All Products
Search
Document Center

File Storage NAS:Other issues

Last Updated:Jun 03, 2026

FAQ covering NAS mounting, supported protocols, NFS request tuning, mount verification, and force unmount.

Question navigation

Public or on-premises NAS mounting

No. NAS requires an internal network connection. For external access, connect to the file system's VPC first. Access a file system from a data center.

SMB mount failure on Linux

Troubleshoot the failure to mount an SMB file system on a Linux instance.

Mount NAS from an on-premises host

Operating environment

Instructions

Linux operating system

To mount and access the file system:

Windows operating system

macOS client

Mount the SMB file system on macOS using the Kerberos protocol. Access an SMB file system from a macOS client over a VPN connection.

Mount NAS on Alibaba Cloud Workspace

Alibaba Cloud Workspace supports NAS for shared storage across cloud desktops. Create one NAS file system per workspace.

Mount a NAS file system based on your scenario:

Simultaneous mounting with NFS and SMB

No. You can mount a file system using only one protocol at a time.

Mount NFS on Linux and SMB on Windows. Cross-platform mounting causes compatibility issues—character sets and maximum file name length differ (Windows: 255 wide characters; Linux: 255 UTF-8 bytes). Scenarios for mounting a file system and File read and write issues.

Supported OS and file systems

One-click mount supports NFS on Linux only. For other combinations (SMB on Windows, NFS on Windows, SMB on Linux), log on to the ECS instance and run the mount command manually. Mount an SMB file system, Mount an NFS file system (General-purpose NAS), and Mount an SMB file system.

Console mounting for classic networks or connected VPCs

This is not supported.

One-click mount requires the ECS instance and NAS file system to be in the same VPC. For other cases, use Cloud Assistant. Batch mount the same NFS file system on multiple ECS instances.

Note

For connected VPCs, you can mount file systems only between VPCs within the same region.

NAS cross-zone mounting

General-purpose NAS supports cross-zone mounting. Extreme NAS should be mounted in the same zone to avoid performance degradation.

Linux: Does mounting a NAS overwrite original data?

Mounting a NAS file system to a non-empty directory temporarily hides the local data and displays NAS data instead. The local data is not deleted—it reappears after unmounting.

Risks of a forced unmount

A forced unmount may lose unwritten data and cause unexpected application exits. Run fuser -mv <mount path> to identify processes using the file system. Stop them, then retry the unmount.

If unmounting still fails with no active applications, force-unmount. Restart the ECS instance afterward to clear residual kernel states; otherwise, remounting may fail.

New ECS instance not found for one-click mount

Refresh your browser, then try the mount operation again.

New mount parameters not taking effect

If the specified mount path is already mounted, the new protocol type and mount parameters are ignored. Unmount first, then rerun the mount command with the new parameters.

Supported operating systems and protocols

Batch mounting supports NFS on Linux only. For other combinations (SMB on Windows, NFS on Windows, SMB on Linux), log on to the ECS instance and mount manually. Mount an SMB file system, Mount an NFS file system (General-purpose NAS), and Mount an SMB file system.

Batch mounting network support

Batch mounting supports classic networks and cross-VPC mounting within the same region. Cross-region mounting is not supported, even if the VPCs are connected.

Batch mounting from on-premises IDCs

No. Connect from an on-premises data center (IDC) through a VPN Gateway or NAT Gateway. Access Alibaba Cloud NAS from an on-premises data center using a NAT Gateway or Access Alibaba Cloud NAS from an on-premises data center using a VPN Gateway.

Check the execution status of batch commands

Log on to the ECS console and choose Maintenance & Monitoring. On the Cloud Assistant page, check the task status in the operation records. The status will be Successful, Failed, or Partially Failed. To check the status of each ECS instance, click View in the task's Actions column.

Interpret ECS mount information

Log on to the NAS console, go to the target file system's details page, and click the Mount Targets tab. Use the query feature to check ECS mount status. Query the status of an ECS instance.

New parameters ineffective in batch mounting

If the specified mount path is already mounted, the new protocol type and mount parameters are ignored. Unmount first, then rerun the mount command with the new parameters.

Modify concurrent NFS requests

The NFS client limits concurrent requests. The kernel default is 2, which severely degrades performance. Change this to 128.

  1. Install an NFS client.

  2. Run the following commands to change the number of concurrent NFS requests to 128.

    echo "options sunrpc tcp_slot_table_entries=128" >> /etc/modprobe.d/sunrpc.conf
    echo "options sunrpc tcp_max_slot_table_entries=128" >>  /etc/modprobe.d/sunrpc.conf
    sysctl -w sunrpc.tcp_slot_table_entries=128
    Note

    Run these commands once as root after the initial NFS client installation.

  3. Optional: Restart the ECS instance.

    reboot
    Important

    Restarting an ECS instance interrupts your services. Restart during off-peak hours.

  4. Mount an NFS file system.

  5. Run the following command to check the result.

    A returned value of 128 indicates that the change was successful.

    cat /proc/sys/sunrpc/tcp_slot_table_entries

Create and mount a NAS subdirectory

Ensure the file system is mounted. Mount an NFS file system.

If you mount the NAS root directory to /mnt on a Linux ECS instance, /mnt acts as the NAS root. Create subdirectories under /mnt.

  1. Create a subdirectory in the NAS file system.

    mkdir /mnt/subdir
  2. Create a local directory to mount the NAS subdirectory.

    mkdir /tmp/mnt
    Note

    You can mount only one file system per local directory. To mount multiple file systems, create a separate local directory for each one.

  3. Mount the subdirectory.

    sudo mount -t nfs -o vers=3,nolock,proto=tcp,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport file-system-id.region.nas.aliyuncs.com:/subdir /tmp/mnt

    Replace the placeholders in the preceding command with their actual values:

    • file-system-id.region.nas.aliyuncs.com: the mount target address. To find it, log in to the NAS console, click the ID of the target file system on the File System List page, and then click Mount Targets on the file system details page.

    • /subdir: the NAS subdirectory.

    • /tmp/mnt: the local directory on the server.

Resolve Linux server issues after deleting a mount target

Symptom

If you delete a mount target in the NAS console without first unmounting the file system, the Linux server may become unresponsive or commands may hang.

Solution

  1. On the server, such as a Linux ECS instance, press Ctrl+C to interrupt the command.

  2. Run the mount command to view the mount information.

    Find the mount path in the output. In the following example, /mnt/data is the current mount path.

    debugfs on /sys/kernel/debug type debugfs (rw,relatime)
    mqueue on /dev/mqueue type mqueue (rw,relatime)
    hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
    sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
    tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=773356k,mode=700)
    xxx
    xxx
    xxx
    xxx
    0.xxx-tgp98.cn-hangzhou.nas.aliyuncs.com:/ on /mnt/data type nfs4 (rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,noresvport,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=1xx.xxx.xxx.1x5,local_lock=none,addr=1xx.xxx.xxx.1x7)
  3. Run the umount -f /mnt/data command to forcibly unmount the file system.

    Command format: umount -f <mount path>

    Note

    If the issue persists after you run the umount -f <mount path> command, try running the umount -l <mount path> command.

    After unmounting the file system, create a new mount target and then mount the file system again.

NFS 4.0 listener port mistaken for trojan

Symptom

After you mount a NAS file system using the NFSv4.0 protocol, a random port begins listening on 0.0.0.0, and you cannot locate the listener process using netstat.

Because the listener port is random and the process cannot be located, this behavior is sometimes mistaken for a trojan attack.NFSv4.0

Cause

The NFSv4.0 client uses a random port for its callback feature because fs.nfs.nfs_callback_tcpport defaults to 0. This port is safe.

Solution

Before mounting the file system, assign a fixed port by setting the fs.nfs.nfs_callback_tcpport parameter to a non-zero value.

sudo sysctl fs.nfs.nfs_callback_tcpport=<port>          

For example, after setting fs.nfs.nfs_callback_tcpport to 45450 and mounting the file system using the NFSv4.0 protocol, netstat reports 45450 as the listener port.45450

SMB mount failure on Windows Server 2016 and later

Symptom

Command and error message:

C:\Users\Administrator>net use z: \\xxxxx-xxxx.xxxxx.nas.aliyuncs.com\myshare
System error 1272 has occurred.
You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.

Cause

Windows Server 2016 and later blocks guest access to remote shared directories by default.

Solution

  • Modify the registry:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
    "AllowInsecureGuestAuth"=dword:0

    Change the entry to:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
    "AllowInsecureGuestAuth"=dword:1
  • Alternatively, run the following command in PowerShell:

    New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force

Guest access in SMB2 disabled by default in Windows 10, Windows Server 2016 version 1709, and Windows Server 2019.

Troubleshoot IIS services on Alibaba Cloud NAS

Mount failure on Windows Server 2016, HTTP error 500.19, and error code 0x8007003a are covered in Best practices for using IIS services on Alibaba Cloud NAS.

Clean up leaked client handles for SMB

Use the following tools to disconnect all connections to the SMB file system and release all handles.

  • Windows client

    Use TCPView to disconnect all connections to the SMB file system. Open TCPView (Sysinternals) and filter for established TCP connections where Remote Port is 445. Verify the Remote Address matches your mount point IP. Right-click the connection and select Close Connection to clear leaked handles.

  • Linux client

    Use killcx to disconnect all connections to the SMB file system.

NFS file lock on Windows

No. To use the file lock feature on a Windows instance, use a NAS SMB file system.

Troubleshoot ECS security group configuration

Mounting a NAS file system requires access to specific ports: 2049 and 111 for NFS, and 445 for SMB. If a security group denies outbound traffic to these ports, mounting fails.

Troubleshoot and modify security group rules as follows.

  1. Log in to the ECS console.

  2. In the left-side navigation pane, choose Network & Security > Security Groups.

  3. At the top of the page, select a resource group and a region.

  4. Click the ID of the target security group to open its details page.

  5. On the Security Group Details tab, click the Outbound tab. Check for a rule that allows outbound TCP traffic to the mount target's IP address or CIDR block on the required ports (NFS: 2049 and 111; SMB: 445).

    Note
    • By default, a basic security group allows all outbound traffic. In this case, you do not need to modify the rules.

    • By default, an advanced security group denies all outbound traffic. In this case, you must add an outbound rule that allows traffic to the IP address of the file system mount target on the required TCP ports.

    If a security group rule denies outbound traffic to the mount target's IP address or CIDR block on the required ports, click Edit in the Operation column for that rule and modify the Action or {value}. Security group rules.

    If you encounter DNS resolution failures, add the following rule to your security group to enable default DNS resolution.

    Action

    Priority

    Protocol

    Destination

    IPv4

    Port

    Allow

    1

    Custom UDP

    0.0.0.0/0

    53/53

    The following examples show how to configure a rule that allows outbound traffic to port 2049 for a mount target with the IP address 192.168.12.151.

    • Basic security group

      Action

      Priority

      Protocol

      Destination

      IPv4

      Port

      Allow

      1

      Custom TCP

      The following CIDR blocks include the mount target IP address (192.168.12.151). You can use any of them.

      • 0.0.0.0/0

      • 192.0.0.0/8

      • 192.168.0.0/16

      • 192.168.12.0/24

      • 192.168.12.151/32

      2049/2049

    • Advanced security group

      Action

      Priority

      Protocol

      Destination

      IPv4

      Port

      Allow

      1

      Custom TCP

      The following CIDR blocks include the mount target IP address (192.168.12.151). You can use any of them.

      • 0.0.0.0/0

      • 192.0.0.0/8

      • 192.168.0.0/16

      • 192.168.12.0/24

      • 192.168.12.151/32

      2049/2049

Troubleshoot NAS permission group rules

A NAS permission group acts as a whitelist. The mount target's permission group must include the IP address or CIDR block of your ECS instance, or mounting will fail.

Note

Add all private IP addresses of an ECS instance, including secondary IPs, to the mount target's permission group. This prevents mount failures caused by NIC switching.

Follow these steps to troubleshoot and modify permission group rules.

  1. Log on to the NAS console.

  2. In the left-side navigation pane, choose File System > File System List.

  3. In the top menu bar, select the resource group and region where the file system is located.

  4. Click Manage in the Actions column for the desired file system.

  5. On the file system details page, click the Mount Targets tab. On the Mount Target tab, find the permission group for the mount target.

    • If the permission group is the Default VPC permission group (all allowed), you do not need to modify it.

      The default permission group allows any IP address to access the file system with full read/write access and no restrictions for Linux users, and it cannot be modified or deleted.

    • If the mount target uses a custom permission group, click its name in the Permission Group column.

      If the rule list does not contain the IP address or CIDR block of the ECS instance, click Edit in the Actions column for the target rule. Add the IP address to the authorized address.

      For example, if a rule's authorized address does not include the IP address of the ECS instance (192.168.12.150), you can add one of the following CIDR blocks:

      • 192.168.12.150/32

      • 192.168.12.0/24

      • 192.168.0.0/16

      • 192.0.0.0/8

      • 0.0.0.0/0

Auto-generated security group for Extreme NAS

No. Extreme NAS auto-generates a security group (Createdbynas.Shouldnotdeleteit) that applies only to the Extreme NAS server's ENI. It cannot be modified or deleted. If a cloud security product flags it, add the security group to a whitelist.

Security Center high-risk alert for Extreme NAS

Security Center flags unnecessary open ports and recommends least-privilege configuration. Extreme NAS auto-generates a security group (Createdbynas.Shouldnotdeleteit) that applies only to the Extreme NAS server-side ENI. If this alert is disruptive, add the triggering rule to the whitelist.

NAS for Docker storage

No. Docker storage requires the overlay feature, which NAS currently does not support.

View NAS mount directory

  • On a Linux system, log on to the target server and run df -h to view the mount directory.

    In the output, /mnt in the Mounted on column is the mount directory on the ECS instance.

    Filesystem                                       Size  Used Avail Use% Mounted on
    devtmpfs                                         3.7G     0  3.7G   0% /devtmpfs
    tmpfs                                            3.8G     0  3.8G   0% /dev/shm
    tmpfs                                            3.8G  452K  3.8G   1% /run
    tmpfs                                            3.8G     0  3.8G   0% /sys/fs/cgroup
    /dev/vda1                                         40G  3.0G   35G   8% /
    tmpfs                                            3.8G     0  3.8G   0% /tmp
    tmpfs                                            761M     0  761M   0% /run/user/0
    19f04a4****-i****.cn-chengdu.nas.aliyuncs.com:/   10P     0   10P   0% /mnt
  • On a Windows system, view the mount directory in File Explorer.

NFS client retry mechanism and error codes

Network jitter, concurrent access, or backend exceptions can delay NAS requests and trigger error codes. These are typically transient—retry the operation.

Error code

Description

EAGAIN

The resource is temporarily unavailable.

EBUSY

The device or resource is busy.

EIO

Input/output error.

ENOMEM

Out of memory.

ETIMEDOUT

The connection timed out.

EREMOTEIO

Remote I/O error.

ESTALE

The file handle is stale. Do not retry if the error is caused by concurrent access and delete operations between different nodes. If a single node exclusively accesses the file, retry the operation.

Important

Always mount NFS NAS with the hard option. The soft option can compromise data consistency. If you use soft, you assume all associated risks.

Visual file transfer for NAS on Linux

Upload and download files using one of the following methods:

Garbled Chinese file names on Windows NFS

Cause

The NFS protocol on Windows does not support UTF-8 encoding by default.

Solution

Enable global UTF-8 support in Windows to resolve this issue.

  1. In the search box on the taskbar, enter intl.cpl and click Open.

  2. Switch to the Administrative tab and click Change system locale.

  3. Select the checkbox for Beta: Use Unicode UTF-8 for worldwide language support.

  4. Click OK and restart the ECS instance to apply the settings.

AD domain: mount failure with error 5

Symptom

Mounting a network share on a host in an AD domain fails with error code 5.

C:\Users\Administrator>net use z: \\09a34xxx.cn-shanghai.nas.aliyuncs.com\myshare /user:mount.com\Administrator
xxx
System error 5 has occurred.
Access is denied.

Solution

  1. Press Win+R to open the Run dialog box, enter gpedit.msc, and click OK to open the Local Group Policy Editor.

  2. In the console tree, expand the following nodes: Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

  3. Configure the allowed encryption types for Kerberos.

    In the details pane, double-click Network security: Configure encryption types allowed for Kerberos. In the dialog box that opens, select all listed encryption types, including DES_CBC_CRC, DES_CBC_MD5, RC4_HMAC_MD5, AES128_HMAC_SHA1, and AES256_HMAC_SHA1.

  4. Click Apply > OK.

Mount an SMB instance in multiple AD domains

  1. For each AD domain, generate a corresponding keytab file. See Join an SMB file system to an AD domain for instructions.

  2. Merge the keytab files.

    1. Log on to a Linux host and upload all the keytab files.

    2. Install the ktutil utility.

      yum install -y krb5-workstation
    3. Start the ktutil interactive utility.

      ktutil
    4. Read each keytab file.

      read_kt domain-a.keytab
      read_kt domain-b.keytab
    5. View the loaded keytab entries.

      list
    6. Write the merged entries to a new file. This example uses merged.keytab as the filename.

      write_kt merged.keytab
      [user@linuxServer ~]$ ll
      total 8
      -rw-r--r-- 1 user user 94 Dec 11 10:59 issues.example.com.keytab
      -rw-r--r-- 1 root root 93 Dec 11 10:47 issues-KERBAUTH.keytab
      [user@linuxServer ~]$ ktutil
      ktutil: read_kt issues.example.com.keytab
      ktutil: read_kt issues-KERBAUTH.keytab
      ktutil: list
      slot KVNO Principal
      ---- ---- ---------------------------------------------------------------------
         1    4        HTTP/issues.example.com@EXAMPLE.LOCAL
         2    3        HTTP/issues.example.com@KERBAUTH.COM
      ktutil: write_kt merged.keytab
      ktutil: quit
      [user@linuxServer ~]$ ll
      total 12
      -rw-r--r-- 1 user user  94 Dec 11 10:59 issues.example.com.keytab
      -rw-r--r-- 1 root root  93 Dec 11 10:47 issues-KERBAUTH.keytab
      -rw------- 1 user user 193 Dec 11 11:02 merged.keytab
      [user@linuxServer ~]$
  3. Upload the merged keytab file to the console to allow clients from multiple AD domains to access the SMB instance.