[Last Call] Learn how to a build a cloud-first strategyRegister Now


"access denied" when creating/editiing data on DFS share in branch office

Posted on 2011-10-28
Medium Priority
Last Modified: 2012-05-12
Hi There,

we have a DFS replication configured on 2 of our servers:

server-1.domain.local in HQ
server-2.domain.local in branch

Both are Server 2008 R2

There is a site to site VPN between the 2 sites and AD sites and services is correctly configured with the subnets.

there is a DFS namespace called \\domain.local\data of which both server-1 and server-2 replicate.

from server-1 i can access the share \\domain.local\data and create/modify/delete documents. This changes are near instantly synced over to server-2.

If i access \\domain.local\data from server-2 and try to edit, create or delete anything i always get an access denied and the default windows option to "Try Again".

please can anyone advise why this is happening? it still works well a a backup which is great but we want to enable this to be 2 way sync.


Question by:Bertling

Expert Comment

ID: 37050605
are you trying to edit the DFS share on both servers with the same user and this user is a member of which domain group?

Accepted Solution

jzaniewski earned 2000 total points
ID: 37051035
To create 2-Way replication, you would need to have both targets (the folder on server-1 and the matched folder on server-2) assigned to the DFS namespace.  Second you would need to enable replication - which I assume is already done. You would also need to make sure that replication is being performed in both directions. If you click on the replication folder and click on the "Connection" tab, you should see the "Sending Member" and the "Receiving Member".  If you want replication in both directions, make sure that the entries are correct.
LVL 39

Expert Comment

ID: 37052497
When setting up a namespace, the default permission set for the SHARE permission is Everyone READ ONLY. Since you are local to server1, you are actually bypassing the share permission to the namespace. When accessing server 2, you are actually remotely accessing the share via a remote computer and will end up with a read only permission set. If I am not mistaken, I had to break the namespace and recreate it to make sure the SHARE permissions were set to Everyone Full control. Then, I was able to use the NTFS permissions to explicitly design the permissions to individual shares within the namespace.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question