Link to home
Create AccountLog in
Avatar of phylaxict
phylaxictFlag for Netherlands

asked on

Changing NTFS security permissions replicate slow to 2nd DFS server

Hi there,

I'm not sure if this behaviour is by design but i'm experiencing some problems with setting up ntfs permission configuration on 2 fileservers who share a dfs configuration.

When i modify the rights of one of the folders, i login to one of the servers and change the permissions on f.e. e:\data\test folder. Inside this folder we have put 5 GB of testdata.

It takes 30 minutes before the changes are replicated to both the dfs servers. When i put a file on one of the servers its replicated immediatly. The servers are physicly standing next to eachother, connected through a 1000mbits network.

The performance settings in dfs are optimal, maximal bandwidth usage.

is this behaviour by design, and will i have to live with it?

Also I would like to note these 2 servers are virtual vmware servers.
Avatar of Nuno Martins
Nuno Martins
Flag of Portugal image

Hi,
If i understand well your question the problem that you are having is that when you change the ntfs permissions it takes a long time to replicate correct?
Are you trying to give permissions in the DFS management, or are you giving permissions on the local hard drive of the server?
Avatar of phylaxict

ASKER

Hi, i'm trying to give permission on the local hard drive of the server. I've read several posts of people stating this is the way to go when managing dfs filerights.
Are you following this guide lines?
"      Use NTFS permissions to secure DFS targets. If you are using File Replication Service (FRS) to replicate DFS link targets, any NTFS permission changes you make on one member of the replica set replicate to other members. If you are not using FRS for automatic replication, you must set the NTFS permissions on targets and manually propagate any changes that occur. It is also important to set shared folder permissions identically on each target of a particular root or link. Otherwise, user access might be inconsistent depending on which target the client is referred to. Note that FRS does not replicate shared folder permissions, so you must apply or update them manually to each target.
"      Set NTFS and shared folder permissions for root targets identically on all root servers. This is especially important to remember to do when you add new root targets to an existing namespace.
"      When setting NTFS permissions, always use the path of the physical folder instead of navigating through the DFS namespace to set permissions. This is especially important when you have multiple link targets for a given link. Setting permissions on a folder by using its DFS path can cause the folder to inherit permissions from its parent folder in the namespace. In addition, if there are multiple link targets, only one of them gets its permissions updated when you use the DFS path.

http://www.microsoft.com/windowsserver2003/techinfo/overview/dfsfaq.mspx
Hi, i'm not using frs just plain dfs. It all works fine, just the delay is too much, half an hour. I was wondering if this is by design.
ASKER CERTIFIED SOLUTION
Avatar of Nuno Martins
Nuno Martins
Flag of Portugal image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks!