Access-Base Enumeration (ABE) in a cluster

Has anybody gotten ABE to work in a cluster? Everything works fine while the group is on one of it's prefered server. When I move the group to another server, I can go to the properties of the share, click on the tab named "access-based enumeration", but the check mark to "enable Access-based enumerations on this shared folder" becomes unchecked, so ABE isn't working which becomes a problem. Anyone know how to make the setting stick on a failover?

Thanks in advance,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ABE must be installed on all servers to make it available.

shakdkAuthor Commented:
ABE is installed on all servers so the tab is there, I just need to check it everytime the group moves.
What volumes are you attempting to set this on?  I suspect the shared storage.

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Have you seen this?

ACLs must be the same on the link as the folders themselves.

I need to experiment a bit.  Does this group move on failover?

shakdkAuthor Commented:
Not sure if I'm building the correctly so any advice is welcome. I am building a cluster of three servers to act as our file server. to balance load, I created a group called USER that has the user folders and have that on Server2. I created another group for shared folders called SHARED and have that on Server3. Folders from both groups are able to fail over and move between all three servers without any problem. Then I loaded ABE. I changed the rights on test folders that I created and everytihing worked fine. I then moved USER from Server2 to Server3. All resources came up fine. (Physical Disk, File Share, IP address, and Network Name) but I could see all the folders from my test workstation. I looked at the ABE tab on the properties and the checkbox for enable ABE was not checked. Checked it again, clicked ok, and test workstation then shows correct folders. Moved back to Server3 and same problem occurs. Are there scripts that can be run after a failover? Maybe I can use the ABE scripting to re-enable it. answer your question if I didn't already, yes, its shared storage on an HP SAN.
shakdkAuthor Commented:
Thanks or the link. I was looking for something like that but my search phrases didn't quite match. I'm in the process of setting up DFS using instructions from article ID 301588. I guess after I've got tht going I'll try to implement your article. Thanks!
Something came to mind.  Is the domain these are in running in (minimum) Windows 2000 Native mode?

I think if these groups were Universal Groups they might work as expected.  Just an idea...

You might be able to script the checkbox, but ABE isn't a really popular thing at MS - kind of a Novell feature that was requested so much they accomodated.  I'd have to play around a bit and I will when I get some spare cycles.  In the meantime let's see where you get to on this.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shakdkAuthor Commented:
Well, after reading the link you provided, I was still confused. Did more searching on the web and found a microsoft technet article about it. Followed the instructions and everything works.

Here's what is says to do:

  1. Install ABE tool from the download location and install it on each of the nodes in the cluster.

  2. From the cluster administrator, for each share in the cluster, create a resource of type “application”. In the command to execute for this resource
  (under parameters), the following command should be entered “cmd /k abecmd /enable <sharename>”. Additionally, if you don’t want that cmd.exe
   will appear on the desktop, ensure that the option “Allow interaction with the desktop” isn’t checked.

  3. Make this resource depend on the share resource. (Make sure that both the application resource and the share resource are part of the same group)

  4. Take the group offline and back online to ensure that the shares that need to be ABE enabled are actually so.

  From this point on, you are good and whenever the share fails over to another node, then ABE setting follows.

Couple of items to note. Create the "generic application" resource in the same group as the file share. When the script refers to <sharename>, use the one that you can see in Computer Management, System tools, shared folders, shares.

Other than that, it works like a charm.
Good job and great info!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.