Dfs issue
On host machine I added an entry into the /etc/dfs/dfstab and bounce the nfs server.
On the client machine when I cd /net/hostname/directory/directory, I dont seen the new share or nfs mount.
I have bounced nfs.server on the client as well as autofs. When I bounced nfs.server on the host machine I didnt get an error about unable to share the new directory.
Seems like a straight forward approach, just wondering what I may have missed?
Thanks
Mike
Some more clarity on the issue. The host machine is the NIS master and the primary server in a cluster environment. So when I up dated the dfstab it was on the "physical" machine. When users are connecting via /net, they are going to the "cluster" name e.g. /net/clustername/directory/directory.
I just was able to get to the new share by going to /net/physicalname/directory/directory.
Both the cluser address and the physical address are in /etc/hosts/. Why does autofs/automountd not like the cluster name?
Similar Messages
-
Hello,
I have a weird DFS issue I am having trouble fixing. Currently users at one of our site uses 1 file server which has DFS namespace enabled but is not replicating however if the users map to it via IP or Namespace or UNC they are sometimes able to see the
file and sometimes they just see the DFSRoot folder.
Any idea what could be causing this issue? The files aren't replicating and its the same location.
Thankstaking back to basics !!
so if users go to \\ServerName\Share, they should always see the files, this is a fixed known quantity.
if that's the case then it sounds more like some kind of AD/DNS issue to me rather than DFS, because using
\\servername\share is nothing todo with DFS. ! if I am correct in what your Saying and that sometime you cannot see the content even with IP or server name.?
Or if its only DFS then :-
do you have multiple folder targets under your DFS namespace, with DFSR replication setup for different Sites.
Could the end users be picking up DFS information from a different DC which hasn't replicated the AD / DFS information correctly ?
forgot to ask is this a standalone namespace or AD integrated ?
have you installed the DFS role on the Actual File Server which has the Data ?
I ask that question because if you create a DFS link with the same name as the share, then potentially there would be two Shares on the same server, (not sure if this is even possible).
one share with the actual Data, one which is the DFS root. perhaps , its totally random, then sometimes it connects to the DFS root share, and sometimes it connects to the actual Folder Share.
normally I would just have a DFS server, a VM, with nothing but the DFS role installed on it.
Then for example my DFS links would point to multiple files servers with Shares.
also some interesting Some from Microsoft stuff to look at :-
http://technet.microsoft.com/en-us/library/cc962144.aspx
regards
Mark -
We've set up AD Sites and DFS in our 2003/2008 mixed environment and the results seem incredibly sporadic.
SiteA has two subnets:
192.168.1.0/24
172.22.0.0/22
SiteB has one subnet:
172.23.0.0/22
The PCs at each location seem to hop back and forth as far as what site they are part of, which I have verified using the "nltest /dsgetsite" command. The DFS shares also seem to hop back and forth as to what server they are pointing at, and
it does not necessarily correspond with what site they are in. I do not have any IPv6 addressing specified in AD Sites, and have tried disabling IPv6 on the PCs as well but it has not helped.
Any insight/advice would be much appreciated.All of the SRV records seem to be correct. We haven't enabled logging for the netlogon service, but I suppose that we could. One thing I've noticed is that when we run dfsdiag /testsites, I get the following, but I'm not sure if it's an issue
or not. The two 2003 servers pass, but the 2008 server fails since its IPv6 address and link-local addresses are not in a site.
Starting TestSites...
Validating the site associations on every domain controller of the following: DAGDAII
Success: The site associated with the following host name is consistent on all accessible domain controllers: DAGDAII
Validating the site associations on every domain controller of the following: OGMA
Success: The site associated with the following host name is consistent on all accessible domain controllers: OGMA
Validating the site associations on every domain controller of the following: BOYNE
Warning: The server has IP addresses with conflicting site associations
Host name: BOYNE
Site: Boyne-City
Domain controller: DAGDAII
Host IP address Subnet-SiteMapping in AD
fe80::edd7:62e1:c6ee:15d1%13 No mapping exists
fd30:fdbf:a5a1:cafa::1 No mapping exists
Warning: The server has IP addresses with conflicting site associations
Host name: BOYNE
Site: Boyne-City
Domain controller: OGMA
Host IP address Subnet-SiteMapping in AD
fe80::edd7:62e1:c6ee:15d1%13 No mapping exists
fd30:fdbf:a5a1:cafa::1 No mapping exists
Warning: The server has IP addresses with conflicting site associations
Host name: BOYNE
Site: Boyne-City
Domain controller: BOYNE
Host IP address Subnet-SiteMapping in AD
fe80::edd7:62e1:c6ee:15d1%13 No mapping exists
fd30:fdbf:a5a1:cafa::1 No mapping exists
Success: The site associated with the following host name is consistent on all accessible domain controllers: BOYNE
Finished TestSites. -
Weird DFS issue Windows 8.1 clients
One of my users noticed something peculiar when working on text or document from a DFS share.
The user will save changes and leave the doc open. Preliminary tests show that around 10min+ is when user receives an error, "THE SYSTEM CANNOT FIND THE PATH SPECIFIED". The user hits the "OK"
button and is presented with a "SAVE AS" dialog in the same working directory. User hits "SAVE", dialog warns of an "overwrite" and hits "OK" again and text or doc gets saved.
I was able to reproduce the problem myself. I opened an online stopwatch and set a count down of 12 minutes. Every 3 minutes I added some text and hit save. All was well until the last 3:45. I added some more text, hit save and BOOM - error occurred, "The
System cannot find the path specified".
The two servers that hold the DFS share are Windows 2012 R2 boxes. One sits in the LA site and the other in Chicago. According to the output from "get-dfsrbacklog", there is no backlog between the DFS servers - all appears sync'd. Also, logs
appear clean except a few of errors in the event log and DFS replication health report regarding sharing violations.
Anyone seen something like this? Any suggestions on how to troubleshoot?Hi,
Please run DFSUTIL /PKTINFO on the client to check if the client referred to Off-Site DFS namespace targets and also check if the DFS root information was missing in registry:
"HKLM\Software\Microsoft\DFS\Roots\Domain"
If so, we could export the same registry from a working DFS server and imported the same on the server and restarted the DFS service to check the results.
Best Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hi There,
Can someone help me to resolve the above error. I am getting this error while trying to check the backlog.
C:\>dfsrdiag backlog /ReceivingMember:server1/SendingMember:server2 /RGName:folder/RFName:folder.
ThanksThis is a late reply, but perhaps it will save a few of you future searchers some time:
Deleting the DFSR folder was hard, but it did make the backlog command work again; however, "shutdown /r" and the problem was back (for me).
SOLUTION:
Run eventvwr.msc, then under Applications and Services Logs, select DFS Replication and look for the warning about replication stopped because database not shutdown cleanly and "Auto Recovery disabled" (*default* behavior to allow for a backup before
starting replication manually; fidelity over availability), but in there will be the command to start yours back up (i.e. elevated command prompt):
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="hereuniquetoyou" call ResumeReplication
(but wait a minute to test the backlog command)
Furthermore, I chose availability over fidelity (but note that I use shadow copies and true backups, and I don't like having to check on services and start them manually):
wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig set StopReplicationOnAutoRecovery=FALSE
(also note /smem: and /rmem: shorthand)
"All things are possible, but not all things are permissible" -
[Forum FAQ] Troubleshooting Network File Copy Slowness
1. Introduction
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common
Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
Microsoft SMB Protocol and CIFS Protocol Overview
http://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx
Server Message Block overview
http://technet.microsoft.com/en-us/library/hh831795.aspx
1.1
SMB Versions and Negotiated Versions
- Thanks for the
Jose Barreto's Blog
There are several different versions of SMB used by Windows operating systems:
CIFS – The ancient version of SMB that was part of Microsoft Windows NT 4.0 in 1996. SMB1 supersedes this version.
SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
SMB 2.0 (technically SMB2 version 2.002) – The version used in Windows Vista (SP1 or later) and Windows Server 2008 (or any SP)
SMB 2.1 ((technically SMB2 version 2.1) – The version used in Windows 7 (or any SP) and Windows Server 2008 R2 (or any SP)
SMB 3.0 (or SMB3) – The version used in Windows 8 and Windows Server 2012
SMB 3.02 (or SMB3) – The version used in Windows 8.1 and Windows Server 2012 R2
Windows NT is no longer supported, so CIFS is definitely out. Windows Server 2003 R2 with a current service pack is under Extended Support, so SMB1 is still around for a little while. SMB 2.x in Windows Server 2008 and Windows Server 2008
R2 are under Mainstream Support until 2015. You can find the most current information on the
support lifecycle page for Windows Server. The information is subject to the
Microsoft Policy Disclaimer and Change Notice. You can use the support pages to also find support policy information for Windows
XP, Windows Vista, Windows 7 and Windows 8.
In Windows 8.1 and Windows Server 2012 R2, we introduced the option to completely disable CIFS/SMB1 support, including the actual removal of the related binaries. While this is not the default configuration, we recommend disabling this older
version of the protocol in scenarios where it’s not useful, like Hyper-V over SMB. You can find details about this new option in item 7 of this blog post:
What’s new in SMB PowerShell in Windows Server 2012 R2.
Negotiated Versions
Here’s a table to help you understand what version you will end up using, depending on what Windows version is running as the SMB client and what version of Windows is running as the SMB server:
OS
Windows 8.1 WS 2012 R2
Windows 8 WS 2012
Windows 7 WS 2008 R2
Windows Vista WS 2008
Previous versions
Windows 8.1 WS 2012 R2
SMB 3.02
SMB 3.0
SMB 2.1
SMB 2.0
SMB 1.0
Windows 8 WS 2012
SMB 3.0
SMB 3.0
SMB 2.1
SMB 2.0
SMB 1.0
Windows 7 WS 2008 R2
SMB 2.1
SMB 2.1
SMB 2.1
SMB 2.0
SMB 1.0
Windows Vista WS 2008
SMB 2.0
SMB 2.0
SMB 2.0
SMB 2.0
SMB 1.0
Previous versions
SMB 1.0
SMB 1.0
SMB 1.0
SMB 1.0
SMB 1.0
* WS = Windows Server
1.2 Check, Enable and Disable SMB Versions in Windows operating systems
In Windows 8 or Windows Server 2012 and later, there is a new PowerShell cmdlet that can easily tell you what version of SMB the client has negotiated with the File Server. You simply access a remote file server (or create a new mapping to it) and use Get-SmbConnection.
To enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012, please follow the steps in the article below.
Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.
http://support.microsoft.com/kb/2696547
1.3 Features and Capabilities
- Thanks for the
Jose Barreto's Blog
Here’s a very short summary of what changed with each version of SMB:
From SMB 1.0 to SMB 2.0 - The first major redesign of SMB
Increased file sharing scalability
Improved performance
Request compounding
Asynchronous operations
Larger reads/writes
More secure and robust
Small command set
Signing now uses HMAC SHA-256 instead of MD5
SMB2 durability
From SMB 2.0 to SMB 2.1
File leasing improvements
Large MTU support
BranchCache
From SMB 2.1 to SMB 3.0
Availability
SMB Transparent Failover
SMB Witness
SMB Multichannel
Performance
SMB Scale-Out
SMB Direct (SMB 3.0 over RDMA)
SMB Multichannel
Directory Leasing
BranchCache V2
Backup
VSS for Remote File Shares
Security
SMB Encryption using AES-CCM (Optional)
Signing now uses AES-CMAC
Management
SMB PowerShell
Improved Performance Counters
Improved Eventing
From SMB 3.0 to SMB 3.02
Automatic rebalancing of Scale-Out File Server clients
Improved performance of SMB Direct (SMB over RDMA)
Support for multiple SMB instances on a Scale-Out File Server
You can get additional details on the SMB 2.0 improvements listed above at
http://blogs.technet.com/b/josebda/archive/2008/12/09/smb2-a-complete-redesign-of-the-main-remote-file-protocol-for-windows.aspx
You can get additional details on the SMB 3.0 improvements listed above at
http://blogs.technet.com/b/josebda/archive/2012/05/03/updated-links-on-windows-server-2012-file-server-and-smb-3-0.aspx
You can get additional details on the SMB 3.02 improvements in Windows Server 2012 R2 at
http://technet.microsoft.com/en-us/library/hh831474.aspx
1.4 Related Registry Keys
HKLM\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters\
DeferredOpensEnabled – Indicates whether the Redirector can defer opens for certain cases where the file does not really need to be opened, such as for certain delete requests and adjusting file attributes.
This defaults to true and is stored in the Redirector variable MRxSmbDeferredOpensEnabled.
OplocksDisabled – Whether the Redirector should not request oplocks, this defaults to false (the Redirector will request oplocks) and is stored in the variable MrxSmbOplocksDisabled.
CscEnabled – Whether Client Side Caching is enabled. This value defaults to true and stored in MRxSmbIsCscEnabled. It is used to determine whether to execute CSC operations when called. If CSC is enabled,
several other parameters controlling CSC behavior are checked, such as CscEnabledDCON, CscEnableTransitionByDefault, and CscEnableAutoDial. CSC will be discussed in depth in its own module, so will be only mentioned in this module when it is necessary to understanding
the operation of the Redirector.
DisableShadowLoopback – Whether to disable the behavior of the Redirector getting a handle to loopback opens (opens on the same machine) so that it can shortcut the network path to the resource and
just access local files locally. Shadow opens are enabled by default, and this registry value can be used to turn them off. It is stored in the global Redirector variable RxSmbDisableShadowLoopback.
IgnoreBindingOrder – Controls whether the Redirector should use the binding order specified in the registry and controlled by the Network Connections UI, or ignore this order when choosing a transport
provider to provide a connection to the server. By default the Redirector will ignore the binding order and can use any transport. The results of this setting are stored in the variable MRxSmbObeyBindingOrder.
HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
Security Signature settings – The RequireSecuritySignature setting is stored in MRxSmbSecuritySignaturesRequired, EnableSecuritySignature in MRxSmbSecuritySignaturesEnabled, RequireExtendedSignature
in MRxSmbExtendedSignaturesRequired, and EnableExtendedSignature in MRxSmbExtendedSignaturesEnabled. Note that the Extended Security Signatures assume the regular security signatures are enabled, so those settings are adjusted if necessary based on the extended
settings. If extended signatures are required, regular signatures have to be required.
EnablePlainTextPassword – Support for using plain text passwords can be turned on using this key. They are disabled by default.
OffLineFileTimeoutIntervalInSeconds – Used to set the expiration time for timing out an Exchange (discussed later) when the exchange is accessing an offline file. This value defaults to 1000 seconds,
but can be changed in the registry and is stored in the global Redirector variable OffLineFileTimeoutInterval
SessTimeout – This is the amount of time the client waits for the server to respond to an outstanding request. The default value is 60 seconds (Windows Vista). When the client does not receive the
response to a request before the Request Expiration Timer expires, it will reset the connection because the operation is considered blocked. In Windows 8, the request expiration timer for the SMB 2 Negotiate is set to a smaller value, typically under 20 seconds,
so that if a node of a continuously available (CA) cluster server is not responding, the SMB 3.0 client can expedite failover to the other node.
ExtendedSessTimeout – Stored in the ExtendedSessTimeoutInterval variable, this value is used to extend the timeout on exchanges for servers that require an extended session timeout as listed in the
ServersWithExtendedSessTimeout key. These are third party servers that handle SMB sessions with different processes and vary dramatically on the time required to process SMB requests. The default value is 1000 seconds. If the client is running at least Windows
7 and ExtendedSessTimeout is not configured (By Default), the timeout is extended to four times the value of SessTimeout (4 * SessTimeout).
MaxNumOfExchangesForPipelineReadWrite – This value is used to determine the maximum number of write exchanges that can be pipelined to a server. The default is 8 and the value is stored in the variable
MaxNumOfExchangesForPipelineReadWrite.
Win9xSessionRestriction – This value defaults to false, but is used to impose a restriction on Windows 9x clients that they can only have one active non-NULL session with the server at a time. Also,
existing session based connections (VNETROOTS) are scavenged immediately, without a timeout to allow them to be reused.
EnableCachingOnWriteOnlyOpens – This value can cause the Redirector to attempt to open a file that is being opened for write only access in a manner that will enable the Redirector to cache the file
data. If the open fails, the request will revert back to the original requested access. The value of this parameter defaults to false and is stored in the MRxSmbEnableCachingOnWriteOnlyOpens variable.
DisableByteRangeLockingOnReadOnlyFiles – This parameter defaults to false, but if set to true will cause level II oplocks to automatically be upgraded to batch oplocks on read-only files opened for
read only access. It is stored in the variable DisableByteRangeLockingOnReadOnlyFiles.
EnableDownLevelLogOff – False by default, this value controls whether a Logoff SMB will be sent to down-level servers when a session is being closed. If this is false, and the server has not negotiated
to the NT SMB dialect or does not support NT Status codes, the logoff will not be sent because we aren’t sure that server will understand the request. The value is stored in MrxSmbEnableDownLevelLogOff.
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
ResilientTimeout – This timer is started when the transport connection associated with a resilient handle is lost. It controls the amount of time the server keeps a resilient handle active after the
transport connection to the client is lost. The default value is 300 seconds (Windows 7, Server 2008 R2, 8, Server 2012).
DurableHandleV2TimeoutInSecond – This timer is started when the transport connection associated with a durable handle is lost. It controls the amount of time the server keeps a durable handle active
after the transport connection to the client is lost. The default value is 60 seconds (Windows 8, Windows Server 2012). The maximum value is 300 seconds.
HKLM\SYSTEM\CurrentControlSet\Services\SMBWitness\Parameters\
KeepAliveInterval – This functionality was introduced for SMB 3.0 in Windows 8 and Windows Server 2012. The witness protocol is used to explicitly notify a client of resource changes that have occurred
on a highly available cluster server. This enables faster recovery from unplanned failures, so that the client does not need to wait for TCP timeouts. The default value is 20 minutes (Windows 8, Windows Server 2012).
HKLM\System\CurrentControlSet\Services\SmbDirect\Parameters\
ConnectTimeoutInMs – Establish a connection and complete negotiation. ConnectTimeoutInMs is the deadline for the remote peer to accept the connection request and complete SMB Direct negotiation. Default
is 120 seconds (Windows 8).
AcceptTimeoutInMs – Accept negotiation: The SMB Direct Negotiate request should be received before AcceptTimeoutInMs expires. The servers starts this timer as soon as it accepted the connection. Default
is 5 seconds (Windows 8).
IdleConnectionTimeoutInMs – This timer is per-connection. It is the amount of time the connection can be idle without receiving a message from the remote peer. Before the local peer terminates the
connection, it sends a keep alive request to the remote peer and applies a keep alive timer. Default is Default: 120 seconds (Windows 8).
KeepaliveResponseTimeoutInMs – This attribute is per-connection. It defines the timeout to wait for the peer response for a keep-alive message on an idle RDMA connection. Default is 5 seconds (Windows
8).
CreditGrantTimeoutInMs – This timer is per-connection. It regulates the amount of time that the local peer waits for the remote peer to grant Send credits before disconnecting the connection.
This timer is started when the local peer runs out of Send credits. Default is 5 seconds (Windows 8).
References:
[MS-SMB]: Server Message Block (SMB) Protocol
http://msdn.microsoft.com/en-us/library/cc246231.aspx
[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3
http://msdn.microsoft.com/en-us/library/cc246482.aspx
SMB 2.x and SMB 3.0 Timeouts in Windows
http://blogs.msdn.com/b/openspecification/archive/2013/03/27/smb-2-x-and-smb-3-0-timeouts-in-windows.aspx3. How to Troubleshoot
3.1 Troubleshooting Decision Tree
1
Is the slowness occurring in browsing a network shared folder or copying a file, or both?
Browsing, go to 1.1.
Copying, go to 1.2.
Both, go to 1.3.
1.1
Is the target a DFS path or not?
Yes, go to 1.1.1.
No, go to 1.1.2.
1.1.1
Is the client visiting the nearest DFS root server and file server?
Yes, go to 1.1.1.1.
No, go to 1.1.1.2.
1.1.1.1
Browse the corresponding (Non-DFS) UNC path directly. Do you still experience the slowness?
Yes, go to 1.1.1.1.1.
No,
go to 1.1.1.1.2.
1.1.1.1.1
Issue is the particular file server responds to the share folder enumeration requests slowly. Most probably it’s
unrelated to DFS. Follow 1.1.2.
1.1.1.1.2
Issue is that client experiences delay when browsing the DFS path, but no delay is visiting the target file server
directly. Capture Network Monitor trace from the client and study if the DFS path is cracked down.
1.1.1.2
Use dfsutil.exe to clear local domain and referral cache. Then visit the DFS path again and capture Network Monitor
trace from the client to study why the client goes to a wrong file server or DFS root server.
1.1.2
Not a DFS issue. Issue is the particular file server responds to the share folder enumeration requests slowly. “Dir”
the same share folder from Command Prompt. Is it slow?
Yes, go to 1.1.2.1
No, go to 1.1.2.2
1.1.2.1
Check the number of subfolders and files in that share folder. Is the number large?
Yes, go to 1.1.2.1.1
No, go to 1.1.2.1.2
1.1.2.1.1
Try to “dir” a different share folder on the same file server, but with less items. Is it still slow or not?
Yes, go to 1.1.2.1.1.1
No, go to 1.1.2.1.1.2
1.1.2.1.1.1
Probably to be performance issue of the file server. Capture Network Monitor trace from both sides, plus Performance
Monitor on the file server.
1.1.2.1.1.2
Probably to be performance issue of the file server, particularly, of the disk. Capture Network Monitor trace from
both sides, plus Performance Monitor on the file server.
1.1.2.1.2
Same as 1.1.2.1.1.1. Probably to be performance issue of the file server. Capture Network Monitor trace from both
sides, plus Performance Monitor on the file server.
1.1.2.2
Explorer.exe browses the share folder slowly while “dir” does fast. The issue should lie in the particular SMB traffic
incurred by explorer.exe. It's a Shell issue.
1.2
Is the target a DFS path or not?
Yes, go to 1.2.1
No, go to 1.2.2
1.2.1
Is the client downloading/uploading against the nearest file server?
Yes, go to 1.2.1.1
No, go to 1.2.1.2
1.2.1.1
Try to download/upload against that file server using the Non-DFS share path. Still slow?
Yes, go to 1.2.1.1.1
No, go to 1.2.1.1.2
1.2.1.1.1
Not a DFS issue. Capture Network Monitor trace from both sides to identify the pattern of the slowness.
1.2.1.1.2
This is unlikely to occur because the conclusion is contradictory to itself. Start from the beginning to double
check.
1.2.1.2
Same situation as 1.1.1.2. Use dfsutil.exe to clear local domain and referral cache. Then visit the DFS path again
and capture Network Monitor trace from the client to study why the client goes to a wrong file server or DFS root server.
1.2.2
Same as 1.2.1.1.1. It's not a DFS issue. Capture Network Monitor trace from both sides to identify the pattern of
the slowness.
1.3
Follow 1.1 and then 1.2.
3.2 Troubleshooting Tools
Network Monitor or Message Analyzer
Download
http://www.microsoft.com/en-us/download/details.aspx?id=40308
Blog
http://blogs.technet.com/b/messageanalyzer/
Microsoft Message Analyzer Operating Guide
http://technet.microsoft.com/en-us/library/jj649776.aspx
Performance Monitor
http://technet.microsoft.com/en-us/library/cc749249.aspx
DiskMon
http://technet.microsoft.com/en-us/sysinternals/bb896646.aspx
Process Monitor
http://technet.microsoft.com/en-us/sysinternals/bb896645 -
Hello
I continue to have issues with Adobe Reader. Right up to V9 it was fine. V10 introduced several issues: my team were hit by the one where a certain string in the path affected it, and (and this astonished me), protected mode was not compatible with documents accessed via DFS shares.
The protected mode issue has persisted. I have to turn it off on all our installations otherwise members of my team open a PDF and are unable to view the document because the program freezes.
I also had an issue where installing an update removed the 'Open With' entries - the response from this forum was to reinstall the other program (a program that I use to edit and compile PDFs). No apology for causing this problem. If the install had worked properly (as it does for the other PDF tools we use), I would not have had this problem in the first place.
And now we have the signing issue. Turns out that the detection of a signature field is completely arbitrary. According to posts on this forum if the PDF contains the word sign, that is considered to be a signature field. If, when a signature is detected, I click the green bar it immediately says 'Signed'. Erm... what??? What has been signed??? How can it be signed when a signature field does not exist? This simply causes unnecessary confusion.
Seriously, people. I have the highest respect for Adobe's products in general but there comes a point at which the inconvenience out-weighs its usefulness. It seems to me that the quality of Adobe's PDF reader has, from a functional point of view, deteriorated since the introduction of V10.
Please, restore our faith in your product.
Thanks!Thanks for replying
Any platform that is created by a company so that advice can be sought regarding usage of a product or for help troubleshooting a problem is usually monitored to some extent. My post is a moan born out of frustration of the persistent problems (the same problems, not different ones), that have been evident since V10 was released, and the ridiculous signing issue that was recently introduced.
I look forward to an eventual resolution. I have, under a different account, tried seeking help with the DFS problem but as is usually the case with issues that require a lot of effort the help simply stopped. I thought, OK, this is something that obviously requires a lot of work. Back then I thought I'd be content to wait it out and hope the issues are resolved in a future patch/upgrade. I am also aware that I can't expect too much support for a product that is essentially free. There is a work-around for the DFS issue, but it would be nicer if Adobe Reader worked 'out of the box' and did not require the extra configuration (which often causes it to freeze).
This thread is more for my benefit than for anyone elses. I just needed to get it off my chest
In my view there has been no progress. The title accurately reflects the issue. -
Hello,
I noticed that there is a difference in performance when trying to access a Quicktime video via a DFS path versus a direct server path.
For example
When accessing a video via the path \\domain.com\studio\quicktime\video.mov, it takes 15 seconds before the video starts playing.
When accessing the same video via the path \\server\quicktime\video.mov, it takes 7 seconds.
I have tested with Quicktime Player and Quicktime Pro and both software consistently experience the same discrepancy in speed.
I am looking to see if it is possible to fix this ?
An explanation of why this is happening would be appreciated.
8 seconds may seem like a small amount of time, but our company deals with many videos and it all adds up, especially when dealing with larger videos. It has already taken upwards of 5 minutes. However, access via a direct path has always consistently been quicker.
Also note that other application are able to access other files on the fileserver via the DFS path or the direct path in roughly the same amount of time so this is not a DFS issue. Quicktime is the only application that runs more slowly than the rest.Hello,
I noticed that there is a difference in performance when trying to access a Quicktime video via a DFS path versus a direct server path.
For example
When accessing a video via the path \\domain.com\studio\quicktime\video.mov, it takes 15 seconds before the video starts playing.
When accessing the same video via the path \\server\quicktime\video.mov, it takes 7 seconds.
I have tested with Quicktime Player and Quicktime Pro and both software consistently experience the same discrepancy in speed.
I am looking to see if it is possible to fix this ?
An explanation of why this is happening would be appreciated.
8 seconds may seem like a small amount of time, but our company deals with many videos and it all adds up, especially when dealing with larger videos. It has already taken upwards of 5 minutes. However, access via a direct path has always consistently been quicker.
Also note that other application are able to access other files on the fileserver via the DFS path or the direct path in roughly the same amount of time so this is not a DFS issue. Quicktime is the only application that runs more slowly than the rest. -
Security-Kerberso Errors on some machine
Hello,
The reason why i'm writing is because, recently we have seen some strange DFS issues, where clients aren't able to connect to their DFS mapped drives. flushing DFS cache or DNS cache or rebooting client seems to fix issue. We have also had
to reboot a DFS server, since it was hung in the past. So, I have ticket open with MS and can't find any DFS related issues from event logs.
I see a Kerberos error in event logs on both DFS servers and some clients that have the issue and I"m wondering if this is the cause of problems. Please see Kerberos error below and let me know what you think. I want to also add that we
have direct access server and i'm seeing "isatap.ipv6address" when I run ipconfig on these servers and clients..
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server hq12-dfs2$. The target name used was HTTP/HQ12-DFS2.hhmi.org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the
target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password
is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target
domain (HHMI.ORG) is different from the client domain (HHMI.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server."They basically want me to enable all Kerberos encryption types and then disjoin/join my DFS servers from domain. I"m doing it tonight, so we will see what happens. I actually haven't had the DFS issues, since I posted this question in forum.
I will still implements their recommendations.
Step 1: adjust the supported Kerberos etype
====================================
a. Run GPMC on one 2008R2 DC or 2012R2 DC, Edit Default Domain Policy.
b. Navigate to Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\Network security: Configure encryption types allowed for Kerberos
We need to select Define these policy settings and all the six check boxes
c. After that, please run GPUPDATE /FORCE to take effect. After it is done, please restart all the DCs after business hours.
Step 2: Disjoin and Rejoin DFS namespace servers to the domain (one by one)
==============================================
1. On HQ12-DFS2, please delete it from the namespace server first
2. Then, disjoin the server from the domain.
3. After a reboot, please rejoin the server into the domain
4. Add it into DFS namespace
5. Then, perform the above steps on HQ12-DFS1 again. -
I am having problems with my DFS shares not showing up, and in researching this I ran a dcdiag on my domain controllers and am getting the following error:
Performing initial setup:
Trying to find home server...
Home Server = servername
* Identified AD Forest.
FATAL ERROR: ldap_search for parttion attributes with base DN = CN=Partitions
,CN=Configuration,DC=domain,DC=local failed with error = 32
I have never seen so few results when searching for this error. I have no idea where to begin.So that was a nightmare... I had to move DHCP, FSMO, CA Authority... took several hours. BUT I eventually got it demoted and re-promoted. Same issue. HOWEVER, I ran as administrator and it worked. It has been a very long day. I guess I didn't realize I was
doing that on the other DCs when I ran on them.
SO. Now when I run dcdiag, I get some other errors:
REPLICATION LATENCY WARNING ERROR: Expected notification link is missing.Source DC2 -this is the new PDC fyi Replication of new changes along this path
will be delayed. This problem should self-correct on the next periodic sync.
I ran repadmin /showrepl on all 4 DCs and everything was successful.
I have no idea what is happening. Maybe the issue I am having is not a DC issue. Here is what happened to me:
Some machines could not access "\\domain.local\share", while others could. On the other hand, they ALL could access "\\domain\share". I fixed that by changing all my drive mappings to \\domain\share (took off the .local) Don't know why
that was an issue, I was going to get to that later.
This morning I discovered that there were two more issues happening. The DFS share was showing up empty on many computers (they could access "\\domain\share" but there was nothing in it, while other machines saw the folders they should see. Trying
to get everybody working while I fixed THAT issue, I changed the drive mappings again to point directly to the servers they needed (without DFS).
That worked for some, but not others. The ones it did not work on had Group Policy errors in the event log saying they could not find a group policy server or something (hours ago, who can remember exact errors at this point), so they were still pointing
to the DFS shares. Several reboots would usually eventually get things resolved.
So here I am, can't figure out if it is a DFS issue, DC Replication issue, DNS issue, WINS issue or what. I am just burnt and I am going home for the day.
Thank you so much for your help so far, I can tell you have been spending a lot of time on this. Maybe I need to start a new thread? -
Lion 10.7.2 DFS share access issue
hi
i have a macbook air running 10.7.2 and we have a DFS file server running windows 2008 r2
our name space is domain based and i can access the file server using \\domain.com\uk\data and \\domain\uk\home\xxx (where xxx is the username)
the first is the shared data drive and the 2nd is the users home drive
all works beautifully when i am connected via the ethernet. as soon as i move onto the internal wifi (sits on the same network as the ethernet lan and has full access to all network resource, our windows 7 laptops can access all shares just fine) i can all of a sudden no longer access the DFS share \\accel.com\uk\data
it either says it cannot find it or a username and password box comes up (i am using centrify to leverage our AD user accounts on our mac's) when i enter my username and password it does not accept it. I have the same issue when i am outside of the office and vpn's in.
this evening i discovered that i have no problems accessing our DFS share if i enter \\domain.com\uk and i am presented with the folder UK on my dekstop and when i click on it i can see the DATA and HOME drive subfolder
when i now go to the finder and click on connect to server SMB://domain.com/uk/home/xxx it connects fine
so it seems that the /uk/ bit of the DFS path is confusing the mac client when not connected via the ethernet lan cable.
i have tried to mount via the cli but it comes up with no route to host and the console log displays something similar
at least i have a work around now but does anyone know if this is an issue with my name space setup or whether this is a bug (i presume bug as windows 7 clients have no issue with this namespace but i am not taking anything for granted :-) )
thank you
ps i found this post but it is slightly different to the issue i am having https://discussions.apple.com/message/16187498#16187498The issue has previously hit Apple TV owners. I think people came to the conclusion that it was a HDMI handshake problem. Basically the process where the device and TV greet each other, make up some rules about communicationg and what their secret key is and so on.
I haven't tried this yet, but my local service center says that basically I can do one of two things:
- Downgrade to 10.7 and then download the 10.7.1 update from Apples website. To do this without having a Mac OS X Lion disc, you can hold down CMD + R when the computer boots to be able to access the recovery partition on newer Macs that come without the OS disc.
or..
- Put something in between the computer and TV. For example, if you're using an amplifier as a part of your home theather set up, this will probably work. The service guy said he has his Mini connected to the amplifier, which in turn is connected to speakers and a projector. The inverted colors still appear, but only once per night (i.e. after the first problem is reset by resetting the link then it's fine).
For now, I'll do my little dance of changing the source on the TV from HDMI 1 to HDMI 2 and then back again to reset the link... But, I'll probably try downgrading in a few days. -
Possible issue with DFS and CSC error 80070035
I have a handful of users who have a strange, recurring issue with Offline Files and DFS in Win7 SP1 x64.
We have a DFS root \\domain.local\DFS. Server ukln1fs1 is a root replica, running a fully patched instance of Server 2012 R2. dfsnamespace is a DNS alias of ukln1fs1, and the SPNs for host/dfsnamespace<.domain.local>
and cifs/dfsnamespace<.domain.local> are registered with that server.
Clients have the Documents folder redirected by GPO to
\\dfsnamespace\DFS\-teamfolder-\-username-\docs and redirection works fine.
