Dfs issue

Similar Messages

• Wierd DFS Issue

  Hello,
  I have a weird DFS issue I am having trouble fixing. Currently users at one of our site uses 1 file server which has DFS namespace enabled but is not replicating however if the users map to it via IP or Namespace or UNC they are sometimes able to see the
  file and sometimes they just see the DFSRoot folder.
  Any idea what could be causing this issue? The files aren't replicating and its the same location.
  Thanks

  taking back to basics !!
  so if users go to \\ServerName\Share, they should always see the files, this is a fixed known quantity.
  if that's the case then it sounds more like some kind of AD/DNS issue to me rather than DFS, because using
  \\servername\share is nothing todo with DFS. ! if I am correct in what your Saying and that sometime you cannot see the content even with IP or server name.?
  Or if its only DFS then :-
  do you have multiple folder targets under your DFS namespace, with DFSR replication setup for different Sites.
  Could the end users be picking up DFS information from a different DC which hasn't replicated the AD / DFS information correctly ?
  forgot to ask is this a standalone namespace or AD integrated ?
  have you installed the DFS role on the Actual File Server which has the Data ?
  I ask that question because if you create a DFS link with the same name as the share, then potentially there would be two Shares on the same server, (not sure if this is even possible).
  one share with the actual Data, one which is the DFS root. perhaps , its totally random, then sometimes it connects to the DFS root share, and sometimes it connects to the actual Folder Share.
  normally I would just have a DFS server, a VM, with nothing but the DFS role installed on it.
  Then for example my DFS links would point to multiple files servers with Shares.
  also some interesting Some from Microsoft stuff to look at :-
  http://technet.microsoft.com/en-us/library/cc962144.aspx
  regards
  Mark

• AD Sites / DFS issues

  We've set up AD Sites and DFS in our 2003/2008 mixed environment and the results seem incredibly sporadic.
  SiteA has two subnets:
  192.168.1.0/24
  172.22.0.0/22
  SiteB has one subnet:
  172.23.0.0/22
  The PCs at each location seem to hop back and forth as far as what site they are part of, which I have verified using the "nltest /dsgetsite" command.  The DFS shares also seem to hop back and forth as to what server they are pointing at, and
  it does not necessarily correspond with what site they are in.  I do not have any IPv6 addressing specified in AD Sites, and have tried disabling IPv6 on the PCs as well but it has not helped.
  Any insight/advice would be much appreciated.

  All of the SRV records seem to be correct.  We haven't enabled logging for the netlogon service, but I suppose that we could.  One thing I've noticed is that when we run dfsdiag /testsites, I get the following, but I'm not sure if it's an issue
  or not.  The two 2003 servers pass, but the 2008 server fails since its IPv6 address and link-local addresses are not in a site.
  Starting TestSites...
  Validating the site associations on every domain controller of the following: DAGDAII
  Success: The site associated with the following host name is consistent on all accessible domain controllers: DAGDAII
  Validating the site associations on every domain controller of the following: OGMA
  Success: The site associated with the following host name is consistent on all accessible domain controllers: OGMA
  Validating the site associations on every domain controller of the following: BOYNE
  Warning: The server has IP addresses with conflicting site associations
  Host name: BOYNE  
  Site: Boyne-City
  Domain controller: DAGDAII
  Host IP address                         Subnet-SiteMapping in AD
  fe80::edd7:62e1:c6ee:15d1%13            No mapping exists       
  fd30:fdbf:a5a1:cafa::1                  No mapping exists       
  Warning: The server has IP addresses with conflicting site associations
  Host name: BOYNE  
  Site: Boyne-City
  Domain controller: OGMA
  Host IP address                         Subnet-SiteMapping in AD
  fe80::edd7:62e1:c6ee:15d1%13            No mapping exists       
  fd30:fdbf:a5a1:cafa::1                  No mapping exists       
  Warning: The server has IP addresses with conflicting site associations
  Host name: BOYNE  
  Site: Boyne-City
  Domain controller: BOYNE
  Host IP address                         Subnet-SiteMapping in AD
  fe80::edd7:62e1:c6ee:15d1%13            No mapping exists       
  fd30:fdbf:a5a1:cafa::1                  No mapping exists       
  Success: The site associated with the following host name is consistent on all accessible domain controllers: BOYNE
  Finished TestSites.

• Weird DFS issue Windows 8.1 clients

  One of my users noticed something peculiar when working on text or document from a DFS share.
  The user will save changes and leave the doc open. Preliminary tests show that around 10min+ is when user receives an error, "THE SYSTEM CANNOT FIND THE PATH SPECIFIED".  The user hits the "OK"
  button and is presented with a "SAVE AS" dialog in the same working directory. User hits "SAVE", dialog warns of an "overwrite" and hits "OK" again and text or doc gets saved.
  I was able to reproduce the problem myself. I opened an online stopwatch and set a count down of 12 minutes. Every 3 minutes I added some text and hit save. All was well until the last 3:45. I added some more text, hit save and BOOM - error occurred, "The
  System cannot find the path specified".
  The two servers that hold the DFS share are Windows 2012 R2 boxes. One sits in the LA site and the other in Chicago. According to the output from "get-dfsrbacklog", there is no backlog between the DFS servers - all appears sync'd. Also, logs
  appear clean except a few of errors in the event log and DFS replication health report regarding sharing violations.
  Anyone seen something like this? Any suggestions on how to troubleshoot?

