DFS Name space - going to wrong server

Hi,

Got some issues with DFS name space where location does not point to nearest name space (Hope is make sense!)

Got 2 network connected via VPN, 1 network 192.168.2.0 & the other 192.168.1.0

When connected on network 192.168.2.0, the name space connected is on 192.168.1.0 network

Ping bios is correct, if on 192.168.2.0, it points to the correct location. for example ping me.local will point to my DNS server on the 192.168.2.0 network.

I read that DFS should connect to its nearest server, so why does it go to the further one?

Thanks
Fredo CozAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
DFS is a referral service, make sure your AD organization matches the dfs name space .. Do you have a DC of any time at the same location, I.e. If your request is sent to the DC in HQ, the dfs options would likely be relative to HQ DC.
0
Fredo CozAuthor Commented:
Hi,

1)  make sure your AD organization matches the dfs name space
? could you please give me an example?

2) Do you have a DC of any time at the same location
Yes, primary DC (192.168.1.0/24), secondary DC Writeable (192.168.2.0/24)

Cheers

Fred
0
arnoldCommented:
Do you have organizational units
Addomain/
Site HQ
DC main
HQ fileserver
Site branch
DC second
Branch fileserver
Branch computers....

Dfs namespace topology?

With this, the local DNS query for a DC, will point to the local, the local DC will then point to a local target of the dfs name space.
....
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Fredo CozAuthor Commented:
Arnold,

Could you please give me some example?

Yes I do have some OU, but both users for each site are in the same OU? is that an issue? what is the recommended setup?

Site HQ: No  - can you be more sepcific?

DC main: yes on both sites

HQ files server, yes on both sites

Site branch?

DC second: yes as a GC, writable

Branch file server: NO

Branch computers: No

DFS name space, only one at the moment

Cheers
Fred
0
arnoldCommented:
Name Space is supposed to be singular, the targets are in different location such that the local one is accessed versus the one on the other side of the VPN.

https://blogs.technet.microsoft.com/canitpro/2015/03/03/step-by-step-setting-up-active-directory-sites-subnets-site-links/

If you only have one Target for a DFS Namespace, what is the issue?


What is the nearest name space?
you have \\addomain\someshare => target \\someserver\someshare...

please clarify your setup.

you have two location (one is the HQ/Main one is the branch) connected by VPN. What is it you are trying to achieve?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fredo CozAuthor Commented:
Hi Arnold,

My issue is that on the //namespace/folder does not go to the nearest server (hope it make sense)

My topology us exactly the same as :

https://blogs.technet.microsoft.com/canitpro/2015/03/03/step-by-step-setting-up-active-directory-sites-subnets-site-links/

Except that network one is: 192.168.1.0/24 & network 2: 192.168.2.0/24 / connected via VPN

I have a single namespace with 2 target folders.

Also got the feeling that when user from 192.168.2.0 network login (it has its own DC), it authenticates via the dc on 192.168.1.0.

Group policy is also slow on network 2, it looks like it also opening GP on server 1.

Not sure how I can explain better!

Cheers
0
arnoldCommented:
How do you define the nearest server?

If you do not have SITES defined that distinguish between server1 (192.168.1.0/24) and server2 (192.168.2.0/24)
how is your workstation to know that server1 is local while server2 is remote?


nslookup -q=srv _ldap._tcp.dc._msdcs.<youraddmomain>

nslookup -q=srv _ldap._tcp.<site1>.dc._msdcs.<yourdomain.com>

nslookup -q=srv _ldap._tcp.<site2>.dc._msdcs.<yourdomain.com>

the first example is what you have, it provides a random distribution of the two servers you have without regard to which is local.
Once you setup site1 and site2..
when performing the lookup, you will only see the local first, and only in its absence will you query the remote. The same is true to the DFS name space where you have to organize ....

The document explains what needs to be done, you have to go through and get familiar with ...
Look at similar dFS namespace and how to ......
0
Fredo CozAuthor Commented:
Arnold,

I am completely understanding what you are saying, but....

Where is the settings to set "" how is your workstation to know that server1 is local while server2 is remote?"

I clearly understand what is going on, I thought that the settings in AD site & services will take care of that?

Cheers
0
arnoldCommented:
Telling me that your setup is as described is not the same as seeing.
Run the tests I showed using nslookup and see whether you followed through by placing the DC that is in the 192.168.2.0/24 in the site to which that subnet applies and whether the other DC is listed in the 192.168.1.0/24.

Sites and services are the start it does not end there.
did you complete the entire setup
replace site1 with the name of your site in the 192.168.2.0/24 subnet does it return one record or two? does it point to the local or remote?
The DFS are then have a referential ......
0
Fredo CozAuthor Commented:
Can this help?

C:\Users\Administrator>nslookup -q=srv _ldap._tcp.dc._msdcs.office.local
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.10

_ldap._tcp.dc._msdcs.office.local       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = FRED-DC.office.local
_ldap._tcp.dc._msdcs.office.local       SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = FRED-DC2.office.local
FRED-DC.office.local     internet address = 192.168.1.10
FRED_DC2.office.local    internet address = 192.168.2.20



----------------------------------------------------------------

site 1: Paris (192.168.1.0)
site 2 :London (192.168.2.0)


C:\Users\Administrator>nslookup -q=srv _ldap._tcp.paris.dc._msdcs.office.local
Server:  UnKnown
Address:  192.168.1.10

*** UnKnown can't find _ldap._tcp.paris.dc._msdcs.office.local: Non-existent domain
0
Fredo CozAuthor Commented:
also..

HOw do I do that?

replace site1 with the name of your site in the 192.168.2.0/24 subnet does it return one record or two?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Distributed File System Replication (DFSR)

From novice to tech pro — start learning today.