0

I am currently hosting my ASP.Net web application on AWS. I have searched for the best aws storage options for windows environment. I have found that aws File shares system FSx is suitable for our needs.

One of the required features in my app is to be able to create symbolic link on the network shared folder. On my local environment I have active directory and network shared folder. I have applied those steps to enable symbolic link on my pc with windows 10 and it works:

1- Enable remote to remote symbolic link using this cmd command:

fsutil behavior set SymlinkEvaluation R2R:1

2- Check if the feature is enabled:

fsutil behavior query SymlinkEvaluation

the result is:

Local to local symbolic links are enabled.
Local to remote symbolic links are enabled.
Remote to local symbolic links are disabled.
Remote to remote symbolic links are enabled.

3- apply this command for gain access to the target directory:

net use y: "\\share\Public\" * /user:UserName /persistent:yes

4- create symbolic link using this command:

mklink /D \\share\Public\Husam\symtest \\share\Public

It works fine on my local network with active directory.

On aws I have EC2 windows VM joined aws managed domain. The same domain I created the FSx with. I logged in to the machine with domain administrator. I gave security permission (share and security) to this uses on the shared folder using Windows File Shares GUI Tool.

When I try to create the symbolic link I get: Access Denied

mklink /d \\fs-432432fr34234a.myad.com\share\Husam\slink \\fs-432432fr34234a.myad.com\share
Access Denied

any suggestions? is there a way to add this permission in active directory?

Husam Zidan
  • 619
  • 6
  • 18

2 Answers2

1

It looks to me like mklink is not supported by amazon fsx. I can mklink to my heart's content on my ebs volume but not on the fsx. Also when I mount the share in linux ln -s test1 test2

ln: failed to create symbolic link 'test2': Operation not supported

I found a comment that said "in the GPO you can Change it in "Computer Configuration > Administrative Templates > System > Filesystem" and configure "Selectively allow the evaluation of a symbolic link" – deru May 11 '17 at 6:45." I don't think it will help because I can mklink on ebs.

This is a problem for me as my asp.net web app also uses mklink during it's setup. My solution is to use a windows container for my web app and then use docker-compose to put the links in to the FSx file system. I thought that I wanted to do the docker-compose build on the fsx volume. This was a terrible idea though because the ebs volume is way faster.

Rich Hildred
  • 41
  • 4
1

I was getting the same error messages reported above. I consulted with the AWS contacts available to the company I work for, and they confirmed that as of right now, FSx for Windows File Server does not support symbolic links.

fazouth
  • 21
  • 2