  Hi,
  Please run DFSUTIL /PKTINFO on the client to check if the client referred to Off-Site DFS namespace targets and also check if the DFS root information was missing in registry:
  "HKLM\Software\Microsoft\DFS\Roots\Domain" 
  If so, we could export the same registry from a working DFS server and imported the same on the server and restarted the DFS service to check the results.
  Best Regards,
  Mandy 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• DFS Issue - [ERROR] Failed to execute GetOutboundBacklogFileCount method. Err: -2147217361 (

  Hi There,
  Can someone help me to resolve the above error. I am getting this error while trying to check the backlog.
  C:\>dfsrdiag backlog /ReceivingMember:server1/SendingMember:server2 /RGName:folder/RFName:folder.
  Thanks

  This is a late reply, but perhaps it will save a few of you future searchers some time:
  Deleting the DFSR folder was hard, but it did make the backlog command work again; however, "shutdown /r" and the problem was back (for me).
  SOLUTION:
  Run eventvwr.msc, then under Applications and Services Logs, select DFS Replication and look for the warning about replication stopped because database not shutdown cleanly and "Auto Recovery disabled" (*default* behavior to allow for a backup before
  starting replication manually; fidelity over availability), but in there will be the command to start yours back up (i.e. elevated command prompt):
  wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="hereuniquetoyou" call ResumeReplication
  (but wait a minute to test the backlog command)
  Furthermore, I chose availability over fidelity (but note that I use shadow copies and true backups, and I don't like having to check on services and start them manually):
  wmic /namespace:\\root\microsoftdfs path dfsrmachineconfig set StopReplicationOnAutoRecovery=FALSE
  (also note /smem: and /rmem: shorthand)
  "All things are possible, but not all things are permissible"

• [Forum FAQ] Troubleshooting Network File Copy Slowness

  1. Introduction
  The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol. The set of message packets that defines a particular version of the protocol is called a dialect. The Common
  Internet File System (CIFS) Protocol is a dialect of SMB. Both SMB and CIFS are also available on VMS, several versions of Unix, and other operating systems.
  Microsoft SMB Protocol and CIFS Protocol Overview
  http://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx
  Server Message Block overview
  http://technet.microsoft.com/en-us/library/hh831795.aspx
  1.1
  SMB Versions and Negotiated Versions
  - Thanks for the
  Jose Barreto's Blog
  There are several different versions of SMB used by Windows operating systems:
  CIFS – The ancient version of SMB that was part of Microsoft Windows NT 4.0 in 1996. SMB1 supersedes this version.
  SMB 1.0 (or SMB1) – The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2
  SMB 2.0 (technically SMB2 version 2.002) – The version used in Windows Vista (SP1 or later) and Windows Server 2008 (or any SP)
  SMB 2.1 ((technically SMB2 version 2.1) – The version used in Windows 7 (or any SP) and Windows Server 2008 R2 (or any SP)
  SMB 3.0 (or SMB3) – The version used in Windows 8 and Windows Server 2012
  SMB 3.02 (or SMB3) – The version used in Windows 8.1 and Windows Server 2012 R2
  Windows NT is no longer supported, so CIFS is definitely out. Windows Server 2003 R2 with a current service pack is under Extended Support, so SMB1 is still around for a little while. SMB 2.x in Windows Server 2008 and Windows Server 2008
  R2 are under Mainstream Support until 2015. You can find the most current information on the
  support lifecycle page for Windows Server. The information is subject to the
  Microsoft Policy Disclaimer and Change Notice.  You can use the support pages to also find support policy information for Windows
  XP, Windows Vista, Windows 7 and Windows 8.
  In Windows 8.1 and Windows Server 2012 R2, we introduced the option to completely disable CIFS/SMB1 support, including the actual removal of the related binaries. While this is not the default configuration, we recommend disabling this older
  version of the protocol in scenarios where it’s not useful, like Hyper-V over SMB. You can find details about this new option in item 7 of this blog post:
  What’s new in SMB PowerShell in Windows Server 2012 R2.
  Negotiated Versions
  Here’s a table to help you understand what version you will end up using, depending on what Windows version is running as the SMB client and what version of Windows is running as the SMB server:
  OS
  Windows 8.1  WS 2012 R2
  Windows 8  WS 2012
  Windows 7  WS 2008 R2
  Windows Vista  WS 2008
  Previous versions
  Windows 8.1 WS 2012 R2
  SMB 3.02
  SMB 3.0
  SMB 2.1
  SMB 2.0
  SMB 1.0
  Windows 8 WS 2012
  SMB 3.0
  SMB 3.0
  SMB 2.1
  SMB 2.0
  SMB 1.0
  Windows 7 WS 2008 R2
  SMB 2.1
  SMB 2.1
  SMB 2.1
  SMB 2.0
  SMB 1.0
  Windows Vista WS 2008
  SMB 2.0
  SMB 2.0
  SMB 2.0
  SMB 2.0
  SMB 1.0
  Previous versions
  SMB 1.0
  SMB 1.0
  SMB 1.0
  SMB 1.0
  SMB 1.0
  * WS = Windows Server
  1.2 Check, Enable and Disable SMB Versions in Windows operating systems
  In Windows 8 or Windows Server 2012 and later, there is a new PowerShell cmdlet that can easily tell you what version of SMB the client has negotiated with the File Server. You simply access a remote file server (or create a new mapping to it) and use Get-SmbConnection.
  To enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012, please follow the steps in the article below.
  Warning: We do not recommend that you disable SMBv2 or SMBv3. Disable SMBv2 or SMBv3 only as a temporary troubleshooting measure. Do not leave SMBv2 or SMBv3 disabled.
  http://support.microsoft.com/kb/2696547
  1.3 Features and Capabilities
  - Thanks for the
  Jose Barreto's Blog
  Here’s a very short summary of what changed with each version of SMB:
  From SMB 1.0 to SMB 2.0 - The first major redesign of SMB
  Increased file sharing scalability
  Improved performance
  Request compounding
  Asynchronous operations
  Larger reads/writes
  More secure and robust
  Small command set
  Signing now uses HMAC SHA-256 instead of MD5
  SMB2 durability
  From SMB 2.0 to SMB 2.1
  File leasing improvements
  Large MTU support
  BranchCache
  From SMB 2.1 to SMB 3.0
  Availability
  SMB Transparent Failover
  SMB Witness
  SMB Multichannel
  Performance
  SMB Scale-Out
  SMB Direct (SMB 3.0 over RDMA)
  SMB Multichannel
  Directory Leasing
  BranchCache V2
  Backup
  VSS for Remote File Shares
  Security
  SMB Encryption using AES-CCM (Optional)
  Signing now uses AES-CMAC
  Management
  SMB PowerShell
  Improved Performance Counters
  Improved Eventing
  From SMB 3.0 to SMB 3.02
  Automatic rebalancing of Scale-Out File Server clients
  Improved performance of SMB Direct (SMB over RDMA)
  Support for multiple SMB instances on a Scale-Out File Server
  You can get additional details on the SMB 2.0 improvements listed above at
  http://blogs.technet.com/b/josebda/archive/2008/12/09/smb2-a-complete-redesign-of-the-main-remote-file-protocol-for-windows.aspx
  You can get additional details on the SMB 3.0 improvements listed above at
  http://blogs.technet.com/b/josebda/archive/2012/05/03/updated-links-on-windows-server-2012-file-server-and-smb-3-0.aspx
  You can get additional details on the SMB 3.02 improvements in Windows Server 2012 R2 at
  http://technet.microsoft.com/en-us/library/hh831474.aspx
  1.4 Related Registry Keys
  HKLM\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters\
  DeferredOpensEnabled – Indicates whether the Redirector can defer opens for certain cases where the file does not really need to be opened, such as for certain delete requests and adjusting file attributes.
  This defaults to true and is stored in the Redirector variable MRxSmbDeferredOpensEnabled.
  OplocksDisabled – Whether the Redirector should not request oplocks, this defaults to false (the Redirector will request oplocks) and is stored in the variable MrxSmbOplocksDisabled.
  CscEnabled – Whether Client Side Caching is enabled. This value defaults to true and stored in MRxSmbIsCscEnabled. It is used to determine whether to execute CSC operations when called. If CSC is enabled,
  several other parameters controlling CSC behavior are checked, such as CscEnabledDCON, CscEnableTransitionByDefault, and CscEnableAutoDial. CSC will be discussed in depth in its own module, so will be only mentioned in this module when it is necessary to understanding
  the operation of the Redirector.
  DisableShadowLoopback – Whether to disable the behavior of the Redirector getting a handle to loopback opens (opens on the same machine) so that it can shortcut the network path to the resource and
  just access local files locally. Shadow opens are enabled by default, and this registry value can be used to turn them off. It is stored in the global Redirector variable RxSmbDisableShadowLoopback.
  IgnoreBindingOrder – Controls whether the Redirector should use the binding order specified in the registry and controlled by the Network Connections UI, or ignore this order when choosing a transport
  provider to provide a connection to the server. By default the Redirector will ignore the binding order and can use any transport. The results of this setting are stored in the variable MRxSmbObeyBindingOrder.
  HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
  Security Signature settings – The RequireSecuritySignature setting is stored in MRxSmbSecuritySignaturesRequired, EnableSecuritySignature in MRxSmbSecuritySignaturesEnabled, RequireExtendedSignature
  in MRxSmbExtendedSignaturesRequired, and EnableExtendedSignature in MRxSmbExtendedSignaturesEnabled. Note that the Extended Security Signatures assume the regular security signatures are enabled, so those settings are adjusted if necessary based on the extended
  settings. If extended signatures are required, regular signatures have to be required.
  EnablePlainTextPassword – Support for using plain text passwords can be turned on using this key. They are disabled by default.
  OffLineFileTimeoutIntervalInSeconds – Used to set the expiration time for timing out an Exchange (discussed later) when the exchange is accessing an offline file. This value defaults to 1000 seconds,
  but can be changed in the registry and is stored in the global Redirector variable OffLineFileTimeoutInterval
  SessTimeout – This is the amount of time the client waits for the server to respond to an outstanding request. The default value is 60 seconds (Windows Vista). When the client does not receive the
  response to a request before the Request Expiration Timer expires, it will reset the connection because the operation is considered blocked. In Windows 8, the request expiration timer for the SMB 2 Negotiate is set to a smaller value, typically under 20 seconds,
  so that if a node of a continuously available (CA) cluster server is not responding, the SMB 3.0 client can expedite failover to the other node.
  ExtendedSessTimeout – Stored in the ExtendedSessTimeoutInterval variable, this value is used to extend the timeout on exchanges for servers that require an extended session timeout as listed in the
  ServersWithExtendedSessTimeout key. These are third party servers that handle SMB sessions with different processes and vary dramatically on the time required to process SMB requests. The default value is 1000 seconds. If the client is running at least Windows
  7 and ExtendedSessTimeout is not configured (By Default), the timeout is extended to four times the value of SessTimeout (4 * SessTimeout).
  MaxNumOfExchangesForPipelineReadWrite – This value is used to determine the maximum number of write exchanges that can be pipelined to a server. The default is 8 and the value is stored in the variable
  MaxNumOfExchangesForPipelineReadWrite.
  Win9xSessionRestriction – This value defaults to false, but is used to impose a restriction on Windows 9x clients that they can only have one active non-NULL session with the server at a time. Also,
  existing session based connections (VNETROOTS) are scavenged immediately, without a timeout to allow them to be reused.
  EnableCachingOnWriteOnlyOpens – This value can cause the Redirector to attempt to open a file that is being opened for write only access in a manner that will enable the Redirector to cache the file
  data. If the open fails, the request will revert back to the original requested access. The value of this parameter defaults to false and is stored in the MRxSmbEnableCachingOnWriteOnlyOpens variable.
  DisableByteRangeLockingOnReadOnlyFiles – This parameter defaults to false, but if set to true will cause level II oplocks to automatically be upgraded to batch oplocks on read-only files opened for
  read only access. It is stored in the variable DisableByteRangeLockingOnReadOnlyFiles.
  EnableDownLevelLogOff – False by default, this value controls whether a Logoff SMB will be sent to down-level servers when a session is being closed. If this is false, and the server has not negotiated
  to the NT SMB dialect or does not support NT Status codes, the logoff will not be sent because we aren’t sure that server will understand the request. The value is stored in MrxSmbEnableDownLevelLogOff.
  HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
  ResilientTimeout – This timer is started when the transport connection associated with a resilient handle is lost. It controls the amount of time the server keeps a resilient handle active after the
  transport connection to the client is lost. The default value is 300 seconds (Windows 7, Server 2008 R2, 8, Server 2012).
  DurableHandleV2TimeoutInSecond – This timer is started when the transport connection associated with a durable handle is lost. It controls the amount of time the server keeps a durable handle active
  after the transport connection to the client is lost. The default value is 60 seconds (Windows 8, Windows Server 2012). The maximum value is 300 seconds.
  HKLM\SYSTEM\CurrentControlSet\Services\SMBWitness\Parameters\
  KeepAliveInterval – This functionality was introduced for SMB 3.0 in Windows 8 and Windows Server 2012. The witness protocol is used to explicitly notify a client of resource changes that have occurred
  on a highly available cluster server. This enables faster recovery from unplanned failures, so that the client does not need to wait for TCP timeouts. The default value is 20 minutes (Windows 8, Windows Server 2012).
  HKLM\System\CurrentControlSet\Services\SmbDirect\Parameters\
  ConnectTimeoutInMs – Establish a connection and complete negotiation. ConnectTimeoutInMs is the deadline for the remote peer to accept the connection request and complete SMB Direct negotiation. Default
  is 120 seconds (Windows 8).
  AcceptTimeoutInMs – Accept negotiation: The SMB Direct Negotiate request should be received before AcceptTimeoutInMs expires. The servers starts this timer as soon as it accepted the connection. Default
  is 5 seconds (Windows 8).
  IdleConnectionTimeoutInMs – This timer is per-connection. It is the amount of time the connection can be idle without receiving a message from the remote peer. Before the local peer terminates the
  connection, it sends a keep alive request to the remote peer and applies a keep alive timer. Default is Default: 120 seconds (Windows 8).
  KeepaliveResponseTimeoutInMs – This attribute is per-connection. It defines the timeout to wait for the peer response for a keep-alive message on an idle RDMA connection. Default is 5 seconds (Windows
  8).
  CreditGrantTimeoutInMs – This timer is per-connection.  It regulates the amount of time that the local peer waits for the remote peer to grant Send credits before disconnecting the connection.
  This timer is started when the local peer runs out of Send credits. Default is 5 seconds (Windows 8).
  References:
  [MS-SMB]: Server Message Block (SMB) Protocol
  http://msdn.microsoft.com/en-us/library/cc246231.aspx
  [MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3
  http://msdn.microsoft.com/en-us/library/cc246482.aspx
  SMB 2.x and SMB 3.0 Timeouts in Windows
  http://blogs.msdn.com/b/openspecification/archive/2013/03/27/smb-2-x-and-smb-3-0-timeouts-in-windows.aspx

  3. How to Troubleshoot
  3.1 Troubleshooting Decision Tree
  1
  Is the slowness occurring in browsing a network shared folder or   copying a file, or both?
  Browsing, go to 1.1.
  Copying, go to 1.2.
  Both, go to 1.3.
  1.1
  Is the target a DFS path or not?
  Yes, go to 1.1.1.
  No, go to 1.1.2.
  1.1.1
  Is the client visiting the nearest DFS root server and file   server?
  Yes, go to 1.1.1.1.
  No, go to 1.1.1.2.
  1.1.1.1
  Browse the corresponding (Non-DFS) UNC path directly. Do you   still experience the slowness?
  Yes, go to 1.1.1.1.1.
   No,
  go to 1.1.1.1.2.
  1.1.1.1.1
  Issue is the particular file server responds to the share folder   enumeration requests slowly. Most probably it’s
  unrelated to DFS. Follow   1.1.2.
  1.1.1.1.2
  Issue is that client experiences delay when browsing the DFS   path, but no delay is visiting the target file server
  directly. Capture   Network Monitor trace from the client and study if the DFS path is cracked   down.
  1.1.1.2
  Use dfsutil.exe to clear local domain and referral cache. Then   visit the DFS path again and capture Network Monitor
  trace from the client to   study why the client goes to a wrong file server or DFS root server.
  1.1.2
  Not a DFS issue. Issue is the particular file server responds to   the share folder enumeration requests slowly. “Dir”
  the same share folder   from Command Prompt. Is it slow?
  Yes, go to 1.1.2.1
  No, go to 1.1.2.2
  1.1.2.1
  Check the number of subfolders and files in that share folder.   Is the number large?
  Yes, go to 1.1.2.1.1
  No, go to 1.1.2.1.2
  1.1.2.1.1
  Try to “dir” a different share folder on the same file server,   but with less items. Is it still slow or not?
  Yes, go to 1.1.2.1.1.1
  No, go to 1.1.2.1.1.2
  1.1.2.1.1.1
  Probably to be performance issue of the file server. Capture   Network Monitor trace from both sides, plus Performance
  Monitor on the file   server.
  1.1.2.1.1.2
  Probably to be performance issue of the file server,   particularly, of the disk. Capture Network Monitor trace from
  both sides,   plus Performance Monitor on the file server.
  1.1.2.1.2
  Same as 1.1.2.1.1.1. Probably to be performance issue of the   file server. Capture Network Monitor trace from both
  sides, plus Performance   Monitor on the file server.
  1.1.2.2
  Explorer.exe browses the share folder slowly while “dir” does   fast. The issue should lie in the particular SMB traffic
  incurred by   explorer.exe. It's a Shell issue.
  1.2
  Is the target a DFS path or not?
  Yes, go to 1.2.1
  No, go to 1.2.2
  1.2.1
  Is the client downloading/uploading against the nearest file   server?
  Yes, go to 1.2.1.1
  No, go to 1.2.1.2
  1.2.1.1
  Try to download/upload against that file server using the   Non-DFS share path. Still slow?
  Yes, go to 1.2.1.1.1
  No, go to 1.2.1.1.2
  1.2.1.1.1
  Not a DFS issue. Capture Network Monitor trace from both sides   to identify the pattern of the slowness.
  1.2.1.1.2
  This is unlikely to occur because the conclusion is   contradictory to itself. Start from the beginning to double
  check.
  1.2.1.2
  Same situation as 1.1.1.2. Use dfsutil.exe to clear local domain   and referral cache. Then visit the DFS path again
  and capture Network Monitor   trace from the client to study why the client goes to a wrong file server or   DFS root server.
  1.2.2
  Same as 1.2.1.1.1. It's not a DFS issue. Capture Network Monitor   trace from both sides to identify the pattern of
  the slowness.
  1.3
  Follow 1.1 and then 1.2.
  3.2 Troubleshooting Tools
  Network Monitor or Message Analyzer
  Download
  http://www.microsoft.com/en-us/download/details.aspx?id=40308
  Blog
  http://blogs.technet.com/b/messageanalyzer/
  Microsoft Message Analyzer Operating Guide
  http://technet.microsoft.com/en-us/library/jj649776.aspx
  Performance Monitor
  http://technet.microsoft.com/en-us/library/cc749249.aspx
  DiskMon
  http://technet.microsoft.com/en-us/sysinternals/bb896646.aspx
  Process Monitor
  http://technet.microsoft.com/en-us/sysinternals/bb896645

• No progress :(

  Hello
  I continue to have issues with Adobe Reader. Right up to V9 it was fine. V10 introduced several issues: my team were hit by the one where a certain string in the path affected it, and (and this astonished me), protected mode was not compatible with documents accessed via DFS shares.
  The protected mode issue has persisted. I have to turn it off on all our installations otherwise members of my team open a PDF and are unable to view the document because the program freezes.
  I also had an issue where installing an update removed the 'Open With' entries - the response from this forum was to reinstall the other program (a program that I use to edit and compile PDFs). No apology for causing this problem. If the install had worked properly (as it does for the other PDF tools we use), I would not have had this problem in the first place.
  And now we have the signing issue. Turns out that the detection of a signature field is completely arbitrary. According to posts on this forum if the PDF contains the word sign, that is considered to be a signature field. If, when a signature is detected, I click the green bar it immediately says 'Signed'. Erm... what??? What has been signed??? How can it be signed when a signature field does not exist? This simply causes unnecessary confusion.
  Seriously, people. I have the highest respect for Adobe's products in general but there comes a point at which the inconvenience out-weighs its usefulness. It seems to me that the quality of Adobe's PDF reader has, from a functional point of view, deteriorated since the introduction of V10.
  Please, restore our faith in your product.
  Thanks!

  Thanks for replying
  Any platform that is created by a company so that advice can be sought regarding usage of a product or for help troubleshooting a problem is usually monitored to some extent. My post is a moan born out of frustration of the persistent problems (the same problems, not different ones), that have been evident since V10 was released, and the ridiculous signing issue that was recently introduced.
  I look forward to an eventual resolution. I have, under a different account, tried seeking help with the DFS problem but as is usually the case with issues that require a lot of effort the help simply stopped. I thought, OK, this is something that obviously requires a lot of work. Back then I thought I'd be content to wait it out and hope the issues are resolved in a future patch/upgrade. I am also aware that I can't expect too much support for a product that is essentially free. There is a work-around for the DFS issue, but it would be nicer if Adobe Reader worked 'out of the box' and did not require the extra configuration (which often causes it to freeze).
  This thread is more for my benefit than for anyone elses. I just needed to get it off my chest
  In my view there has been no progress. The title accurately reflects the issue.

• Quicktime access speeds

  Hello,
  I noticed that there is a difference in performance when trying to access a Quicktime video via a DFS path versus a direct server path.
  For example
  When accessing a video via the path \\domain.com\studio\quicktime\video.mov, it takes 15 seconds before the video starts playing.
  When accessing the same video via the path \\server\quicktime\video.mov, it takes 7 seconds.
  I have tested with Quicktime Player and Quicktime Pro and both software consistently experience the same discrepancy in speed.
  I am looking to see if it is possible to fix this ?
  An explanation of why this is happening would be appreciated.
  8 seconds may seem like a small amount of time, but our company deals with many videos and it all adds up, especially when dealing with larger videos. It has already taken upwards of 5 minutes. However, access via a direct path has always consistently been quicker.
  Also note that other application are able to access other files on the fileserver via the DFS path or the direct path in roughly the same amount of time so this is not a DFS issue. Quicktime is the only application that runs more slowly than the rest.

  Hello,
  I noticed that there is a difference in performance when trying to access a Quicktime video via a DFS path versus a direct server path.
  For example
  When accessing a video via the path \\domain.com\studio\quicktime\video.mov, it takes 15 seconds before the video starts playing.
  When accessing the same video via the path \\server\quicktime\video.mov, it takes 7 seconds.
  I have tested with Quicktime Player and Quicktime Pro and both software consistently experience the same discrepancy in speed.
  I am looking to see if it is possible to fix this ?
  An explanation of why this is happening would be appreciated.
  8 seconds may seem like a small amount of time, but our company deals with many videos and it all adds up, especially when dealing with larger videos. It has already taken upwards of 5 minutes. However, access via a direct path has always consistently been quicker.
  Also note that other application are able to access other files on the fileserver via the DFS path or the direct path in roughly the same amount of time so this is not a DFS issue. Quicktime is the only application that runs more slowly than the rest.

• Security-Kerberso Errors on some machine

  Hello,
  The reason why i'm writing is because, recently we have seen some strange DFS issues, where clients aren't able to connect to their DFS mapped drives.  flushing DFS cache or DNS cache or rebooting client seems to fix issue.  We have also had
  to reboot a DFS server, since it was hung in the past.  So, I have ticket open with MS and can't find any DFS related issues from event logs.
  I see a Kerberos error in event logs on both DFS servers and some clients that have the issue and I"m wondering if this is the cause of problems.  Please see Kerberos error below and let me know what you think.  I want to also add that we
  have direct access server and i'm seeing "isatap.ipv6address" when I run ipconfig on these servers and clients..
  "The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server hq12-dfs2$. The target name used was HTTP/HQ12-DFS2.hhmi.org. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the
  target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password
  is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target
  domain (HHMI.ORG) is different from the client domain (HHMI.ORG), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server."

  They basically want me to enable all Kerberos encryption types and then disjoin/join my DFS servers from domain.  I"m doing it tonight, so we will see what happens.  I actually haven't had the DFS issues, since I posted this question in forum. 
  I will still implements their recommendations.
  Step 1: adjust the supported Kerberos etype
  ====================================
  a. Run GPMC on one 2008R2 DC or 2012R2 DC, Edit Default Domain Policy.
  b. Navigate to Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\Network security: Configure encryption types allowed for Kerberos
  We need to select Define these policy settings and all the six check boxes
  c. After that, please run GPUPDATE  /FORCE to take effect. After it is done, please restart all the DCs after business hours.
  Step 2: Disjoin and Rejoin DFS namespace servers to the domain (one by one)
  ==============================================
  1. On HQ12-DFS2, please delete it from the namespace server first
  2. Then, disjoin the server from the domain.
  3. After a reboot, please rejoin the server into the domain
  4. Add it into DFS namespace
  5. Then, perform the above steps on HQ12-DFS1 again.

• Dcdiag fatal error

  I am having problems with my DFS shares not showing up, and in researching this I ran a dcdiag on my domain controllers and am getting the following error:
  Performing initial setup:
     Trying to find home server...
     Home Server = servername
     * Identified AD Forest.
     FATAL ERROR: ldap_search for parttion attributes with base DN = CN=Partitions
  ,CN=Configuration,DC=domain,DC=local failed with error = 32
  I have never seen so few results when searching for this error. I have no idea where to begin.

  So that was a nightmare... I had to move DHCP, FSMO, CA Authority... took several hours. BUT I eventually got it demoted and re-promoted. Same issue. HOWEVER, I ran as administrator and it worked. It has been a very long day. I guess I didn't realize I was
  doing that on the other DCs when I ran on them.
  SO. Now when I run dcdiag, I get some other errors:
  REPLICATION LATENCY WARNING ERROR: Expected notification link is missing.Source DC2 -this is the new PDC fyi Replication of new changes along this path
  will be delayed. This problem should self-correct on the next periodic sync.
  I ran repadmin /showrepl on all 4 DCs and everything was successful.
  I have no idea what is happening. Maybe the issue I am having is not a DC issue. Here is what happened to me:
  Some machines could not access "\\domain.local\share", while others could. On the other hand, they ALL could access "\\domain\share". I fixed that by changing all my drive mappings to \\domain\share (took off the .local) Don't know why
  that was an issue, I was going to get to that later.
  This morning I discovered that there were two more issues happening. The DFS share was showing up empty on many computers (they could access "\\domain\share" but there was nothing in it, while other machines saw the folders they should see. Trying
  to get everybody working while I fixed THAT issue, I changed the drive mappings again to point directly to the servers they needed (without DFS).
  That worked for some, but not others. The ones it did not work on had Group Policy errors in the event log saying they could not find a group policy server or something (hours ago, who can remember exact errors at this point), so they were still pointing
  to the DFS shares. Several reboots would usually eventually get things resolved.
  So here I am, can't figure out if it is a DFS issue, DC Replication issue, DNS issue, WINS issue or what. I am just burnt and I am going home for the day.
  Thank you so much for your help so far, I can tell you have been spending a lot of time on this. Maybe I need to start a new thread?

• Lion 10.7.2 DFS share access issue

  hi
  i have a macbook air running 10.7.2 and we have a DFS file server running windows 2008 r2
  our name space is domain based and i can access the file server using \\domain.com\uk\data and \\domain\uk\home\xxx (where xxx is the username)
  the first is the shared data drive and the 2nd is the users home drive
  all works beautifully when i am connected via the ethernet. as soon as i move onto the internal wifi (sits on the same network as the ethernet lan and has full access to all network resource, our windows 7 laptops can access all shares just fine) i can all of a sudden no longer access the DFS share \\accel.com\uk\data
  it either says it cannot find it or a username and password box comes up (i am using centrify to leverage our AD user accounts on our mac's) when i enter my username and password it does not accept it. I have the same issue when i am outside of the office and vpn's in.
  this evening i discovered that i have no problems accessing our DFS share if i enter \\domain.com\uk and i am presented with the folder UK on my dekstop and when i click on it i can see the DATA and HOME drive subfolder
  when i now go to the finder and click on connect to server SMB://domain.com/uk/home/xxx it connects fine
  so it seems that the /uk/ bit of the DFS path is confusing the mac client when not connected via the ethernet lan cable.
  i have tried to mount via the cli but it comes up with no route to host and the console log displays something similar
  at least i have a work around now but does anyone know if this is an issue with my name space setup or whether this is a bug (i presume bug as windows 7 clients have no issue with this namespace but i am not taking anything for granted :-) )
  thank you
  ps i found this post but it is slightly different to the issue i am having https://discussions.apple.com/message/16187498#16187498

