Asked Questions (FAQ) Migrated from the Previous Versions library
Migrate SYSVOL replication to DFS Replication Migrated from the Previous Versions library
SMB: File and printer sharing ports should be open Migrated from the Previous Versions library
Volume Shadow Copy Service Migrated from the Previous Versions library
October 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
What's new in Storage Updated to cover what's new in Windows Server 2019
September 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
iSCSI Target Server scalability limits Migrated from the Previous Versions library.
June 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
Server-to-server storage replication Added info on using Azure VMs, including ExpressRoute.
May 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
Deploy Storage Spaces on a stand-alone server Migrated from the Previous Versions library.
Use Robocopy to Preseed Files for DFS Replication Migrated from the Previous Versions library.
Vssadmin - Previous Versions command line tool Migrated from the Previous Versions library.
File Server Resource Manager overview Added info about a new registry setting in Windows Server
2016, version 1803.
April 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
Folder Redirection, Offline Files, and Roaming User Profiles Migrated multiple topics from the Previous Versions library.
overview
File sharing using the SMB 3 protocol Migrated from the Previous Versions library.
Improve performance of a file server with SMB Direct Migrated from the Previous Versions library.
March 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
Deploying Storage Spaces Direct Heavily revised to include both converged and hyper-
converged scenarios.
Deploying Roaming User Profiles Moved from Previous Versions library and updated.
Storage Replica frequently asked questions Added Is CSV required to replicate in a stretch cluster or
between clusters?.
February 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
Using Storage Spaces Direct with the CSV in-memory read New topic.
cache
January 2018
N EW O R C H A N GED TO P IC DESC RIP T IO N
December 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Troubleshooting Disk Management Rewrote the A disk's status is Not Initialized or the disk is
missing entirely section to add extensive troubleshooting
steps, based on customer requests.
Planning volumes in Storage Spaces Direct Added a table summarizing the resiliency types available on
four-node and larger clusters.
November 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
What's new in storage Added info about what's new in Windows Server, version
1709.
Add servers or drives Added information about how Storage Spaces Direct
automatically optimizes drive usage after adding drives.
October 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Overview of Disk Management Published 13 new topics for Windows and Windows Server.
Storage Replica overview Added what's new info for Windows Server, version 1709.
Cluster to cluster storage replication Revised the number of supported cluster nodes for Storage
Spaces Direct.
Storage Spaces Direct hardware requirements Added a note about a specific line of NVMe devices.
July 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
File Server Resource Manager Published 33 new topics for Windows Server 2016.
Understanding the cache in Storage Spaces Direct Added a Storage Spaces Direct design considerations video.
Storage Replica frequently asked questions Added more best practices around log volumes.
June 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Planning a Work Folders deployment Added info about Azure AD Application Proxy support &
updated requirements.
Work Folders Added info about Azure AD Application Proxy support &
updated requirements.
Deploying Storage Spaces Direct Removed Nano Server from supported installation options.
File Server Resource Manager New topic for Windows Server 2016.
May 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Data Deduplication overview and Updated the system requirements to include a newer software
Install Data Deduplication update.
N EW O R C H A N GED TO P IC DESC RIP T IO N
Deploying Work Folders Added info about Azure AD Application Proxy support &
updated required steps.
Deploying Storage Spaces Direct Added step 1.3 with required features and fixed an obsolete
parameter in Enable-NetAdapterQos.
Storage Replica frequently asked questions Added info on how to choose between different replication
topologies.
Storage Spaces Direct hardware requirements Changed drive endurance requirements for cache devices.
April 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Deploying Storage Spaces Direct Removed a reference to an obsolete software update and fixed
a typo in the sample output.
March 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Taking a Storage Spaces Direct server offline for maintenance New topic.
February 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Adding server or drives to Storage Spaces Direct Revamped with new images and updated content.
January 2017
N EW O R C H A N GED TO P IC DESC RIP T IO N
Storage Replica frequently asked questions Updated port requirements and clarified how extending
replicated volumes works.
Storage Replica known issues Added info about a fix in the December 9, 2016 Cumulative
Update and added info about how to resolve an error when
extending a replicated volume.
Deploying Storage Spaces Direct Removed some obsolete content and added new links.