Link to home
Start Free TrialLog in
Avatar of Indyrb
IndyrbFlag for United States of America

asked on

DFS Issue

I have a current DFS namespace named domain.local\public that I am having issues with
I am trying to add a another node to the namespace and add folder target so replication will happen to the new server.

Prior to the new server there was two servers
Server 1    Windows 2003
Server 2    Windows 2008

I am adding Server 3 Windows 2008 R2

The current namespace is in Windows 2000 server mode.


When trying to add the server I get a few issues.
(1) security cannot be set on the replicated folder. the process does not possess the 'sesecurityprivilege' privlege which is required for this operation

(2)  The membership object has not replicated to the local domain controller.
                        On DC, I ran repadmin /syncall
                         and went into each DC in Sites\Services and clicked replicate now

                        On New server I ran dfsrdiag  pollad

             

No replication is happening with the new node, and Replicated Folder is <Not Defined>
Avatar of arnold
arnold
Flag of United States of America image

2003 and 2003 R2, 2008 etc. have separate technologies for replication.
2003 uses NTFRS while 2003 R2 and newer use DFS-replication mechanism.
The only place where ntfsr works between these systems is in replicating sysvol data.



http://www.windowsnetworking.com/articles_tutorials/implementing-dfs-replication.html
Avatar of Indyrb

ASKER

The primary server is windows 2003 R2
It still not replicating for some reason.

Other two server are Windows 2008
Did you update the AD schema with the DFS-R components from Disk 2 on the win2k3 R2??
Can you elevate the AD to windows 2003 native?
Avatar of Indyrb

ASKER

The domain\Forest functional level is windows 2008 I believe, as we have windows 2008 domain controllers.

The DFS says DFS Management is in windows 2000 native mode for namespace.
Which DC's do you have?
If you have any non win 2008 DC, that means you do not have your AD in a 2008 forest/domain level.
Check the ADUC to see what the functional and domain level of AD you have. and raise it to windows 2003 native if possible (As long as you do not have pre 2003 DCs you should be fine).
Avatar of Indyrb

ASKER

Functional level is windows 2008
Avatar of Indyrb

ASKER

Getting error:

The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.

And something aboput share violations
What are the security permissions on the share?
http://support.microsoft.com/kb/911604
Avatar of Indyrb

ASKER

On the DFS-Share folder:

Share permissions as follows:
             Server1\Administrators: Full control    -- each of the other 2 servers have server2\administrators,
server3\administrators, etc.
               Everyone:        Change

Security:
          Server1-3\Administrators: Full control
          Domain Users:  Read and Execute
          System: Full control

It appears to replciate between the two windows 2008 servers, but the Windows 2003 R2 server doesnt get updates, and changes made to the Windows 2003 R@ arent replicated to the Windows 2008 servers.

I didnt set anything specific in ADUC -- Am I suppose too?
Avatar of Indyrb

ASKER

If I create a file on SystemA = Windows 2003, it is replicated to systemb and systemc on windows 2008

If I make a change or create a new file  on windows 2008 it is not replicated to the windows 2003 server.
What is the toppology for the replication group that you selected?
Mesh? HUB Spoke? IF you are on the DC while accessing the ADUC you should see SYSTEM and within DFSR-GlobalSettings data entry.


Did you adprep the AD with the windows 2008 schema prior to joining the 2008 system to the ad?
Domain/forest?
Avatar of Indyrb

ASKER

I assume the adprep was done, as there was a windows 2008 r2 server added, before I did an ything. I sinse added another 2008 r2 server to replication group.
When adding the new replication folder I selected full mesh. Where do I go to verify the other two.

The domain is windows 2008 functional level.

I do see the global settings in aduc, what am I changing or doing.
Forest level?
within ADUC on the DC can you see a System folder?
Within it do you see a DFSR-GlobalSettings?

Check the replication for the group to see whether you have connections from servera to serverb servera to serverc server b to server a serverb to serverc serverc to servera serverc to serverb.

