Bertling
asked on
"access denied" when creating/editiing data on DFS share in branch office
Hi There,
we have a DFS replication configured on 2 of our servers:
server-1.domain.local in HQ
server-2.domain.local in branch
Both are Server 2008 R2
There is a site to site VPN between the 2 sites and AD sites and services is correctly configured with the subnets.
there is a DFS namespace called \\domain.local\data of which both server-1 and server-2 replicate.
from server-1 i can access the share \\domain.local\data and create/modify/delete documents. This changes are near instantly synced over to server-2.
If i access \\domain.local\data from server-2 and try to edit, create or delete anything i always get an access denied and the default windows option to "Try Again".
please can anyone advise why this is happening? it still works well a a backup which is great but we want to enable this to be 2 way sync.
thanks,
mike
we have a DFS replication configured on 2 of our servers:
server-1.domain.local in HQ
server-2.domain.local in branch
Both are Server 2008 R2
There is a site to site VPN between the 2 sites and AD sites and services is correctly configured with the subnets.
there is a DFS namespace called \\domain.local\data of which both server-1 and server-2 replicate.
from server-1 i can access the share \\domain.local\data and create/modify/delete documents. This changes are near instantly synced over to server-2.
If i access \\domain.local\data from server-2 and try to edit, create or delete anything i always get an access denied and the default windows option to "Try Again".
please can anyone advise why this is happening? it still works well a a backup which is great but we want to enable this to be 2 way sync.
thanks,
mike
are you trying to edit the DFS share on both servers with the same user and this user is a member of which domain group?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When setting up a namespace, the default permission set for the SHARE permission is Everyone READ ONLY. Since you are local to server1, you are actually bypassing the share permission to the namespace. When accessing server 2, you are actually remotely accessing the share via a remote computer and will end up with a read only permission set. If I am not mistaken, I had to break the namespace and recreate it to make sure the SHARE permissions were set to Everyone Full control. Then, I was able to use the NTFS permissions to explicitly design the permissions to individual shares within the namespace.