Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

Troubleshooting Access Denied or Mount Hung from NFS client for clustered Data ONTAP

Last Updated:

Applies to



This guide intends to provide a set of troubleshooting procedures to assist with identifying the cause of an NFS mount hang or access denied response. 

It is recommended that all command-line input and resulting console output be recorded in a text file for later review. Providing this in a technical support case may significantly improve time to resolution.

Throughout this guide, commands with diagnostic and advances privilege levels are used. Exercise all with due caution when running these commands as erroneous inputs might have unexpected consequences.

Common Causes of Access Denied or Hang

There are many causes of NFS mounts that fail with access denied or continually re-attempt and appear to hang. The following list describes the most common causes that have been observed. The following section will provide troubleshooting strategies that will enable you to quickly identify and remediate the cause of the issue.

  • Export rule does not exist for the client's IP or hostname
  • Mount attempts prior to provisioning the name services including netgroup or DNS entries results in negative entry in access cache
  • DNS resolution of client IP to name does not match netgroup or the hostname specified in the export rule
  • Missing or incorrect DNS search domains
  • DNS, NIS or LDAP server timeouts
  • Missing DNS PTR record
  • Hostname specified in export rules is not fully qualified and ends with a dot (.), also known as a rooted name
  • DNS, NIS or LDAP servers are unreachable due to network connectivity – firewall policies or route configurations
  • Lack of netgroup.byhost maps in NIS or LDAP
  • Netgroups with hostnames that will not resolve in DNS
  • Netgroup hostname case sensitivity for local files and some remote services including NIS and LDAP
  • NFSv4 mounts or NFSv3 auth=null require user mapping only if there is an NTFS volume in the path
Scan to view the article on your device