"access denied" when creating/editiing data on DFS share in branch office

Posted on 2011-10-28
Last Modified: 2012-05-12
Hi There,

we have a DFS replication configured on 2 of our servers:

server-1.domain.local in HQ
server-2.domain.local in branch

Both are Server 2008 R2

There is a site to site VPN between the 2 sites and AD sites and services is correctly configured with the subnets.

there is a DFS namespace called \\domain.local\data of which both server-1 and server-2 replicate.

from server-1 i can access the share \\domain.local\data and create/modify/delete documents. This changes are near instantly synced over to server-2.

If i access \\domain.local\data from server-2 and try to edit, create or delete anything i always get an access denied and the default windows option to "Try Again".

please can anyone advise why this is happening? it still works well a a backup which is great but we want to enable this to be 2 way sync.


Question by:Bertling
    LVL 7

    Expert Comment

    are you trying to edit the DFS share on both servers with the same user and this user is a member of which domain group?
    LVL 6

    Accepted Solution

    To create 2-Way replication, you would need to have both targets (the folder on server-1 and the matched folder on server-2) assigned to the DFS namespace.  Second you would need to enable replication - which I assume is already done. You would also need to make sure that replication is being performed in both directions. If you click on the replication folder and click on the "Connection" tab, you should see the "Sending Member" and the "Receiving Member".  If you want replication in both directions, make sure that the entries are correct.
    LVL 38

    Expert Comment

    When setting up a namespace, the default permission set for the SHARE permission is Everyone READ ONLY. Since you are local to server1, you are actually bypassing the share permission to the namespace. When accessing server 2, you are actually remotely accessing the share via a remote computer and will end up with a read only permission set. If I am not mistaken, I had to break the namespace and recreate it to make sure the SHARE permissions were set to Everyone Full control. Then, I was able to use the NTFS permissions to explicitly design the permissions to individual shares within the namespace.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now