I.e. for three replication group members you should have six connections a pair for each set of nodes.
within DFS management click on the replication group and then view topology.
The other issue deals with the DFS replication schedule, bdanwidth and space for staging.
Avatar of Indyrb

ASKER

Forest is 2008 as well. In the aduc folder is has 3 guids with 2 guid connections per folder.
I have no idea what you mean by the last set.
Using DFS management, replication group, how many connections are there?
Each sending node should have the other two nodes in the list as the receiving nodes if you have a mesh.
Use the verify topology to see if the issue can be detected/resolved.
Does any node have multiple IPs that one of replication partners can not reach i.e. servera has IP 192.168.1.10 and 192.168.2.10 while serverC only has 192.168.1.50.  When serverC tries to replicate it is as likely to try to send the data to 192.168.1.10 as it is to 192.168.2.10 and that might be where your issue lies.
In a mesh the replication even if serverC to serverB does not work, serverC to serverA should and at that point the replication from ServerA to ServerB might complete the circle.


In your scenario, it is unclear to me where the issue is.
You can try and add a connection to the replication group in an to see what is at fault.
Check the properties of each connection to make sure that "enable replication on this connection" is checked. You may also want to check the enable RDC.
Avatar of Indyrb

ASKER

I ran Adprep and it said it was already updated...

I looked under connections in DFS and it is as follows:
Its weird SERVER A updates are replicated to B and C
Updates added to SERVER B or C are not replicated to A
Updates added to SERVER B or C are replicated to B or C
Chose Verify Topology and it says it is fully connected. Data can replicate throughout the topology

Sending member  SERVERA
      SERVER A                       SERVERB
      SERVER A                       SERVERC

Sending member  SERVERB
      SERVER B                       SERVERA
      SERVER B                       SERVERC

Sending member  SERVERC
      SERVER C                       SERVERA
      SERVER C                       SERVERB
Check the property of each connection where ServerA is the receiver to make sure the option "enable replication over this connection" is checked.
Avatar of Indyrb

ASKER

Its enabled on ALL.
Go through the replication group and create a new topology which at the conclusion of the process will wipe/recreate the connections and see whether that addresses/resolves the issue.  Are there any DFSR errors on serverB/ServerC dealing with data replication to serverA?
Are there any errors on serverA that deal with the prevention of the data replication?
How much staging space is allocated versus the maximum size of files replicated?

The new Topology should reflect that six connections will be created.
Do you have RDC (remote differential compression) enabled as well?
If you create a 2k file on ServerB does it make its way to serverA?

generate a report for the replication group to see whether it may reveal the issue that is preventing the data flow to serverA.
Avatar of Indyrb

ASKER

I cleaned out the event log -- restarting DFS services and will see what alerts\events come up
I recreated topology, like you mentioned and it is FULL MESH all enabled, and RDC is enabled as well.
Created file on each server as follows

Server:   SERVERA
Filename: SERVERATEST
Replicated: SERVERB   SERVERC

Server:   SERVERB
Filename: SERVERBTEST
Replicated: SERVERC  (not SERVERA)

Server:   SERVERC
Filename: SERVERCTEST
Replicated: SERVERB  (not SERVERA)
Avatar of Indyrb

ASKER

The DFS Replication service has been repeatedly prevented from replicating a file due to consistent sharing violations encountered on the file. The service failed to stage a file for replication due to a sharing violation.  Event 4304 on serverA


File Path: D:\DFS-Shares\Shares\xxxx\xxxx\xxx\xxxx\2011-2012\New folder
Replicated Folder Root: D:\DFS-Shares
File ID: {2C032FBD-674D-403A-A4A7-QBC433123853}-v5437078
Replicated Folder Name: DFS-Shares
Replicated Folder ID: EC467C72-5954-42AB-92B9-Q01FEC4B6932
Replication Group Name:domain.local\public\dfs-shares
Replication Group ID: AC3A3800-70E4-4B0F-8119-Q3EB20B04B76
Member ID: CC4C9764-3B75-45FD-9C15-ECC41F365C21


The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.  Event 6002 on ServerC
Avatar of Indyrb

ASKER

Server C is the brand new Windows 2008 R2 server, getting

The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.  Event 6002
Avatar of Indyrb

ASKER

DFS Report:

SERVERC:   Error
Inconsistent configuration detected (invalid object).  
Affected replicated folders: All replicated folders on this server.
Description: The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.