Sometimes when clients are disconnected from the network and then reconnect, or when they start up disconnected from the network and then connect, they are unable to connect to
\\dfsnamespace\dfs. They get error 80070035. Clients can connect to
\\dfsnamespace fine and to the individual shared within the DFS structure. This affects all users on the computer once it has begun occurring, and the only resolution is to restart the computer whilst connected to the domain.
Kerberos is using TCP (MaxPacketSize 0)
LanManServer & LanManWorkstation signing requirements match (EnableSecuritySignature 1, RequireSecuritySignature 0)
Have used FormatDatabase on the CSC service to rebuild the offline files cache.
Latest hotfixes for Win7 file services and offline files components are installed: KB2775511 (enterprise hotfix rollup), all latest hotfixes from KB2820927 (collection of enterprise hotfixes including offline files and folder redirection components), all
latest hotfixes from KB2473205 (file server technology services).
Adapters & bindings order has the SSL VPN adapter at the top followed by the NIC then the wifi adapter. IPv4 is a the higher priority protocol in adapters & bindings.Please have a look at this blog (DFSN and DFSR-RO interoperability), it may help you somehow.
Regards, Ravikumar P -
We have an interesting problem for the forums. We have implemented Distributed File Services for managing our shares.
SecurityGroupA has similar ACL assignments to FolderA and FolderB.
SecurityGroupB has limited ACL assignments to FolderB.
When a member of SecurityGroupA moves a file from FolderA to FolderB, the file does not not inherit from FolderB. We believe the issue is the DFS link gets redirected, but since the file's physical location doesn't actually move so no ACL changes happen
and SecurityGroupB cannot see the file.
If we break folder inheritance, then reapply inheritance to all child objects, this "fixes" ACL assignments and SecurityGroupB can see the file.
One process I am considering is enabling file auditing and using event log "file creation" to trigger an ACL refresh script. That's about as far as I have got to developing the process, though.
Has anybody with DFS implementations run into this? If so, how did you address the ACL refresh?
Thanks,
CSHi,
I'm a little unclear about the structure but it should be the default behaviour of NTFS permission. Please see this article:
http://support.microsoft.com/kb/310316
Also it provided steps to change the NTFS permission behaviour.
Meanwhile if both folders are located in same volume, maybe you can workaround this with putting one of them to another volume so permission will be refreshed by a move.
If you have any feedback on our support, please send to [email protected] -
Spacing in username creating issues in DFS
In our network, we have several users that still have a space in their login name. has this ever been known to cause issues in a single DFS server for files to randomly disappear?
Hi,
Do you mean that folder targets in a DFS server disappear randomly when uses login the DFS server and the users have a space in their login name? Would you please share the exact steps to help us reproduce the same behavior? Do you have any error code? If so,
please provide detail information about this error.
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hello,
We have 1 server at branch office and 1 server at datacenter and have DFS-R enabled for user related data. By default we have enabled branch office server DFS path for end users.
Replication was broken some time back since the branch server OS was crashed. We fixed the issue by reinstalling the OS, but unfortunately a month later we found branch server is not replicating the data with its partner datacenter server
as the GUID of the branch server was changed post rebuild. I have removed the old GUID and re-add the branch server to replication group again.
But, I don't see replication is taking place properly still. If I create a new test folder its getting replicated to datacenter server, but not the old folders which have data modified between these broken replication period.
What is the best way solving this? since the over all data size is in TBs.
MahiYou can check the backlog on dfs : http://www.planetcobalt.net/sdb/dfscmds.shtml
Command syntax :
dfsrdiag backlog /rgname:KeyMaster /rfname:Gatekeeper /sendingmember:DontCrossTheStreams
/receivingmember:StayPuffed
You may stop sharing and check the results if replication works well.
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread.
Maybe you are looking for
-
Hi I am unable to start the Managed server on OBIEE 11.1.1.6.0 , as it is giving the following exception "[bi_server1] [NOTIFICATION] [] [oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor] [tid: RTD_Worker_9] [userId: <anonymous>]
-
Photos and graphics are not printing from web browsers. Is there an OS or Safari setting that makes 10.4.10 print only text from my G4 1000x2 MDD? Lazerjet 5M, ethernet. I've looked in the printer dialog and didn't see anything...
-
How can I put move requests in stuck and continue working?
I have a map and a unit moving on this map, I wont to give him 2 moving orders and continue for my another staff. this is part of my program so I try to explain to you the parameters of this function in the way I choose to represent it: destination:S
-
Copy and Paste Large (more than 999 rows) Spreadsheet
I have a large spreadsheet that has a number of hidden columns. It is about 1,135 rows long. I have no trouble copying and pasting the spreadsheet into Pages (both are IWork '09) as long as I only try to copy and past 999 or fewer rows. But when I
-
I have the iPad 1 and a simple Verizon Wireless phone. Will the messaging app in iOS 5 give me a new number or can I link my phone number to the account and have it push me my texts, and when I send texts from it will they show up to my contacts as m