Juneaucounty
asked on
DFS - Access Deny
I have two servers that are running Windows Server 2008. Server1 is the primary DFS and Server2 is the secondary. I have a shared folder on both servers with the same name and I am using DFS to link them together. For example: \\Server1\departments is linked to \\Server2\departments. So no matter what gets put in one shared folder it also goes to the other.
Server1 went down today and Server2 becomes active. I could see my files working off of Server2 but couldn't make any changes. An error popped up "Access Denied" when trying to make changes. I checked shared and NTFS permissions on both Server1 and Server2 and they are identical. When Server1 is up and running I can work on the files with no problems. When Server2 is active (meaning Server1 is down), then I get an Access Denied.
Anybody have any suggestions?
Server1 went down today and Server2 becomes active. I could see my files working off of Server2 but couldn't make any changes. An error popped up "Access Denied" when trying to make changes. I checked shared and NTFS permissions on both Server1 and Server2 and they are identical. When Server1 is up and running I can work on the files with no problems. When Server2 is active (meaning Server1 is down), then I get an Access Denied.
Anybody have any suggestions?
ASKER
Great! Thanks. I looked at the information and it tells me to:
On the Memberships tab, right-click the appropriate replicated folder and member and then click Make read-only, or Make read-write
I right clicked on the replicated folder called departments and I only get the following options:
Delete Member
Disable
Properties
Help
I cannot find where it says make read-write. I also tried running the command prompt and that wasn't working either.
On the Memberships tab, right-click the appropriate replicated folder and member and then click Make read-only, or Make read-write
I right clicked on the replicated folder called departments and I only get the following options:
Delete Member
Disable
Properties
Help
I cannot find where it says make read-write. I also tried running the command prompt and that wasn't working either.
I would expect you need to select Properties in order to find the permissions. Also, the article notes you must be using the 2008 R2 DFS utility in order to make these changes.
ASKER
Thanks for the information. I clicked on properties and there were no permissions in there. I also looked for DFS utility and couldn't find anything on that. I did find DFS management that the article was talking about. I went into the DFS Management and tried finding permissions. The only thing I found was a Delegation tab. In researching this tab, this is to delegate permissions to create replication folders. Is this correct?
If thats the case, I still need help changing the DFS replcation to read-write instead of read only.
Thanks
If thats the case, I still need help changing the DFS replcation to read-write instead of read only.
Thanks
Hmm. Okay, let's turn this around. If you go to the folder that serves as the DFS root, what are the share and NTFS permissisons there? Are they set so you'd expect to be able to access them?
ASKER
I checked both server1 and server2 permissions and they are the same. I did find out when i went into properties and the general tab, the attributes is greyed out and checked with Read only (Only applies to files in folder). I can uncheck it but it goes back to read only after I apply and click ok. I did a little research and tried the following:
open registry
go to HKEY Local machine\SOFTWARE\Microsoft \Windows\C urrentVers ion\Explor er
New
DWORD
type: UseSystemForSystemFolders
Change value to 1
open cmd
type: attrib -r +s d:\departments
This didn't do anything so I am not sure how to fix the issue
Thanks!
open registry
go to HKEY Local machine\SOFTWARE\Microsoft
New
DWORD
type: UseSystemForSystemFolders
Change value to 1
open cmd
type: attrib -r +s d:\departments
This didn't do anything so I am not sure how to fix the issue
Thanks!
Is it possible the permissions/attributes are being inherited from a parent folder? If you are on the server in question, then navigate to the folder in question, are the files read-only?
Also, have you tried...
Dfsradmin membership set /RGName:<replication_group > /RFName:<replicated_folder > /MemName:<DOMAIN\Server> /RO:false
...from the link I provided earlier?
Also, have you tried...
Dfsradmin membership set /RGName:<replication_group
...from the link I provided earlier?
ASKER
the parent folder is D:\ and there is no section for read only on hard drives. Everything is read only. Yes I tried using that but it failed.
this is what i typed in:
Dfsradmin membership set /RGName:server1 and server2 /RFName:departments /MemName:Juneaucounty\serv er2 /RO:false
Heres the error it gave me:
Failed:
A parameter was expected, but and server1 /RFName:departments /MemName:Juneaucounty
\server2 /RO:false was found. The syntax order was not specified correctly.
this is what i typed in:
Dfsradmin membership set /RGName:server1 and server2 /RFName:departments /MemName:Juneaucounty\serv
Heres the error it gave me:
Failed:
A parameter was expected, but and server1 /RFName:departments /MemName:Juneaucounty
\server2 /RO:false was found. The syntax order was not specified correctly.
The DFSRAdmin command wraps lines - so it's all one command, not two. Try typing it again. It should be something like
dfsradmin membership set /rgname:whateveryourreplicationgro upiscalled /rfname:departments /memname:juneaucounty\serv er2 /ro:false
dfsradmin membership set /rgname:whateveryourreplicationgro
ASKER
I tried it as one line but it gives me the error message. I am running this command on server2 which is part of the DFS.