One or more replicated folders have content skipped by DFS Replication.  
Affected replicated folders: DFS-Shares
Description: DFS Replication does not replicate certain files in the replicated folders listed above because they have temporary attribute set, or they are symbolic links . This problem is affecting at least 4 files in 1 replicated folders (up to 100 occurences per replicated folder are reported). Event ID: 11004


SERVERB:
One or more replicated folders have content skipped by DFS Replication.

DFS Replication does not replicate certain files in the replicated folders listed above because they have temporary attribute set, or they are symbolic links . This problem is affecting at least 1 files in 1 replicated folders (up to 100 occurences per replicated folder are reported). Event ID: 11004

Pre-existing content is not replicated and is consuming disk space.


SERVERA:
One or more replicated folders have sharing violations.  
Affected replicated folders: DFS-Shares
Description: Due to ongoing sharing violations, DFS Replication cannot replicate files in the replicated folders listed above. This problem is affecting 1 files in 1 replicated folders. Event ID: 4302
Sharing vioaltion deals with the file being in use when replication is attempted.
http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/6aa7f107-9c00-436a-aa8b-5223cf3876bd

Can you setup a brand new folder for DFS replication group and see if the issues that exist for this setup exist in that one.
Avatar of Indyrb

ASKER

How do you upgrade namespace to windows 2008 mode.

Issue:
The following domain-based namespace meets the prerequisites for using the Windows Server 2008 mode, but is instead using the Windows 2000 Server mode. Namespace: \\domain\Public
Check the ADUC domain level and AD forest level.
Did you run schema update for the DFS

You have to get your domain and forest levels to 2003 native at least.  You can not go to 2008 if you have 2003 DCs

http://support.microsoft.com/kb/898900
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Indyrb

ASKER

Thanks for the reply --- I will be working on this next week.
Avatar of Indyrb

ASKER

I am ready to try to migrate the namespace to 2008. When I do, will all access to the DFS shares cease?
The document seems to suggest that the existing name space will be suspended until reinitialized so it is safe to assume that during this phase access might be temporarily down.
Avatar of Indyrb

ASKER

I am seeing some weird behavior. We built a windows 2008 server R2 and added to the namespace and referal. We decomissioned the old 2003 server and rebuilt it to 2008 R2 as well.

Now for some reasons, users are reporting constent lock-ups and disconnects from the DFS-Shares
Home directories and shares,
Which workstation pre vista/windows 7?
windows 2008 advanced firewall settings, you may need to enable smbv2 on the Domain network.
Ipv6/ipv4 issue?
Avatar of Indyrb

ASKER

I believe they are windows 7 or vista -- i will double check.
The windows firewall service was disabled. so I turned it on, set to automatic
and in each profile - i turned off firewall
Would it cause an issue if service was disabled?
I dont see where to enable smbv2 - where is that
Go into windows firewall, advanced firewall settings and there you should see the default set of rules that are active/disabled and the "network" to which they apply "domain", "public", etc.

But you have to see which/whether your system logs the errors when the access appears to be lost.

Which service do you mean will be disabled?
Avatar of Indyrb

ASKER

Inside services, the windows firewall service was orginally disabled.
Would this cause communication issues inside windows 2008 r2
I renabled and then in properties of firewall settings choose "off"
Did this alter the behavior and fix your issue?
The initial dfs request goes to the DC's and then the redirection to DFS targets.
What is the error code if any when you try to access the dfs using net use <driveletter>: \\yourdomain\rootifany\sharename?
does it make a difference if you use yourdomain.local as the complete AD domain name with the example above??
Avatar of Indyrb

ASKER

I dont think it changed much. However File-B (the new) Windows 2008 R2 is back online.
This file server is in their location.
Now people are getting permission errors, access denied. when accessing the user (home) drive.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial