?
Solved

DFS Issue

Posted on 2011-10-13
38
Medium Priority
?
6,817 Views
Last Modified: 2012-05-12
I have a current DFS namespace named domain.local\public that I am having issues with
I am trying to add a another node to the namespace and add folder target so replication will happen to the new server.

Prior to the new server there was two servers
Server 1    Windows 2003
Server 2    Windows 2008

I am adding Server 3 Windows 2008 R2

The current namespace is in Windows 2000 server mode.


When trying to add the server I get a few issues.
(1) security cannot be set on the replicated folder. the process does not possess the 'sesecurityprivilege' privlege which is required for this operation

(2)  The membership object has not replicated to the local domain controller.
                        On DC, I ran repadmin /syncall
                         and went into each DC in Sites\Services and clicked replicate now

                        On New server I ran dfsrdiag  pollad

             

No replication is happening with the new node, and Replicated Folder is <Not Defined>
0
Comment
Question by:Indyrb
  • 21
  • 17
38 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 36968811
2003 and 2003 R2, 2008 etc. have separate technologies for replication.
2003 uses NTFRS while 2003 R2 and newer use DFS-replication mechanism.
The only place where ntfsr works between these systems is in replicating sysvol data.



http://www.windowsnetworking.com/articles_tutorials/implementing-dfs-replication.html
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36969211
The primary server is windows 2003 R2
It still not replicating for some reason.

Other two server are Windows 2008
0
 
LVL 81

Expert Comment

by:arnold
ID: 36969426
Did you update the AD schema with the DFS-R components from Disk 2 on the win2k3 R2??
Can you elevate the AD to windows 2003 native?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 5

Author Comment

by:Indyrb
ID: 36969461
The domain\Forest functional level is windows 2008 I believe, as we have windows 2008 domain controllers.

The DFS says DFS Management is in windows 2000 native mode for namespace.
0
 
LVL 81

Expert Comment

by:arnold
ID: 36969493
Which DC's do you have?
If you have any non win 2008 DC, that means you do not have your AD in a 2008 forest/domain level.
Check the ADUC to see what the functional and domain level of AD you have. and raise it to windows 2003 native if possible (As long as you do not have pre 2003 DCs you should be fine).
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36969571
Functional level is windows 2008
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36980842
Getting error:

The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.

And something aboput share violations
0
 
LVL 81

Expert Comment

by:arnold
ID: 36980918
What are the security permissions on the share?
http://support.microsoft.com/kb/911604
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36981560
On the DFS-Share folder:

Share permissions as follows:
             Server1\Administrators: Full control    -- each of the other 2 servers have server2\administrators,
server3\administrators, etc.
               Everyone:        Change

Security:
          Server1-3\Administrators: Full control
          Domain Users:  Read and Execute
          System: Full control

It appears to replciate between the two windows 2008 servers, but the Windows 2003 R2 server doesnt get updates, and changes made to the Windows 2003 R@ arent replicated to the Windows 2008 servers.

I didnt set anything specific in ADUC -- Am I suppose too?
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36981709
If I create a file on SystemA = Windows 2003, it is replicated to systemb and systemc on windows 2008

If I make a change or create a new file  on windows 2008 it is not replicated to the windows 2003 server.
0
 
LVL 81

Expert Comment

by:arnold
ID: 36982055
What is the toppology for the replication group that you selected?
Mesh? HUB Spoke? IF you are on the DC while accessing the ADUC you should see SYSTEM and within DFSR-GlobalSettings data entry.


Did you adprep the AD with the windows 2008 schema prior to joining the 2008 system to the ad?
Domain/forest?
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36982334
I assume the adprep was done, as there was a windows 2008 r2 server added, before I did an ything. I sinse added another 2008 r2 server to replication group.
When adding the new replication folder I selected full mesh. Where do I go to verify the other two.

The domain is windows 2008 functional level.

I do see the global settings in aduc, what am I changing or doing.
0
 
LVL 81

Expert Comment

by:arnold
ID: 36982604
Forest level?
within ADUC on the DC can you see a System folder?
Within it do you see a DFSR-GlobalSettings?

Check the replication for the group to see whether you have connections from servera to serverb servera to serverc server b to server a serverb to serverc serverc to servera serverc to serverb.

I.e. for three replication group members you should have six connections a pair for each set of nodes.
within DFS management click on the replication group and then view topology.
The other issue deals with the DFS replication schedule, bdanwidth and space for staging.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36983075
Forest is 2008 as well. In the aduc folder is has 3 guids with 2 guid connections per folder.
0
 
LVL 81

Expert Comment

by:arnold
ID: 36983759
I have no idea what you mean by the last set.
Using DFS management, replication group, how many connections are there?
Each sending node should have the other two nodes in the list as the receiving nodes if you have a mesh.
Use the verify topology to see if the issue can be detected/resolved.
Does any node have multiple IPs that one of replication partners can not reach i.e. servera has IP 192.168.1.10 and 192.168.2.10 while serverC only has 192.168.1.50.  When serverC tries to replicate it is as likely to try to send the data to 192.168.1.10 as it is to 192.168.2.10 and that might be where your issue lies.
In a mesh the replication even if serverC to serverB does not work, serverC to serverA should and at that point the replication from ServerA to ServerB might complete the circle.


In your scenario, it is unclear to me where the issue is.
You can try and add a connection to the replication group in an to see what is at fault.
Check the properties of each connection to make sure that "enable replication on this connection" is checked. You may also want to check the enable RDC.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36987163
I ran Adprep and it said it was already updated...

I looked under connections in DFS and it is as follows:
Its weird SERVER A updates are replicated to B and C
Updates added to SERVER B or C are not replicated to A
Updates added to SERVER B or C are replicated to B or C
Chose Verify Topology and it says it is fully connected. Data can replicate throughout the topology

Sending member  SERVERA
      SERVER A                       SERVERB
      SERVER A                       SERVERC

Sending member  SERVERB
      SERVER B                       SERVERA
      SERVER B                       SERVERC

Sending member  SERVERC
      SERVER C                       SERVERA
      SERVER C                       SERVERB
0
 
LVL 81

Expert Comment

by:arnold
ID: 36987625
Check the property of each connection where ServerA is the receiver to make sure the option "enable replication over this connection" is checked.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36987742
Its enabled on ALL.
0
 
LVL 81

Expert Comment

by:arnold
ID: 36987780
Go through the replication group and create a new topology which at the conclusion of the process will wipe/recreate the connections and see whether that addresses/resolves the issue.  Are there any DFSR errors on serverB/ServerC dealing with data replication to serverA?
Are there any errors on serverA that deal with the prevention of the data replication?
How much staging space is allocated versus the maximum size of files replicated?

The new Topology should reflect that six connections will be created.
Do you have RDC (remote differential compression) enabled as well?
If you create a 2k file on ServerB does it make its way to serverA?

generate a report for the replication group to see whether it may reveal the issue that is preventing the data flow to serverA.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36988363
I cleaned out the event log -- restarting DFS services and will see what alerts\events come up
I recreated topology, like you mentioned and it is FULL MESH all enabled, and RDC is enabled as well.
Created file on each server as follows

Server:   SERVERA
Filename: SERVERATEST
Replicated: SERVERB   SERVERC

Server:   SERVERB
Filename: SERVERBTEST
Replicated: SERVERC  (not SERVERA)

Server:   SERVERC
Filename: SERVERCTEST
Replicated: SERVERB  (not SERVERA)
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36988390
The DFS Replication service has been repeatedly prevented from replicating a file due to consistent sharing violations encountered on the file. The service failed to stage a file for replication due to a sharing violation.  Event 4304 on serverA


File Path: D:\DFS-Shares\Shares\xxxx\xxxx\xxx\xxxx\2011-2012\New folder
Replicated Folder Root: D:\DFS-Shares
File ID: {2C032FBD-674D-403A-A4A7-QBC433123853}-v5437078
Replicated Folder Name: DFS-Shares
Replicated Folder ID: EC467C72-5954-42AB-92B9-Q01FEC4B6932
Replication Group Name:domain.local\public\dfs-shares
Replication Group ID: AC3A3800-70E4-4B0F-8119-Q3EB20B04B76
Member ID: CC4C9764-3B75-45FD-9C15-ECC41F365C21


The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.  Event 6002 on ServerC
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36988543
Server C is the brand new Windows 2008 R2 server, getting

The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.  Event 6002
0
 
LVL 5

Author Comment

by:Indyrb
ID: 36988745
DFS Report:

SERVERC:   Error
Inconsistent configuration detected (invalid object).  
Affected replicated folders: All replicated folders on this server.
Description: The DFS Replication service detected invalid msDFSR-Subscriber object data while polling for configuration information.

One or more replicated folders have content skipped by DFS Replication.  
Affected replicated folders: DFS-Shares
Description: DFS Replication does not replicate certain files in the replicated folders listed above because they have temporary attribute set, or they are symbolic links . This problem is affecting at least 4 files in 1 replicated folders (up to 100 occurences per replicated folder are reported). Event ID: 11004


SERVERB:
One or more replicated folders have content skipped by DFS Replication.

