OpenAFS for Windows

OpenAFS is the world's foremost location independent file system. With OpenAFS for Windows, users of Microsoft Windows 2000, XP, 2003, XP64, Vista (32-bit and 64-bit editions) and Server 2008 (32-bit and 64-bit editions) can make the most of this proven data sharing solution. The OpenAFS Project provides binary installation packages appropriate for both individual users and organizations with thousands of members.

Urgent News

All versions of OpenAFS for Windows prior to 1.5.62 can experience data loss when storing data to the file server.

How to Decide Which Version to Install

The following guidelines should be used for choosing an installer type. If you are upgrading from a previous installation, select the same type of installer, EXE or MSI, as was previously installed on the system. If you are installing for the first time, choose the EXE if you are installing manually and the MSI if you either need to customize the installation package (via a transform) or wish to deploy via Active Directory Group Policy.

Each installer is provided in debug and non-debug versions. The debug versions should be installed only when you are experiencing a problem and you need to assist the OpenAFS developers in debugging the problem. The non-debug version is optimized for performance, does not generate logging information by default, and does not install symbol files.

Digital Signatures

All of the installers are produced and signed by Secure Endpoints Inc.. If the signature is missing do not complete the installation process and send e-mail to openafs-security@openafs.org

Status Reports

Secure Endpoints Inc. periodically publishes a report on the current status of OpenAFS for Windows development. The most recent report was published in July 2008. Read it today!

OpenAFS for Windows 1.5.65 (1.5.6500.0)

(updated 1 October 2009)

Features:

Starting with the 1.5.50 release of OpenAFS for Windows, each of the AFS Client Service, the AFS Explorer Shell Extension, and the command-line tools are Unicode enabled. No longer is OpenAFS restricted to accessing file system objects whose names can be represented in the locale specific OEM code page. This has significant benefits for end users. Most importantly it permits non-Western languages to now be used for file system object names in AFS from Microsoft Windows operating systems. Now that Unicode names are supported, Roaming User Profiles and Folder Redirection will no longer fail when a user attempts to store an object with a name that cannot be represented in the OEM code page.
Compatible with all OpenAFS and IBM/Transarc AFS Server versions
Support for all editions of Windows Vista including SP1 and Windows Server 2008
2007 Daylight Savings Time corrected C Runtime Library DLLs
AFS credentials module for MIT Kerberos for Windows Network Identity Manager
Support for 64-bit File Sizes on both 32-bit and 64-bit versions of Microsoft Windows
Support for 64-bit Windows XP/2003/R2/Vista/2008
Implements Windows Byte Range Locking backed by AFS File Server Locks
Uses GetCapabilities RPCs to probe the server status
Logs fs crypt state to the Windows Event Log
Supports OutputDebugString debugging of the RX Library
New commands:
- fs uuid [-generate]
- fs chown -owner <user name or id> [-path <dir/file path>+] [-literal]
- fs chgrp -group <user name or id> [-path <dir/file path>+] [-literal]
Improved CIFS protocol compatibility
- Compatible with XP, Server 2003, Vista and Server 2008.
- As of 1.5.62, supports the SRVSVC and WKSSRV services providing an improved \\AFS browsing experience.
Hard Dead and Connection Timeout values restricted to the CIFS Session Timeout value.
- CIFS Extended Timeouts are automatically detected when supported by the installed version of mrxsmb.sys. See Microsoft Hot Fixes.
Improved handling of Windows Standby/Hibernate modes when network access is not available
Significant performance improvements when searching directories containing hundreds or thousands of files and sub-directories
- Implements Inline Bulk Status RPCs which speeds up directory listings
- Local B+ tree generation
- Local directory updates do not require fetching changes from the file server
Reduced time required for file open operations
Fixes critical data loss errors:
- Prior to 1.5.15, write requests queued for background processing were not retried upon failure.
- Prior to 1.5.62, write requests whose file offset is not an even multiple of the cache buffer block size would fail to store all of the dirty data.
- Prior to 1.5.62, write requests to file servers that have 2GB file limits (aka IBM file servers and OpenAFS file servers older than 1.3.70) can fail to store dirty data on the first StoreData RPC after a InitCallBackState RPC is received.
Increased cache hit ratio for data written to AFS by the local client
Improved behavior when used behind Network Address Translation (NAT) devices
As of 1.5.18, OpenAFS for Windows no longer attempts to push Kerberos v5 tickets into the logon session. This functionality is available in MIT Kerberos for Windows 3.1 and above.
Fixes a bug that could result in a failure of Microsoft Windows to boot successfully. See Security Advisory OPENAFS-SA-2007-002
Improved Explorer Shell behavior when listing directories without "read" permission.
Lower CPU utilization and overall performance improvements than 1.5.20 and earlier
The AFS Server Manager no longer terminates unexpectedly
Infinite recursions in chains of directory objects up to 512 levels deep are detected and prevented.
Data that is known to be valid will continue to be served by the cache manager when all servers are down.
Partial chunks are written to the file server whenever possible improving write performance.
Default chunk size increased to 1MB from 128KB as of 1.5.23 improving read and write performance.
The 1.5.31 release fixes a bug that would prevent failover when a volume cannot be attached by a single file server instance.
The 1.5.32 more than doubles the throughput of both reads and writes when compared to previous releases. One 1Gbit/second networks peak transfer rates of up to 32MB/second have been recorded between the cache manager and the file server.
The 1.5.39 release fixes several memory leaks.
The 1.5.53 release fixeda significant memory leak (rx packets) in the rx rpc protocol library.
The 1.5.56 and 1.5.57 releases fixes race conditions in the rx rpc protocol library that can result in the AFS Client Service terminating prematurely.
The 1.5.60 release converts all documentation to Windows HTML Help and adds registry support for CellServDB information.

Documentation:

1.5.65 Release Notes (CHM) (HTML)
1.5.65 ChangeLog

Supported Platforms:

Windows 7 and Server 2008 R2 (X86 and AMD64) are not yet officially supported.
Windows Server 2008 (X86 and AMD64) including SP1
Windows Vista (X86 and AMD64) including SP1 and SP2
Windows 2003 64 (AMD64) including SP1 and SP2
Windows XP 64 (AMD64) including SP1 and SP2
Windows 2003 R2 including SP1
Windows 2003 including SP1 and SP2
Windows XP including SP2 and SP3
Windows 2000 Workstation and Server at SP4

* Installers for Itanium systems are unavailable. Organizations interested in support for Itanium should consider donating a development/test system to OpenAFS.

Known Issues:

If a *beta* AFS plug-in for Network Identity Manager is installed, it must be uninstalled before OpenAFS 1.5.65 is installed. Otherwise, an error indicating that the plug-in cannot be installed because the appropriate version of OpenAFS is not installed will be generated.
The AFS plug-in for Network Identity Manager provided as part of OpenAFS 1.5.65 requires MIT Kerberos for Windows 3.1 or above.
Directory and File Change Notifications are ignored when accessing AFS via UNC paths
Windows Vista Specific Issues
- The help files provided with OpenAFS are in .HLP format. WinHlp32.exe must be downloaded separately from Microsoft. Secure Endpoints Inc. is funding the development of compatible HtmlHelp (.CHM) files.
- The AFS Systray Tool (afscreds.exe) and AFS Control Panel (afs_config.exe) are not User Account Control (UAC) compatible. In order to start/stop the AFS service or to modify the configuration of the AFS client service they must be "Run as Administrator".
Windows 7 and Server 2008 R2 Specific Issues
- There is a bug in Windows that will prevent access to \\AFS after an IP address has been removed or assigned after boot. When the bug is triggered, all attempts to connect to \\AFS will result in a "Bad Network Name" error. Please reproduce this issue locally and submit bug reports to Microsoft.
- All Vista issues apply as well.

Downloads for 32-bit Windows operating systems: Vista/R2/2003/XP/2000:

Downloads for 64-bit Windows operating systems: Vista/R2/2003/XP:

64-bit MSI installer

Support for 32-bit Windows Applications on 64-bit Windows operating systems

This installer is required for any 32-bit applications that require use of AFS libraries. This includes 32-bit versions of MIT Kerberos for Windows.

32-bit tools MSI installer

Note: In 64-bit versions of Microsoft Windows there are 64-bit and 32-bit versions of the command prompt and the Explorer Shell. It is very important that when installing applications that the installers be started from a 64-bit process. It is strongly recommended that the Add/Remove Programs Control Panel be used to initiate installations on 64-bit Microsoft Windows operating systems.

MIT Kerberos for Windows

OpenAFS for Windows depends on MIT Kerberos for Windows (KFW) to provide Kerberos 5 functionality. The recommended version of KFW for OpenAFS for Windows 1.5.65 is version 3.2.2. 64-bit releases of KFW are available from Secure Endpoints Inc.

Microsoft Hotfixes

Just as OpenAFS releases fixes on a continuous basis, so does Microsoft for their Windows products. If they are security related or deemed to be critical to the entire user base these hot fixes are pushed out via Microsoft's Windows Update service. However, if the fix is considered to be relevant only to a small user community, the hot fix is made available via a posting to Microsoft KnowledgeBase. When a new service pack is issued all of the outstanding hot fixes are rolled up and regression tested together.

OpenAFS for Windows is highly dependent on the correct operation of Microsoft's SMB redirector network file system driver and the Netbios communication stack. Over the years there have been a large number of bugs found and fixed within these two subsystems. At the present time there a hot fixes that have been issued by Microsoft which have yet to be bundled into a service pack for XP 32-bit, XP 64-bit and Server 2003. Hot Fixes that are considered critical for OpenAFS users are marked as such below.

Microsoft Windows Server 2003 and XP64

The current service pack level is 2.

CRITICAL! http://support.microsoft.com/kb/969289 (XP 64-bit and Server 2003: not included in SP2)

Microsoft Windows XP

The current service pack level is 3.

http://support.microsoft.com/kb/916204 (XP 32-bit included in SP3 but not SP2)
http://support.microsoft.com/kb/955535 (XP 32-bit not in SP3 or SP2)
http://support.microsoft.com/kb/954956 (XP 32-bit not in SP3 or SP2)
CRITICAL! http://support.microsoft.com/kb/971421 (XP 32-bit not in SP3 or SP2) Note: This hot fix was issued by Microsoft on 4 June 2009. It often takes several weeks for the knowledgebase article to be published. Contact Microsoft PSS and mention the kb number to obtain the hot fix package.