DFSR error, permission issues - 2K3 R2 Server - Event 5014 followed by 5004
I am receiving persistent DFSR errors – 5014 errors stating that replication has failed with a partner immediately followed by a 5004 stating that a successful connection has been established. The server in question is the ‘hub’ so to speak of a DFS infrastructure consisting of five total servers.
Replication is working fine.
This server is also preventing access to some of the directories within the root. This could be an entirely different issue. Most users have failed over to a target on another local server. My user account (a domain admin) can only browse the DFS root on the problem server. I receive an access denied error when trying to navigate any deeper into the folder hierarchy.
All are 2k3 R2 except for the secondary server at the main site (the one everyone is using) which is 2K8 R1. The remaining three servers are at remote offices connected via T1. Their error logs are clean.
dfsr.PNG
Replication is working fine.
This server is also preventing access to some of the directories within the root. This could be an entirely different issue. Most users have failed over to a target on another local server. My user account (a domain admin) can only browse the DFS root on the problem server. I receive an access denied error when trying to navigate any deeper into the folder hierarchy.
All are 2k3 R2 except for the secondary server at the main site (the one everyone is using) which is 2K8 R1. The remaining three servers are at remote offices connected via T1. Their error logs are clean.
dfsr.PNG
ASKER
This article suggested adding several values to the registry. The only value that did not exist on the server was DisableTaskOffload which I added and assigned a value of '1'. Unfortunately, this did not resolve either issue.
This actually sounds like a permission issue, especially since you cannot browse to the lower levels in the DFS.
Can you connect directly to the files on the root share? Check the ownership and the permissions on the files.
Can you connect directly to the files on the root share? Check the ownership and the permissions on the files.
ASKER
Permissions all check out.
I cannot connect to files directly from the server:
\\ProblemServer\DFSRoot\De
I *can* using the DFS path (via another server of course):
\\MyDomain.local\DFSRoot\D
The only folders I can view as (here again using a domain admin) are the ones where I have specificaly allowed "List folder / Read data" for authenticated users. Of course, right below that line as you can see is full control for Domain Admins. Here you see a screenshot for the directory that holds all of the global profiles, just as en example. We do this so users can see the directories but not get inside - pretty typical. My user account (a domain admin) is unable to view the contents of child directories despite the full control setting. Of course, the full access is propagating to children, and this acces works just fine on other servers. Believe me, all of the settings are identical! Remember, we could be dealing with two separate issues here.
dfsr2.PNG
I cannot connect to files directly from the server:
\\ProblemServer\DFSRoot\De
I *can* using the DFS path (via another server of course):
\\MyDomain.local\DFSRoot\D
The only folders I can view as (here again using a domain admin) are the ones where I have specificaly allowed "List folder / Read data" for authenticated users. Of course, right below that line as you can see is full control for Domain Admins. Here you see a screenshot for the directory that holds all of the global profiles, just as en example. We do this so users can see the directories but not get inside - pretty typical. My user account (a domain admin) is unable to view the contents of child directories despite the full control setting. Of course, the full access is propagating to children, and this acces works just fine on other servers. Believe me, all of the settings are identical! Remember, we could be dealing with two separate issues here.
dfsr2.PNG
Install the hotfix & do the follwoing registry change.
http://support.microsoft.com/kb/931685
http://support.microsoft.com/kb/948833
HKEY_LOCAL_MACHINE\SYSTEM\
EnableTCPChimney.
EnableTCPA
EnableRSS
Change the value to 0 and restart all the servers
Note:Take system state backup as well as registry backup separately.
http://support.microsoft.com/kb/931685
http://support.microsoft.com/kb/948833
HKEY_LOCAL_MACHINE\SYSTEM\
EnableTCPChimney.
EnableTCPA
EnableRSS
Change the value to 0 and restart all the servers
Note:Take system state backup as well as registry backup separately.
ASKER
The registry settings you specified were already in place. I installed the hotfix on two of the four Windows 2003 servers. The errors still persist. Security issue is also unresolved. I may need to contact Microsoft on this one.
Most of the times issue got resolved installing hotfix & the registry key.
I hope your server is fully patched with latest service pack & patches.Antivirus is updated to its latest.
If it doesn't do post the resolution steps from MS for others to learn.
I hope your server is fully patched with latest service pack & patches.Antivirus is updated to its latest.
If it doesn't do post the resolution steps from MS for others to learn.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/3778427a-a594-4f1d-9c97-d8d1e6a56a83