"Network Error 53", "The data area passed to a system call is too small" or "Unknown Error"

  • Makale

"Network Error 53", "The data area passed to a system call is too small" or "Unknown Error"

Client for NFS included with Windows Server 2003 R2 returns different errors when trying to access NFS shares on UNIX-based NFS servers. The exact error message may depend on your environment - you might get one or more from the ones mentioned above. And, at the same time, SFU 3.5 Client for NFS may work just fine.

Analyzing the network traffic may show MOUNT or NFS calls being "rejected for security reasons (5)".

The R2 Client for NFS uses high ports (>1024) to connect to NFS servers and that's known to cause the above errors. There are two ways to fix this -

    • Change how your NFS servers export the NFS shares and make them allow connections from high ports, or,
    • Add UseReservedPorts DWORD value under HKLM\Software\Microsoft\Client for NFS\CurrentVersion\Default and set it to 1. Restart the Client for NFS service to allow the change to take effect.

Should you worry about security when you change your NFS server to allow connection from high ports? The answer is NO. An excerpt from RFC2623 says so -

Many NFS servers will require that the client send its NFS requests
from UDP or TCP source ports with values < 1024. The theory is that
binding to ports < 1024 is a privileged operation on the client, and
so the client is enforcing file access permissions on its end. The
theory breaks down because:

* On many operating systems, there are no constraints on what port
what user can bind to.
* Just because the client host enforces the privilege on binding
to ports < 1024 does not necessarily mean that a non-privileged
user cannot gain access to the port binding privilege. For
example with a single-user desk-top host running a UNIX
operating system, the user may have knowledge of the root user
password. And even if he does not have that knowledge, with
physical access to the desk-top machine, root privileges are
trivially acquired.

On the other hand, turning off low ports check on the NFS servers ensures compatibility with NFS clients irrespective of clients using high or low ports to access the NFS servers.

Note that above mentioned errors can be caused by number of other factors as well so if the solutions mentioned above don't work for you - focus your troubleshooting on other aspects.

Comments

  • Anonymous
    August 13, 2007
    The comment has been removed

  • Anonymous
    August 13, 2007
    I guess the problem lies somewhere else. Did you try the mount command? Please use the Email link in the side bar of this blog and send me a network trace while you are trying to mount the shares using the mount command.

  • Anonymous
    August 14, 2007
    BTW,  our network is like this: windows network is a private LAN (192.168.x.x) and we have a router for the windows network to connect to outside.   The NFS server is a remote server.

  • Anonymous
    August 14, 2007
    While I was trying mount command, I used Microsoft network monitor to trace the network traffic And I saw some RPC frames to which network monitor gives a description of 'Unknown Message Type'. BTW, is there a way I can send you a file attachment?

  • Anonymous
    August 14, 2007
    The comment has been removed

  • Anonymous
    August 14, 2007
    Thank you for the reply But there's no way for me to attach a file. What I want to do is to send you a *.cap file generated by Network Monitor.   I can only type text message there.

  • Anonymous
    August 14, 2007
    Right, send me a mail, I'll reply using my email ID and then you can send me the attachment. Publishing my email ID will attract spam and that's what I want to avoid. I hope you understand my concern.

  • Anonymous
    August 14, 2007
    thanks. My friend told me how I should reach you through email. I just sent you a email.

  • Anonymous
    December 06, 2007
    The comment has been removed

  • Anonymous
    November 09, 2008
    This does not appear to work for XP which has the same problem for me. Nov 10 18:59:42 m25lnx1 mountd[4038]: refused mount request from 10.0.0.1 for /home (/home): illegal port 1378

  • Anonymous
    November 11, 2008
    The comment has been removed

  • Anonymous
    July 13, 2011
    The comment has been removed

  • Anonymous
    July 14, 2011
    @evo - I don't have the emails that I exchanged with yifli now. Did you try adding insecure option on the server side? Drop me an email using the form at blogs.msdn.com/.../contact.aspx.

  • Anonymous
    May 20, 2012
    The comment has been removed