ASKER
FYI:
I went to a different 2008 server that I have and I found that all the folders on the c drive are set to Read only (Only applies to files in folder). Now this server doesn't use DFS so I am convinced that it isn't a DFS issue. When the attribute is checked Read only, it is greyed out. The funny thing is I can still uncheck it even though its greyed out. Once I uncheck the box then its not greyed out. Then I can check the box if I want or I can check the box and make it greyed out again. I am sooo confused.
Any help would be greatly appreciated
Thanks
I went to a different 2008 server that I have and I found that all the folders on the c drive are set to Read only (Only applies to files in folder). Now this server doesn't use DFS so I am convinced that it isn't a DFS issue. When the attribute is checked Read only, it is greyed out. The funny thing is I can still uncheck it even though its greyed out. Once I uncheck the box then its not greyed out. Then I can check the box if I want or I can check the box and make it greyed out again. I am sooo confused.
Any help would be greatly appreciated
Thanks
The greyed-out checkbox means some items in the folder are read-only and some items are not. Just about every folder has some read-only items so I'm not at all surprised you'd see the grey checkbox in just about every folder you bothered to look at.
What was the error message you received when you tried running the DFSRAdmin command the second time?
What was the error message you received when you tried running the DFSRAdmin command the second time?
ASKER
Failed:
A parameter was expected, but and server1 /RFName:departments /MemName:Juneaucounty
\server2 /RO:false was found. The syntax order was not specified correctly.
A parameter was expected, but and server1 /RFName:departments /MemName:Juneaucounty
\server2 /RO:false was found. The syntax order was not specified correctly.
I don't understand this part:
"... but and server1..."
"... but and server1..."
ASKER
me neither. Maybe the group name cannot have any spaces. My replication group name is: server2 and server1. Is there any other way to run this command?
otherwise maybe I am typing something wrong
Here is what i got:
Server1
Server2
server2 DFS management information:
replication group: server 2 and server1
folder name (its a shared folder): departments1
domain name: juneaucounty
server name: server2
with the above information I typed into server2 command prompt
dfsradmin membership set /rgname:server2 and server1 /rfname:departments /memname:juneaucounty\serv er2 /ro:false
I wrote this on one line in cmd on server2 and it gives an error:
Failed:
A parameter was expected, but and moe /RFName:departments1 /MemName:Juneaucount
\Larry /RO:false was found. The syntax order was not specified correctly.
Help:
Usage: Set membership attribute(s)
DfsrAdmin Membership Set
<Membership Addressing Attributes>
[/LocalPath:<value>] -- Local path of the replicated folder
[/DisableDirectoryVerifica tion] -- Disables the creation of the local path
for the replicated folder and modification of any existing security
settings
[/MembershipEnabled:<true/ false>] -- Specifies whether the membership is
enabled
[/StagingPath:<value>] -- Path of the staging folder
[/StagingSize:<value>] -- Size of the staging folder quota
[/CDSize:<value>] -- Size of the Conflict and Deleted folder
[/MembershipDFSFolder:<val ue>] -- Namespace path of the replicated folder
[/IsPrimary:<true/false>] -- Specifies that this membership will act as
the primary membership during initial replication phase
[/MoveDelFiles:<true/false >] -- Move deleted files to conflict and
deleted folder
Type 'DfsrAdmin Membership /?' for addressing attributes
Example:
DfsrAdmin Membership Set /RgName:UserRG /RfName:Docs
/MemName:contoso\srvr1 /LocalPath:C:\dc\Docs /MembershipEnabled:true
/StagingPath:C:\dc\staging /StagingSize:10000 /CDSize:3500
/MembershipDFSFolder:\\dat a\docs /IsPrimary:true
otherwise maybe I am typing something wrong
Here is what i got:
Server1
Server2
server2 DFS management information:
replication group: server 2 and server1
folder name (its a shared folder): departments1
domain name: juneaucounty
server name: server2
with the above information I typed into server2 command prompt
dfsradmin membership set /rgname:server2 and server1 /rfname:departments /memname:juneaucounty\serv
I wrote this on one line in cmd on server2 and it gives an error:
Failed:
A parameter was expected, but and moe /RFName:departments1 /MemName:Juneaucount
\Larry /RO:false was found. The syntax order was not specified correctly.
Help:
Usage: Set membership attribute(s)
DfsrAdmin Membership Set
<Membership Addressing Attributes>
[/LocalPath:<value>] -- Local path of the replicated folder
[/DisableDirectoryVerifica
for the replicated folder and modification of any existing security
settings
[/MembershipEnabled:<true/
enabled
[/StagingPath:<value>] -- Path of the staging folder
[/StagingSize:<value>] -- Size of the staging folder quota
[/CDSize:<value>] -- Size of the Conflict and Deleted folder
[/MembershipDFSFolder:<val
[/IsPrimary:<true/false>] -- Specifies that this membership will act as
the primary membership during initial replication phase
[/MoveDelFiles:<true/false
deleted folder
Type 'DfsrAdmin Membership /?' for addressing attributes
Example:
DfsrAdmin Membership Set /RgName:UserRG /RfName:Docs
/MemName:contoso\srvr1 /LocalPath:C:\dc\Docs /MembershipEnabled:true
/StagingPath:C:\dc\staging
/MembershipDFSFolder:\\dat
ASKER
I am trying some different things and tried the following:
Dfsradmin membership set /RGName:"larry and moe" /RFName:departments1 /MemName:Juneaucounty\Larr y /LocalPath:D:\departments1
and it gave me command complete (with quotes around name and without /ro:false)
then i tried adding /ro:false to the end of it and it failed again.
Dfsradmin membership set /RGName:"larry and moe" /RFName:departments1 /MemName:Juneaucounty\Larr
and it gave me command complete (with quotes around name and without /ro:false)
then i tried adding /ro:false to the end of it and it failed again.
ASKER
Do you tell if your replication folder is read only? it doesn't say it anywhere
I see, yes, and I would have tried wrapping the replication group's name in quotes as well.
As to your other question, no, we don't have a read-only issue, but then we're not using 2008 R2 for DFS so I don't think it applies at all to us.
How about trying the orginal command again, using the quoted replication group name:
dfsradmin membership set /rgname:"server 2 and server1" /rfname:departments1
/memname:juneaucounty\serv er2 /ro:false
As to your other question, no, we don't have a read-only issue, but then we're not using 2008 R2 for DFS so I don't think it applies at all to us.
How about trying the orginal command again, using the quoted replication group name:
dfsradmin membership set /rgname:"server 2 and server1" /rfname:departments1
/memname:juneaucounty\serv
Better yet, try this unless your server2 actually does have a space between "server" and "2":
dfsradmin membership set /rgname:"server2 and server1" /rfname:departments1
/memname:juneaucounty\serv er2 /ro:false
dfsradmin membership set /rgname:"server2 and server1" /rfname:departments1
/memname:juneaucounty\serv
ASKER
I get this error now
Failed:
The parameter RO is not recognized.
Help:
Usage: Set membership attribute(s)
DfsrAdmin Membership Set
<Membership Addressing Attributes>
[/LocalPath:<value>] -- Local path of the replicated folder
[/DisableDirectoryVerifica tion] -- Disables the creation of the local path
for the replicated folder and modification of any existing security
settings
[/MembershipEnabled:<true/ false>] -- Specifies whether the membership is
enabled
[/StagingPath:<value>] -- Path of the staging folder
[/StagingSize:<value>] -- Size of the staging folder quota
[/CDSize:<value>] -- Size of the Conflict and Deleted folder
[/MembershipDFSFolder:<val ue>] -- Namespace path of the replicated folder
[/IsPrimary:<true/false>] -- Specifies that this membership will act as
the primary membership during initial replication phase
[/MoveDelFiles:<true/false >] -- Move deleted files to conflict and
deleted folder
Type 'DfsrAdmin Membership /?' for addressing attributes
Example:
DfsrAdmin Membership Set /RgName:UserRG /RfName:Docs
/MemName:contoso\srvr1 /LocalPath:C:\dc\Docs /MembershipEnabled:true
/StagingPath:C:\dc\staging /StagingSize:10000 /CDSize:3500
/MembershipDFSFolder:\\dat a\docs /IsPrimary:true
d:\>
Failed:
The parameter RO is not recognized.
Help:
Usage: Set membership attribute(s)
DfsrAdmin Membership Set
<Membership Addressing Attributes>
[/LocalPath:<value>] -- Local path of the replicated folder
[/DisableDirectoryVerifica
for the replicated folder and modification of any existing security
settings
[/MembershipEnabled:<true/
enabled
[/StagingPath:<value>] -- Path of the staging folder
[/StagingSize:<value>] -- Size of the staging folder quota
[/CDSize:<value>] -- Size of the Conflict and Deleted folder
[/MembershipDFSFolder:<val
[/IsPrimary:<true/false>] -- Specifies that this membership will act as
the primary membership during initial replication phase
[/MoveDelFiles:<true/false
deleted folder
Type 'DfsrAdmin Membership /?' for addressing attributes
Example:
DfsrAdmin Membership Set /RgName:UserRG /RfName:Docs
/MemName:contoso\srvr1 /LocalPath:C:\dc\Docs /MembershipEnabled:true
/StagingPath:C:\dc\staging
/MembershipDFSFolder:\\dat
d:\>
ASKER
What do you think of this error?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My AD schema is up-to-date. I found the following command but do not understand it yet.
do you know what this does?
dfsutil property ACL grant \\StandaloneServer\Namespa ce1\Link1
here is the link i found it on
http://www.doctorvis.com/Portals/0/Media/Downloads/DFSUTIL_Syntax.pdf
do you know what this does?
dfsutil property ACL grant \\StandaloneServer\Namespa
here is the link i found it on
http://www.doctorvis.com/Portals/0/Media/Downloads/DFSUTIL_Syntax.pdf
ASKER
I appreciate the help and you were very very helpful!
Thanks again
Thanks again
http://technet.microsoft.com/en-us/library/ee307957(WS.10).aspx