newbe101
asked on
Windows server 2003 domain DFS connectivity in remote location
Hi all,
I have 2 doman controllers, each in a different location connected via a vpn. I am using DFS for the client mapped drives. The DFS syncs properly. In the main location, the logon script works perfect. All the script does is map drives via the DFS (ie. net use x: \\mydomain.local\dfs\stuff ). In the location with the PDC (and where the dfs was originally setup), the script works fine. However, in the other location with the SDC, the script fails to map the drives for the workstations. While attempting to map the drives I get the following error: error 1351; configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
thanks for the help
I have 2 doman controllers, each in a different location connected via a vpn. I am using DFS for the client mapped drives. The DFS syncs properly. In the main location, the logon script works perfect. All the script does is map drives via the DFS (ie. net use x: \\mydomain.local\dfs\stuff
thanks for the help
When you say they're connected via vpn do you mean a branch office vpn (firewall to firewall)? Anyhing in the Event Logs on either server?
ASKER
yes, firewall to firewall. I looked in the event logs and there was nothing regarding this. Do I need to setup the dfs roots on the second DC? I thought everything was handled by active directory.
Ok is your active directory replicating correctly ? you can check via event viewer.....
and also check dns to make sure there is no errors there.... Usually an access denied in active directory is a permission issue.... and can be a replication issue if the permissions haven't replicated to the other server....
Also if you can give a more detailed description of your network setup it will help us with the troubleshooting.....
ASKER
there haven't been any errors in the event logs for active directory, replication, dns or dfs for some time. I can manually map drives for the users in the second location to their dc using \\SDC\folder (which replicate from PDC) just fine.
My network: 2 locations connected together via a site to site vpn over a wan. Each location has a DC (location 1 has the PDC and location 2 has the SDC). Both DC's are windows 2003 servers R2. Both run active directory which sync just fine. SDC looks to PDC for dns. Both sites have been setup in AD using subnets. I enabled DFS insite only. Both DC's can ping each other using their respective FQDN.
One thing I noticed is if I open the DFS setup on the SDC, it doesn't show any roots at all (not sure if this is supposed to be this way) even though the folders replicate between the 2 DC's.
My network: 2 locations connected together via a site to site vpn over a wan. Each location has a DC (location 1 has the PDC and location 2 has the SDC). Both DC's are windows 2003 servers R2. Both run active directory which sync just fine. SDC looks to PDC for dns. Both sites have been setup in AD using subnets. I enabled DFS insite only. Both DC's can ping each other using their respective FQDN.
One thing I noticed is if I open the DFS setup on the SDC, it doesn't show any roots at all (not sure if this is supposed to be this way) even though the folders replicate between the 2 DC's.
Try adding new dfs root browse to the primary dc and select it...
ASKER
should I add it?
yes
ASKER
on the sdc, I attempted to add a new root. I told the SDC to look at its self, then I named the root the same as on the PDC. It then says that the root name already exists.
ASKER
even though it does not show it.
ASKER
in the dfs snap in, I tried show root. I browsed and found my root on the PDC... when I attempt to show it, it says root cannot be found even though it sees it in the browse portion.
Usually when that happends something is not transfering accross the vpn (netbios, permissions something) on the VPN do you have split-tunnel setup on the firewalls ?
ASKER
I am using a hardware vpn (routers). I don't know what split-tunnel is.
what kind of firewalls are they ?
ASKER
linksys business to business vpn routers... Also, I checked the permissions for authenticated users on both DCs and they were exactly the same.
ASKER
sorry authenticated users security in the dfs portion of the AD users and groups snap in
try adding domain users to the security group
ASKER
k... gimme a sec.
ASKER
I am going to add domain users to the PDC and see if it updates the SDC
will do
ASKER
OK, so it updated the security changes from the PDC to the SDC. But adding domain users did not work.
is the second dc setup as a bridge head server ? use" ip" to update ? make sure to set it up on both sides.....
and remenber remote DC's default take 15 min to update..... its not instant......
and remenber remote DC's default take 15 min to update..... its not instant......
ASKER
I think I changed the dc sync from 60 minutes to 15 minutes when I originally set them up.
Yes, both use IP to update each other... I don't know what a bridge head server is.
Yes, both use IP to update each other... I don't know what a bridge head server is.
ASKER
I know if i remove the dfs insite switch, both sites will be able to connect to the dfs shares. The only problem with this is that site 2 will connect to site 1 for the shares... which means site 2 file access will be slooooow.
on site 2 dc do the files replicate tot he server ?
ASKER
yes, the files copy and update both ways.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.