DFS Replication does not replicate certain files in the replicated folders listed above because they have temporary attribute set, or they are symbolic links . This problem is affecting at least 1 files in 1 replicated folders (up to 100 occurences per replicated folder are reported). Event ID: 11004

Pre-existing content is not replicated and is consuming disk space.


SERVERA:
One or more replicated folders have sharing violations.  
Affected replicated folders: DFS-Shares
Description: Due to ongoing sharing violations, DFS Replication cannot replicate files in the replicated folders listed above. This problem is affecting 1 files in 1 replicated folders. Event ID: 4302
0
 
LVL 81

Expert Comment

by:arnold
ID: 36989100
Sharing vioaltion deals with the file being in use when replication is attempted.
http://social.technet.microsoft.com/Forums/en/winserverfiles/thread/6aa7f107-9c00-436a-aa8b-5223cf3876bd

Can you setup a brand new folder for DFS replication group and see if the issues that exist for this setup exist in that one.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 37017872
How do you upgrade namespace to windows 2008 mode.

Issue:
The following domain-based namespace meets the prerequisites for using the Windows Server 2008 mode, but is instead using the Windows 2000 Server mode. Namespace: \\domain\Public
0
 
LVL 81

Expert Comment

by:arnold
ID: 37017901
Check the ADUC domain level and AD forest level.
Did you run schema update for the DFS

You have to get your domain and forest levels to 2003 native at least.  You can not go to 2008 if you have 2003 DCs

http://support.microsoft.com/kb/898900
0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 37017915
0
 
LVL 5

Author Comment

by:Indyrb
ID: 37076834
Thanks for the reply --- I will be working on this next week.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 37145686
I am ready to try to migrate the namespace to 2008. When I do, will all access to the DFS shares cease?
0
 
LVL 81

Expert Comment

by:arnold
ID: 37149557
The document seems to suggest that the existing name space will be suspended until reinitialized so it is safe to assume that during this phase access might be temporarily down.
0
 
LVL 5

Author Comment

by:Indyrb
ID: 37161303
I am seeing some weird behavior. We built a windows 2008 server R2 and added to the namespace and referal. We decomissioned the old 2003 server and rebuilt it to 2008 R2 as well.

Now for some reasons, users are reporting constent lock-ups and disconnects from the DFS-Shares
Home directories and shares,
0
 
LVL 81

Expert Comment

by:arnold
ID: 37161429
Which workstation pre vista/windows 7?
windows 2008 advanced firewall settings, you may need to enable smbv2 on the Domain network.
Ipv6/ipv4 issue?
0
 
LVL 5

Author Comment

by:Indyrb
ID: 37161800
I believe they are windows 7 or vista -- i will double check.
The windows firewall service was disabled. so I turned it on, set to automatic
and in each profile - i turned off firewall
Would it cause an issue if service was disabled?
I dont see where to enable smbv2 - where is that
0
 
LVL 81

Expert Comment

by:arnold
ID: 37162423
Go into windows firewall, advanced firewall settings and there you should see the default set of rules that are active/disabled and the "network" to which they apply "domain", "public", etc.

But you have to see which/whether your system logs the errors when the access appears to be lost.

Which service do you mean will be disabled?
0
 
LVL 5

Author Comment

by:Indyrb
ID: 37162914
Inside services, the windows firewall service was orginally disabled.
Would this cause communication issues inside windows 2008 r2
I renabled and then in properties of firewall settings choose "off"
0
 
LVL 81

Expert Comment

by:arnold
ID: 37164116
Did this alter the behavior and fix your issue?
The initial dfs request goes to the DC's and then the redirection to DFS targets.
What is the error code if any when you try to access the dfs using net use <driveletter>: \\yourdomain\rootifany\sharename?
does it make a difference if you use yourdomain.local as the complete AD domain name with the example above??
0
 
LVL 5

Author Comment

by:Indyrb
ID: 37171009
I dont think it changed much. However File-B (the new) Windows 2008 R2 is back online.
This file server is in their location.
Now people are getting permission errors, access denied. when accessing the user (home) drive.
0
 
LVL 81

Assisted Solution

by:arnold
arnold earned 2000 total points
ID: 37171194
Check permissions.

Do you use domain based security settings i.e. domain\users have this type of access etc.
Check the effective permissions to see what might be interferring.

Too many things to look at which makes diagnossing the main difficulty.
Enable auditing on the share (properties of the shared folder on the server, advanced, auditing tab, limit the auditing to the users who are experiencing this issue on both systems and then check the local security event log for the failed access issues.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question