By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

File system association is in error and is failing health check.

0

I am building an FSx File Gateway following the instructions here. https://qiita.com/sugimount-a/items/d01703b29054a0019522 However, I am stuck on the following two points. Attaching FSx filesystem fails No matter how many times I try, an error will occur as shown in the attached figure.

By the way, CloudWatch gave the following error when attaching. { "severity": "ERROR", "locationDnsName": "amznfsxfzajiyia.nozaki.com", "source": "fsa-02D48CA4FADD95B64", "type": "FsxFileSystemConnectionFailure", "operation": "FSxListShares", "gateway": "sgw-20EB1B49", "timestamp": "1690769047823" }

It has been confirmed that even if the security group is fully open, it is not possible to connect, and it is possible to connect from File Gateway to FSx on port 445. I would like to know the health check error and ConnectionFailure specifications.Enter image description here

Topics
Storage
Tags
Amazon FSx for Windows File Server
Language
English
Taka
asked 9 months ago325 views
1 Answer
0

Based on the shared error log, the error type is "FsxFileSystemConnectionFailure" which generally occurs when the Amazon FSx server is inaccessible from the gateway machine. To resolve this error, please look into the following:

  1. Storage Gateway VM should have access port 445 access to FSx security group. Please check if the firewall allows this traffic and FSx security group allows Storage Gateway VM IP as well. Additionally, you need to ensure that all the firewall and VPC rules are allowing the connection between the gateway machine and the Amazon FSx server. Verify that all of the following TCP ports in the network requirements document are allowed in your security group: [+] https://docs.aws.amazon.com/filegateway/latest/filefsxw/Requirements.html#requirements-network

  2. If the Storage Gateway is deployed on-prem (ESXi, Hyper-V, etc.), please ensure that the traffic from the gateway is not being blocked by the local firewall. In order to confirm this, you can run a few tests from the Storage Gateway's local console following the steps on the link below: [+] https://docs.aws.amazon.com/filegateway/latest/filefsxw/manage-on-premises-fgw.html#MaintenanceTestGatewayConnectivity-fgw

  3. Ensure that the Amazon FSx server is running.

  4. Lastly, To ensure sufficient permissions to files, folders, and file metadata, we recommend the following:

  • That you make the service account a member of the file system administrators group.

  • If you are using AWS Directory Service for Microsoft Active Directory with Amazon FSx for Windows File Server, the service account must be a member of the AWS Delegated FSx Administrators group.

  • If you are using a self-managed Active Directory with Amazon FSx for Windows File Server, we recommend that the service account be a member of the custom delegated file system administrators group you specified for file system administration when you created your Amazon FSx file system.

  • If you chose not to create a custom delegated file system administrators group when you created the Amazon FSx filesystem, the default group is Domain Admins. While you can make the service account a member of this group instead, it is not recommended as a best practice.

AWS
SUPPORT ENGINEER
AWS-User-8181026
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content