DFS problem with main domain controller
Hi,
I have 2 Windows 2003 domain controller.
And when a user computer boots, it can get either the dc1 or the dc2 has a authentication dc.
When they get dc2: they are able to see the whole DFS tree.
But when they get dc1: they see no folder in the trees.
When I look at my DFS Consol: I see my domain \\m.local\DossiersMaitres and the root target all says CHECK OK
I'm not to sure what is the relation between the dfs consol and the kinda virtual shares located on each servers but ...
But if I open the remote share of the dc1 \\srv-max\DossiersMaitres = it is empty
When I open the remote share \\srv-fs1\DossiersMaitres = I see all the little shortcuts.
So I guess the problem lies right at this discrepancy.
Could be relate to the "Distributed File System Replication"
tx!
I have 2 Windows 2003 domain controller.
And when a user computer boots, it can get either the dc1 or the dc2 has a authentication dc.
When they get dc2: they are able to see the whole DFS tree.
But when they get dc1: they see no folder in the trees.
When I look at my DFS Consol: I see my domain \\m.local\DossiersMaitres and the root target all says CHECK OK
I'm not to sure what is the relation between the dfs consol and the kinda virtual shares located on each servers but ...
But if I open the remote share of the dc1 \\srv-max\DossiersMaitres = it is empty
When I open the remote share \\srv-fs1\DossiersMaitres = I see all the little shortcuts.So I guess the problem lies right at this discrepancy.
Could be relate to the "Distributed File System Replication"
tx!
Are there any errors in the DFS event log? There should also be a way to verify topology to ensure that replication is happening (just because the servers are online and replication is enabled doesn't mean that it is happening.)
ASKER
I see errors but on some next message they seems to have corrected..
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Unless both servers are 2003 R2, DFS-R cannot be used. 2003 only supports FRS.
ASKER
I don't know what option to input for a Dfsutil query... if you can let me know.
Here's the output of the dcdiag /v
dcdiagpj.txt
srv-max is a 2003 smb and srv-fs1 is a 2003 r2.
Been working for 5 years.
Here's the output of the dcdiag /v
dcdiagpj.txt
srv-max is a 2003 smb and srv-fs1 is a 2003 r2.
Been working for 5 years.
Agree Cliff' the issue raised here deals with access, not replication.
I.e. \m.local\dossiermatress
Supposed to function the same whether it hits dc1 or dc2 has to reflect the same referrals.
The complaint is that the AD replication of the dfs data is not complete which would explain why one DC does not have the referral information.
Replication is likely setup between the member servers.
Has the AD been upgraded with adprep using the install media of the dfs target server which would build-up the dfs name space .....
I.e. \m.local\dossiermatress
Supposed to function the same whether it hits dc1 or dc2 has to reflect the same referrals.
The complaint is that the AD replication of the dfs data is not complete which would explain why one DC does not have the referral information.
Replication is likely setup between the member servers.
Has the AD been upgraded with adprep using the install media of the dfs target server which would build-up the dfs name space .....
ASKER
"Has the AD been upgraded with adprep using the install media of the dfs target server which would build-up the dfs name space ..... "
No changes were done. There was a power faillure on august 5th and dfs problem appeared at servers reboot
No changes were done. There was a power faillure on august 5th and dfs problem appeared at servers reboot
ASKER
Did a dcdiag on my second dc and seems good also.
pjdcdiagFS1.txt
pjdcdiagFS1.txt
ASKER
Can someone explain to me why there is a whole DossiersMaitres folder systeme on my FS1 server with all the shares I have showing with the "shortcut arrow".
And there is also one folder DossiersMaitres on my MAX server but this one countains nothing?
And there is also one folder DossiersMaitres on my MAX server but this one countains nothing?
ASKER
Hmmm. just noticed something really weird...
As mentionne up there: when I remotly open the share srv-max/dossiersMaitres it IS empty and when I do the same on srv-fs1/DossiersMaitres I see all my shares shortcuts BUT...
When I go under "Computer Management" and "Shared Folders" then "Shares and do "OPEN" on the share "DossiersMaitres" it is the opposite on both servers?! On srv-max I see stuff and on srv-fs1 it is empty!
Make even less sens...
As mentionne up there: when I remotly open the share srv-max/dossiersMaitres it IS empty and when I do the same on srv-fs1/DossiersMaitres I see all my shares shortcuts BUT...
When I go under "Computer Management" and "Shared Folders" then "Shares and do "OPEN" on the share "DossiersMaitres" it is the opposite on both servers?! On srv-max I see stuff and on srv-fs1 it is empty!
Make even less sens...
Post the image of dfs management on the target servers, are the srv-fs1 and srv-max part of a dfs-replication group?
What os is running on the srv-fs1 and srv-max? If it is pre 2003 R2 replication is done using FRS and usually has issues if files are larger 65535bytes., mainly FRS has issued. Dfs-r was introduced in 2003 R2 that is a much more robust data replicating tool.
Because you make something a dfs target, the data has to be copied/replicated by other means. Is
Your current clarifies that clears the issue from the DCs.
What os is running on the srv-fs1 and srv-max? If it is pre 2003 R2 replication is done using FRS and usually has issues if files are larger 65535bytes., mainly FRS has issued. Dfs-r was introduced in 2003 R2 that is a much more robust data replicating tool.
Because you make something a dfs target, the data has to be copied/replicated by other means. Is
Your current clarifies that clears the issue from the DCs.
ASKER
arnold:
1- I posted up there the dfs management screen I get... it seems generic to the Domain and not a specific server
On SRV-FS1 it is windows 2003 R2
On srv-MAx it is 2003 SBE
Concerning the replication:
Just to clarify what we are talking about here: FS1 is the file server and I DO NOT replicate my files to Max.
The only thing I can think of that are beeing replicated is that weird "dfs folder tree" that I see on the C: drive of both servers
it's like dfs creates a list on each server C: drive of the folder that are added to the dfs tree but the content is EMPTY. like pointers...
and here I can see that this "ghosts" list of folders are not replicated on both servers.
1- I posted up there the dfs management screen I get... it seems generic to the Domain and not a specific server
On SRV-FS1 it is windows 2003 R2On srv-MAx it is 2003 SBE
Concerning the replication:
Just to clarify what we are talking about here: FS1 is the file server and I DO NOT replicate my files to Max.
The only thing I can think of that are beeing replicated is that weird "dfs folder tree" that I see on the C: drive of both servers
it's like dfs creates a list on each server C: drive of the folder that are added to the dfs tree but the content is EMPTY. like pointers...and here I can see that this "ghosts" list of folders are not replicated on both servers.
ASKER
Ok let see this from another angle. Forget the DFS part and let just focus on the "Shares" parts.
Ok, I'm on srv-max.
I go to "computer management",
Shares
And here's what I see:
When I right click on the link and do OPEN, I see the content
But if I do \\srv-max\ and click on DossiersMaitres: I DON'T SEE the content.
I guess if we can fix this share bug, then the DFS but will get fix at the same time
Ok, I'm on srv-max.
I go to "computer management",
Shares
And here's what I see:
When I right click on the link and do OPEN, I see the contentBut if I do \\srv-max\ and click on DossiersMaitres: I DON'T SEE the content.I guess if we can fix this share bug, then the DFS but will get fix at the same time
Did you turn on access based enumeration? Thats expected behavior if you did and the underlying permissions are set as such. Not a bug.
ASKER
"Access based enumeration" is not turned on...
What I also just noticed is that when I reboot a computer a couple of times, it will eventually see the shares.... even if it STILL uses srv-max as an authentication server....??! So it is an intermittent problem.
What I also just noticed is that when I reboot a computer a couple of times, it will eventually see the shares.... even if it STILL uses srv-max as an authentication server....??! So it is an intermittent problem.
The subfolders appear to be links versus targets.......
ASKER
I noticed something that appears at the same time: it's a GPO problem 1058. With my research it should be related to dfs also.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 8/9/2017
Time: 3:08:12 PM
User: NT AUTHORITY\SYSTEM
Computer: SRV-MAX
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 8/9/2017
Time: 3:08:12 PM
User: NT AUTHORITY\SYSTEM
Computer: SRV-MAX
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I tried deleting the GPO to see if it was just corrupted but the message reappears with the next gpo...
Does this provides any clues?
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 8/9/2017
Time: 3:08:12 PM
User: NT AUTHORITY\SYSTEM
Computer: SRV-MAX
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 8/9/2017
Time: 3:08:12 PM
User: NT AUTHORITY\SYSTEM
Computer: SRV-MAX
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I tried deleting the GPO to see if it was just corrupted but the message reappears with the next gpo...
Does this provides any clues?
gpo ACCESS DENIED means the GPO is configured with user GPO, but based on security filter your account lacks rights. this GPO might be mean to apply to a specific user/group that you are not part.
IMHO, it is always a mistake to delete something as a test without any reason to do so.
The issue is that I am confused about your setup, you mentioned that you have dc1 and dc2 and then you have a DSF root setup on \\muc.local
the targets are srv-fs1 and srv-max. the issue with DFS is that it only handles the publishing of the share, it does not handle the data synchronization which is how srv-fs1 and srv-max data can be synchrnoized using frs on pre 2003 R2 system or dfs-replication for 2003 R2 and newer systems.
if you setup DFS between two hosts, but there is no data replication frs or DFS-R. whenever data is written to one, it will not be there should the referral of DFS points to the other.....
GPO issues are unrelated to DFS as a general matter..
IMHO, it is always a mistake to delete something as a test without any reason to do so.
The issue is that I am confused about your setup, you mentioned that you have dc1 and dc2 and then you have a DSF root setup on \\muc.local
the targets are srv-fs1 and srv-max. the issue with DFS is that it only handles the publishing of the share, it does not handle the data synchronization which is how srv-fs1 and srv-max data can be synchrnoized using frs on pre 2003 R2 system or dfs-replication for 2003 R2 and newer systems.
if you setup DFS between two hosts, but there is no data replication frs or DFS-R. whenever data is written to one, it will not be there should the referral of DFS points to the other.....
GPO issues are unrelated to DFS as a general matter..
ASKER
The GPO errors are on both domain controllers not user's computers: no permission errors possible.
I deleted it because there is a procedure to troubleshoot this and the next possibility was "corrupted gpo"
Yes: domain name is muc.local and I have 2 dc: dc1= srv-max (win2003smb) and dc2 = srv-fs1 (win2003 std r2)
Like I mentionned: the "user datas" of the file server on srv-fs1 is not replicated. The only thing I guess is synchronisez are the dfs folder links that are located on both servers which I guess dfs creates to make their dfs working.
I see those errors related because I got this:
https://www.experts-exchange.com/articles/1073/Diagnosing-and-repairing-Events-1030-and-1058.html
"2) then replicated as a DFS (Distributive File shares) using FRS (File Replication Service), or DFSR (Distributive File Share Replication) between domain servers using DNS as the communications protocol;"
"--Sometimes you may have problems with File Replication Services, which almost always indicates a problem with DNS"
"A) If your errors are logged every 5 minutes, it usually means a server to server error. This would imply a file replication issue or permissions issue on the Sysvol folder."
"1)FRS REPLICATION PROBLEMS:
--NOTE: FIX DNS FIRST: (Get help if needed)
If you are running into FRS replication problems, almost always, you have a problem with DNS. DNS is the protocol that file replication uses to communicate with. Since DNS troubleshooting is beyond the intent of this article, I recommend you get a little help on this by posting a question about fixing DNS. Or you can review another article I wrote for troubleshooting DNS errors:"
I deleted it because there is a procedure to troubleshoot this and the next possibility was "corrupted gpo"
Yes: domain name is muc.local and I have 2 dc: dc1= srv-max (win2003smb) and dc2 = srv-fs1 (win2003 std r2)
Like I mentionned: the "user datas" of the file server on srv-fs1 is not replicated. The only thing I guess is synchronisez are the dfs folder links that are located on both servers which I guess dfs creates to make their dfs working.
I see those errors related because I got this:
https://www.experts-exchange.com/articles/1073/Diagnosing-and-repairing-Events-1030-and-1058.html
"2) then replicated as a DFS (Distributive File shares) using FRS (File Replication Service), or DFSR (Distributive File Share Replication) between domain servers using DNS as the communications protocol;"
"--Sometimes you may have problems with File Replication Services, which almost always indicates a problem with DNS"
"A) If your errors are logged every 5 minutes, it usually means a server to server error. This would imply a file replication issue or permissions issue on the Sysvol folder."
"1)FRS REPLICATION PROBLEMS:
--NOTE: FIX DNS FIRST: (Get help if needed)
If you are running into FRS replication problems, almost always, you have a problem with DNS. DNS is the protocol that file replication uses to communicate with. Since DNS troubleshooting is beyond the intent of this article, I recommend you get a little help on this by posting a question about fixing DNS. Or you can review another article I wrote for troubleshooting DNS errors:"
First thing first, a GPO does not have to apply to a user at all times as mentioned security filter could mean that user A is not one to whom/whose session it shoukd apply, this GPO therefore will be reflected with denied access when this user logs in into either system
A corrupted GPO will not replicate, gpotool is a way to query gpos to identify those that have issues, mainly version in ad versus sysvol.......
Check FRS related events, this is how data replicates..... On pre 2003R2.
Instead of looking for resolutions, please find the reason/cause on your system and the work to solve it.
Looking for a solution that might address similar situation defined only as data not replicating would mean you will be trying and looking at things that 95% will not resolve your issue.
Identify what is preventing replication on your side.
I.e. If you create a new file in srv-fs1, does it show up on srv-max? Does the reverse creating a file on srv-max, show up on srv-fs1?
If one does, that would suggest an issue is with replication connection/topology .........
A corrupted GPO will not replicate, gpotool is a way to query gpos to identify those that have issues, mainly version in ad versus sysvol.......
Check FRS related events, this is how data replicates..... On pre 2003R2.
Instead of looking for resolutions, please find the reason/cause on your system and the work to solve it.
Looking for a solution that might address similar situation defined only as data not replicating would mean you will be trying and looking at things that 95% will not resolve your issue.
Identify what is preventing replication on your side.
I.e. If you create a new file in srv-fs1, does it show up on srv-max? Does the reverse creating a file on srv-max, show up on srv-fs1?
If one does, that would suggest an issue is with replication connection/topology .........
ASKER
Like I said: I am NOT using file replication to replicate "files" from my file server to my DC... All the DFS links points to my file server and only it, holds the files my users uses.
They only thing that gets replicated to my knowledge is a kind of "dfs ghosts tree" that looks like empty folders and that dfs creates on each servers:
I don't know if that is clear.
srv-fs1.jpg
They only thing that gets replicated to my knowledge is a kind of "dfs ghosts tree" that looks like empty folders and that dfs creates on each servers:
I don't know if that is clear.
srv-fs1.jpg
What is the issue then? Need clarification on what the issue you are seeking help with.
You have a DFS root and within it you define targets and/or links
the DFS root is served by both DCs'
The links/targets have to exist on both to function.
Targets are definition that should replicate since they are stored in the AD.
Links is another story, since they are redirects versus the referrals to the clients.
Double check your DFS definitions for
Please define what it is you are having an issue with,
I often try to avoid sending people to read terminology, but I am having difficulty understanding, inferring, determining what the issue you are looking to resolve.
https://technet.microsoft.com/en-us/library/cc782417(v=ws.10).aspx
You have a DFS root and within it you define targets and/or links
the DFS root is served by both DCs'
The links/targets have to exist on both to function.
Targets are definition that should replicate since they are stored in the AD.
Links is another story, since they are redirects versus the referrals to the clients.
Double check your DFS definitions for
Please define what it is you are having an issue with,
I often try to avoid sending people to read terminology, but I am having difficulty understanding, inferring, determining what the issue you are looking to resolve.
https://technet.microsoft.com/en-us/library/cc782417(v=ws.10).aspx
ASKER
My initial question was:
Some users do not see any content in their U: drive which points to the DFS domain Root.
No folders at all.
And it is intermittent. Sometimes when they reboot it comes back.
But others that saw it the day before, don't see it the next day at reboot
They see this:
When they should see that:
Some users do not see any content in their U: drive which points to the DFS domain Root.
No folders at all.
And it is intermittent. Sometimes when they reboot it comes back.
But others that saw it the day before, don't see it the next day at reboot
They see this:
When they should see that:
You have two servers that serve up dfs data, how does or what is the data.
What process supposed to keep that data?
It seems you keep looking at the end result and seeing different
Let's try this approach, you invited friends to a party at a venue. The friends decided to car pool such that they broke into two groups. And both groups rented an identical type transportation, a 12 person transport van from your vehicle rental store. You provided the address of the venue to both. As the tine approaches to the start of the party, only one group showed up. So, you call your rental shop to inquire why the second group has not arrived. They tell you the can was picked up, but you keep asking why they have not arrived.
Until you determine whether there are any replication issues since the data added to dfs on obeone DC has to replicate and reflected on the other.
Dfs is a referral service. It either has targets which meAns the data is hosted on a server share, but the user accesses the data does not see the server.
Let's try it this way, you place a call to the operator and want to talk to Jane. You are patched through. (Target)
You call the operator and ask for Mary, you are told to dial xxyyzzaa (link)
Open dfs on each DC.
Add a new target test-fs1 and test-max on the respectively named DCs
See which shows up on both.
Then create a link test-link-fs1 and test-link-max and see if either shows up on both.
Look on both ntfrs related errors
DC to DC sysvol replication on the version you use is replicated using ntfrs.
Go into each sysvol\sysvol folder create a text file, test-fs1.txt and test-max.txt and see if the files appear on both.
I do not understand how to make it clearer that you who has access to the systems with which you are having issues is the only person who can determine the cause by looking through step by step validating and verifying that everything is setup and working with out an error.
Another anology, two people are the same make, model of binoculars standing shoulder to shoulder, one looks through their pair and sees a beautiful vista. The other looks through their pair and sees snow covered mountain peeks.
Each calls the travel agency asking why the other does not see what they see.
What process supposed to keep that data?
It seems you keep looking at the end result and seeing different
Let's try this approach, you invited friends to a party at a venue. The friends decided to car pool such that they broke into two groups. And both groups rented an identical type transportation, a 12 person transport van from your vehicle rental store. You provided the address of the venue to both. As the tine approaches to the start of the party, only one group showed up. So, you call your rental shop to inquire why the second group has not arrived. They tell you the can was picked up, but you keep asking why they have not arrived.
Until you determine whether there are any replication issues since the data added to dfs on obeone DC has to replicate and reflected on the other.
Dfs is a referral service. It either has targets which meAns the data is hosted on a server share, but the user accesses the data does not see the server.
Let's try it this way, you place a call to the operator and want to talk to Jane. You are patched through. (Target)
You call the operator and ask for Mary, you are told to dial xxyyzzaa (link)
Open dfs on each DC.
Add a new target test-fs1 and test-max on the respectively named DCs
See which shows up on both.
Then create a link test-link-fs1 and test-link-max and see if either shows up on both.
Look on both ntfrs related errors
DC to DC sysvol replication on the version you use is replicated using ntfrs.
Go into each sysvol\sysvol folder create a text file, test-fs1.txt and test-max.txt and see if the files appear on both.
I do not understand how to make it clearer that you who has access to the systems with which you are having issues is the only person who can determine the cause by looking through step by step validating and verifying that everything is setup and working with out an error.
Another anology, two people are the same make, model of binoculars standing shoulder to shoulder, one looks through their pair and sees a beautiful vista. The other looks through their pair and sees snow covered mountain peeks.
Each calls the travel agency asking why the other does not see what they see.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thats the procedure that fixed the problem but thank you guys for all your inputs.