Problems using DFS accross a Forest Trust

Posted on 2008-11-07
Last Modified: 2012-06-21
I have two Windows 2003 AD domains with a forest-level trust established between them. DNS forwarding has been configured properly and resource access (\\\share works properly between the two forests.

I want to have users in Forest1 access a DFS (domain root) that is located in forest2. The actual shares are located within forest2. When users browse to \\\shared (DFS root) they recieve the following error:

"Configuration information could not be read from the domain controller, either because machine is unavailable, or access has been denied."

If the same user attempts to access the actual share via \\\shared they are able to access the files correctly, just not through the DFS root.Rights are assigned in forest2 via DLG (Domain Local Group) which includes members from forest1.

Any help would be greatly appreciated
Question by:maddenjc
    1 Comment

    Accepted Solution

    I figured out what was causing this issue. I was receiving this error due to a name resolution issue. The default funtionality for DFS is to use NetBIOS names in the response to clients. The clients in the other name does not use WINS, only DNS. Since the DFS servers were only issuing \\servername instead of \\ the resolution would fail giving me the error above.

    There are a couple of solutions to this type of problem, but we ended up pushing a GPO to all workstaions in forest1 to configure DNS Suffix Search orders and everything has been working well. I will note that there is a registry key that can be put on the DFS servers to configure it to use DNS FQDN's; however, for domain-based DFS roots it requres you to export all links and recreate your roots  and then import your links with modified FQDN addresses...  We choose the DNS suffix route instead for now...   :)

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now