Problems using DFS accross a Forest Trust

Posted on 2008-11-07
Medium Priority
Last Modified: 2012-06-21
I have two Windows 2003 AD domains with a forest-level trust established between them. DNS forwarding has been configured properly and resource access (\\server.domain.com\share works properly between the two forests.

I want to have users in Forest1 access a DFS (domain root) that is located in forest2. The actual shares are located within forest2. When users browse to \\forest2.com\shared (DFS root) they recieve the following error:

"Configuration information could not be read from the domain controller, either because machine is unavailable, or access has been denied."

If the same user attempts to access the actual share via \\sever2.forest2.com\shared they are able to access the files correctly, just not through the DFS root.Rights are assigned in forest2 via DLG (Domain Local Group) which includes members from forest1.

Any help would be greatly appreciated
Question by:maddenjc
1 Comment

Accepted Solution

maddenjc earned 0 total points
ID: 22964207
I figured out what was causing this issue. I was receiving this error due to a name resolution issue. The default funtionality for DFS is to use NetBIOS names in the response to clients. The clients in the other name does not use WINS, only DNS. Since the DFS servers were only issuing \\servername instead of \\servername.something.com the resolution would fail giving me the error above.

There are a couple of solutions to this type of problem, but we ended up pushing a GPO to all workstaions in forest1 to configure DNS Suffix Search orders and everything has been working well. I will note that there is a registry key that can be put on the DFS servers to configure it to use DNS FQDN's; however, for domain-based DFS roots it requres you to export all links and recreate your roots  and then import your links with modified FQDN addresses...  We choose the DNS suffix route instead for now...   :)

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question