Storage zones controller

Monitor

Storage zones controller and the ShareFile administrator interface include several resources to help you monitor storage zones controller activity and troubleshoot issues:

  • General component status – The Monitoring tab on the storage zones controller console provides component status to help you start the troubleshooting process. Status is provided for items such as access permissions, service status, and Heartbeat Status, which indicates the storage zones controller outbound connectivity to the ShareFile control plane.

    Storage zones controller sends updates to the ShareFile web application every 5 minutes. If the ShareFile web application does not receive an update within 10 minutes, it marks the storage zones controller as offline.

    For items on the Monitoring tab that appear in red, review the log files for detailed information.

    The Monitoring tab does not indicate whether a storage zone is working in terms of connectivity. This includes whether the ShareFile control plane can reach the external storage zones URL or whether a client is able to reach the zone.

  • Storage zones controller server information – For information about the storage use, network use, and file activity of the server: From the ShareFile interface, log on to your ShareFile Enterprise account, go to Admin > StorageZones, click the storage zone, and then click a storage zones controller host name.

ShareFile storage zones Host

  • Zone information – For information about the storage use, network use, and file activity for a zone: From the ShareFile interface, log on to your ShareFile Enterprise account, go to Admin > StorageZones, and click a zone name.

ShareFile storage zones Zone

  • Storage zones controller health status – To determine whether ShareFile.com is receiving heartbeat messages from the storage zones controllers joined to the zone, view the Health status: From the ShareFile interface, log on to your ShareFile Enterprise account, go to Admin > StorageZones, verify that the Health column has a green check mark, and then click the site name to verify that the Heartbeat message indicates that the storage zones controller is responding.

ShareFile storage zones Health

  • Log files – Log files provide detailed information about storage zones controller configuration and its components, as described in the next section.

Log files

The following log files for the storage zones controller are located by default in C:\inetpub\wwwroot\Citrix\StorageCenter\SC\logs:

Log file name Contains logging information for
cfgsrv-%date%.txt storage zones controller configuration actions, including modifying an existing storage zones configuration, creating a new Storage Zone, and joining a new storage zones controller to an existing primary storage zones controller
sc-%date%.txt ShareFile data upload and download activity for standard zones
CIFS-%date%.txt storage zone connectors for Network File Shares upload and download activity
sharepoint-%date%.txt storage zone connectors for SharePoint upload and download activity
cloudstorageuploader-%date%.txt Cloud Storage Uploader Service (to a supported third-party storage system)
copy-%date%.txt ShareFile Copy Service
delete–%date%.txt ShareFile Cleanup Service, for the persistent storage cache
s3uploader–%date%.txt ShareFile Management Service. Includes heartbeat status messages

Extended logging is available for each of the following components and is useful when you need to provide detailed information to support.

Component Location of AppSettingsRelease.config
ShareFile Data C:\inetpub\wwwroot\Citrix\StorageCenter
storage zone connectors for Network File Shares C:\inetpub\wwwroot\Citrix\StorageCenter\cifs
storage zone connectors for SharePoint C:\inetpub\wwwroot\Citrix\StorageCenter\sp

To enable extended logging

The following steps enable extended logging for all storage zones controller components and services:

  1. On the storage zones controller server, open IIS.
  2. Navigate to the default website and then open Application Settings.
  3. Change the value for enable-extended-logging from 0 to 1.
  4. Restart the Citrix ShareFile Management Service.
  5. After you have resolved the issue, we recommend that you clear extended logging to reduce the amount of logging.

To enable extended logging for a particular component, edit its AppSettingsRelease.config file: Change the value of <add key="enable-extended-logging" value="0" /> from 0 to 1.

You can also check IIS logs to determine if traffic is reaching the storage zones controller. IIS logs show all incoming requests. IIS logs for the storage zones controller are in c:\inetpub\logs\LogFiles\W3SVC1.

To enable extended IIS logging, see http://support.microsoft.com/kb/313437.

Troubleshoot installation and configuration

Issue Description and resolution
“HTTP Error 404 - File or Directory not found” appears during storage zones controller configuration The message typically results from an issue with IIS or ASP.NET. Make sure that the IIS role is enabled on the Windows installation and that the ASP.NET feature is enabled on IIS.
“HTTP Error 404.2 – Not Found” appears when browsing localhost on the storage zones controller The message indicates that ISAPI and CGI restrictions for ASP.NET are not set to Allowed.
“HTTP Error 413 – Request entity too large” appears after an upload attempt The message can appear on a network trace after a failed upload attempt to a storage zone and can result from a client certificate setting in IIS. To work around this issue, on the storage zones controller server, open IIS. Navigate to the default website and then open SSL Settings. For Client certificates, select Ignore. Restart the Citrix ShareFile Management Service.
IIS errors occur during storage zones controller configuration IIS errors typically indicate that ASP.NET is not fully configured. Verify in the IIS Manager, under ISAPI and CGI Restrictions, that Restriction is set to Allowed for all of the ASP.NET listings. Verify that ASP.NET is registered in IIS: In IIS Manager, under Application Pools, verify that there are ASP.NET listings. To manually register ASP.NET, see the command lines following this table. If you continue to have issues, review your IIS and ASP.NET setup.
“Failed to Save Storage Center Binding” appears during storage zones controller configuration The message indicates a permissions problem on the IIS Account Pool user. By default, application pools operate under the Network Service user account. Storage zones controller uses the Network Service account by default. If you use a named user account instead of the Network Service account, the named user account must have full access to the network share used for private data storage.
“Access denied” appears during zone configuration The message can occur if the ShareFile account you are logged on as does not have permission to create and manage zones. Use the ShareFile administrator console to set that permission.
Outbound requests are blocked When outbound requests are blocked, the cfgsrv log includes System.Net.WebException: The remote server returned an error: (403) Forbidden. This issue is likely due to the proxy server blocking outbound requests. Verify that your firewall meets the requirements specified in storage zones controller system requirements
“Unable to connect to remote server” appears when you log on to the storage zones controller The message typically indicates a proxy issue. Make sure that your proxy settings are configured. If the proxy settings are correct, verify that you can log into your ShareFile account from the storage zones controller. Verify that you have administrator-level permissions to configure the storage zones controller and that port 443 is open on the external firewall.
The folder named ShareFileStorage on your network share does not include SCKeys.txt after you enable and configure storage zones for ShareFile Data storage zones controller creates SCKeys.txt during installation unless the account you used to install the storage zone controller is not in the access control list. Update the access control list and reinstall the storage zones controller.
File uploads to a shared folder fail after you create a zone This issue indicates a problem with your internal DNS. You must have both an internal and external DNS record for the storage zones controller FQDN.
On the Monitoring tab, the Heartbeat Status is red A red icon indicates the storage zone controller isn’t able to send heartbeat messages to the ShareFile website. Check if the icons for other components are red. If so, refer to the logs for more information. If the s3uploader log shows a failure to send the heartbeat, the storage zones controller server might not be able to contact the ShareFile website unless it goes through a proxy server. To specify a proxy server for the storage zones controller, open the controller console and go to the Networking tab. If the storage zones controller server cannot access the ShareFile website using a network service user, either allow the network service user to access the ShareFile website or set up a Windows user account with outbound access to the proxy server.
A storage zone does not appear in the ShareFile administrator interface This issue can indicate a problem with the external address or firewall. First verify in the storage zones controller console that the External Address does not include the port. If it does, remove the port and then restart the controller. If the External Address does not include the port, make sure that your Windows firewall is configured correctly. By default, Windows firewall settings allow outbound traffic for the ShareFile services on port 443. Storage zones controller requires that setting. Verify the Windows firewall allows outbound traffic on port 443 for the following processes: C:\inetpub\wwwroot\Citrix\StorageCenter\SCFileCleanSvc\FileDeleteService.exe, C:\inetpub\wwwroot\Citrix\StorageCenter\SCFileCopySvc\FileCopyService.exe, C:\inetpub\wwwroot\Citrix\StorageCenter\s3uploader\S3UploaderService.exe, C:\inetpub\wwwroot\Citrix\StorageCenter\CloudStorageUploaderSvc\CloudStorageUploaderService.exe, C:\inetpub\wwwroot\Citrix\StorageCenter\SCProxyEmailSvc\ProxyEmailService.exe
Storage zones controller does not upload data to ShareFile In the Citrix ADC console, right-click the load balancing virtual server for statistics, to verify whether traffic is reaching Citrix ADC from the ShareFile control plane, storage zones controller, and ShareFile clients. When you upload a file and the virtual server shows an increase in hits, then the traffic is passing through Citrix ADC. Verify the traffic for every point of the Citrix ADC connection: Content switching virtual server, load balancing virtual servers for connectors and for ShareFile data, HTTP callouts bound to one of the two virtual servers, responder policy bound to the ShareFile data virtual server, connectors virtual server binding to Citrix ADC AAA. Then, test uploads for ShareFile data by unbinding the responder policy in the load balancing virtual server for ShareFile data. (The responder policy drops incoming traffic that is not signed by the ShareFile control plane. From a web browser, type the external FQDN of storage zones controller. If there is connectivity, the ShareFile logo appears. From a web browser, type the URL for a connector. If the following URLs are successful to test accessibility of storage zone connectors, you will be prompted for credentials even if the back-end server is down. Or, if you are logged on as a user, you will get an API response. https://szc-address/cifs/v3/Items/ByPath?path=\\path, https://szc-address/sp/v3/Items/ByPath?path=http://sharepoint-server. The API response is in this form: {“Name”:”connectorName”,“FileName”:”FileName”,“CreationDate”:”date”,“ProgenyEditDate”:”date”,“IsHidden”:false,“Path”:”“,”StreamID”:”id”,“odata.metadata”:”https://szc-address/cifs/v3/$metadata#Items/ShareFile.Api.Models.Folder@Element”,“Id”:”id”}. Other examples: https://szc-address/cifs/v3/getItems(itemID), https://szc-address/sp/v3/getItems(itemID). For iOS: https://szc-address/cifs/v3/Items/(connector-folder-ID)?$select=Name,FileName,CreationDate,ProgenyEditDate.... Test devices from the external network. Device connectivity issues can result from DNS setup. You must have an external DNS record and you might also need an internal DNS record for the external storage zones FQDN. If you are having trouble with a particular device only, test that device.
The ShareFile Connectivity from File Cleanup Services status is a red icon after you upgrade the storage zones controller A red icon occurs if Windows starts the File Cleanup Service before the storage zones controller establishes a network connection. The status will return to a green icon after the controller server is back on the network.
“Path exceeds max length (1024)” appears during connector creation The message can occur if the external address configured for storage zones controller points to the ShareFile website instead of the storage zones controller server FQDN.
“Invalid name” appears when configuring a new storage zones controller after deleting an old one. The message can occur if entities related to the old storage zones controller still exist. To resolve this issue: Uninstall the new storage zones controller. Delete the shared network folder. Delete the folder c:\inetpub\wwwroot\Citrix. Open regedit and delete the key HKEY_LOCAL_MACHINE/Software/Wow6432Note/Citrix. Install and configure a new storage zones controller. If the issue persists, contact your support representative. This message occurs when storage zone servers cannot resolve the storage zone FQDN via DNS or the local hosts file.

To manually register ASP.NET

cd /d C:\Windows\Microsoft.NET\Framework\v4.0.30319
iisreset /stop
aspnet_regiis -i
iisreset /start
%systemroot%\system32\inetsrv\appcmd set config /section:isapiCgiRestriction
/[path='%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll'].allowed:True
%systemroot%\system32\inetsrv\appcmd set config /section:isapiCgiRestriction
/[path='%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll'].allowed:True
<!--NeedCopy-->

Troubleshoot ShareFile clients and web app

If a mobile device won’t connect to a connector, verify connectivity. Many connectivity issues are covered in the preceding table. Make sure the storage zone controller is on-line. Upload a file to the zone. If the upload works, the issue is specific to the connectors. Try to connect from the mobile device using both the cellular and company network. Check that the SharePoint server or file server is available.

If a “HTTP Error 401 – Unauthorized” appears when trying to access a connector, it might be any of the following issues that can prevent a user from accessing a connector from ShareFile clients or the ShareFile web app:

  • Incorrect configuration of IIS: Verify that the Web Services (IIS) role has Basic Authentication and Windows Authentication enabled. If those options are not listed under Security, use Server Manager to install them and then restart IIS.
  • Incorrect user permissions: Verify that the AD user has access to the share. From Server Manager, go to Share and Storage Management, and add the user or change the user permissions as needed.
  • A problem with Citrix ADC authentication, authorization, and auditing group access.

If a “HTTP Error 403 – Forbidden” appears when connecting to a SharePoint site, the SharePoint server might be configured for basic authentication but the storage zone controller might not be configured to cache credentials. To resolve this issue, add <add key="CacheCredentials" value="1"/> to C:\inetpub\wwwroot\Citrix\StorageCenter\sp\AppSettingsRelease.config.

If a “HTTP Error 503 – Service unavailable” appears when mobile apps try to access a connector, then the connectors are sending a response but are unable to handle the HTTP request. This can occur if content switching policies, load balancing VIPs, or the responder policy are incorrectly configured or bound on the Citrix ADC. To resolve this issue, review the Citrix ADC configuration for ShareFile and correct the configuration.

Monitor