  The issue has previously hit Apple TV owners. I think people came to the conclusion that it was a HDMI handshake problem. Basically the process where the device and TV greet each other, make up some rules about communicationg and what their secret key is and so on.
  I haven't tried this yet, but my local service center says that basically I can do one of two things:
  - Downgrade to 10.7 and then download the 10.7.1 update from Apples website. To do this without having a Mac OS X Lion disc, you can hold down CMD + R when the computer boots to be able to access the recovery partition on newer Macs that come without the OS disc.
  or..
  - Put something in between the computer and TV. For example, if you're using an amplifier as a part of your home theather set up, this will probably work. The service guy said he has his Mini connected to the amplifier, which in turn is connected to speakers and a projector. The inverted colors still appear, but only once per night (i.e. after the first problem is reset by resetting the link then it's fine).
  For now, I'll do my little dance of changing the source on the TV from HDMI 1 to HDMI 2 and then back again to reset the link... But, I'll probably try downgrading in a few days.

• Possible issue with DFS and CSC error 80070035

  I have a handful of users who have a strange, recurring issue with Offline Files and DFS in Win7 SP1 x64.
  We have a DFS root \\domain.local\DFS. Server ukln1fs1 is a root replica, running a fully patched instance of Server 2012 R2. dfsnamespace is a DNS alias of ukln1fs1, and the SPNs for host/dfsnamespace<.domain.local>
  and cifs/dfsnamespace<.domain.local> are registered with that server.
  Clients have the Documents folder redirected by GPO to
  \\dfsnamespace\DFS\-teamfolder-\-username-\docs and redirection works fine. 
  Sometimes when clients are disconnected from the network and then reconnect, or when they start up disconnected from the network and then connect, they are unable to connect to
  \\dfsnamespace\dfs. They get error 80070035. Clients can connect to
  \\dfsnamespace fine and to the individual shared within the DFS structure. This affects all users on the computer once it has begun occurring, and the only resolution is to restart the computer whilst connected to the domain.
  Kerberos is using TCP (MaxPacketSize 0)
  LanManServer & LanManWorkstation signing requirements match (EnableSecuritySignature 1, RequireSecuritySignature 0)
  Have used FormatDatabase on the CSC service to rebuild the offline files cache.
  Latest hotfixes for Win7 file services and offline files components are installed: KB2775511 (enterprise hotfix rollup), all latest hotfixes from KB2820927 (collection of enterprise hotfixes including offline files and folder redirection components), all
  latest hotfixes from KB2473205 (file server technology services).
  Adapters & bindings order has the SSL VPN adapter at the top followed by the NIC then the wifi adapter. IPv4 is a the higher priority protocol in adapters & bindings.

  Please have a look at this blog (DFSN and DFSR-RO interoperability), it may help you somehow.
  Regards, Ravikumar P

• DFS ACL Inheritance issue

  We have an interesting problem for the forums.  We have implemented Distributed File Services for managing our shares.
  SecurityGroupA has similar ACL assignments to FolderA and FolderB.
  SecurityGroupB has limited ACL assignments to FolderB.
  When a member of SecurityGroupA moves a file from FolderA to FolderB, the file does not not inherit from FolderB.  We believe the issue is the DFS link gets redirected, but since the file's physical location doesn't actually move so no ACL changes happen
  and SecurityGroupB cannot see the file.
  If we break folder inheritance, then reapply inheritance to all child objects, this "fixes" ACL assignments and SecurityGroupB can see the file.
  One process I am considering is enabling file auditing and using event log "file creation" to trigger an ACL refresh script.  That's about as far as I have got to developing the process, though.
  Has anybody with DFS implementations run into this?  If so, how did you address the ACL refresh?
  Thanks,
  CS

  Hi,
  I'm a little unclear about the structure but it should be the default behaviour of NTFS permission. Please see this article:
  http://support.microsoft.com/kb/310316
  Also it provided steps to change the NTFS permission behaviour.
  Meanwhile if both folders are located in same volume, maybe you can workaround this with putting one of them to another volume so permission will be refreshed by a move.
  If you have any feedback on our support, please send to [email protected]

• Spacing in username creating issues in DFS

  In our network, we have several users that still have a space in their login name. has this ever been known to cause issues in a single DFS server for files to randomly disappear?

  Hi, 
  Do you mean that folder targets in a DFS server disappear randomly when uses login the DFS server and the users have a space in their login name? Would you please share the exact steps to help us reproduce the same behavior? Do you have any error code? If so,
  please provide detail information about this error.
  Regards, 
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• DFS replication issue

  Hello,
  We have 1 server at branch office and 1 server at datacenter and have DFS-R enabled for user related data. By default we have enabled branch office server DFS path for end users.
  Replication was broken some time back since the branch server OS was crashed. We fixed the issue by reinstalling the OS, but unfortunately a month later we found branch server is not replicating the data with its partner datacenter server
  as the GUID of the branch server was changed post rebuild. I have removed the old GUID and re-add the branch server to replication group again.
  But, I don't see replication is taking place properly still. If I create a new test folder its getting replicated to datacenter server, but not the old folders which have data modified between these broken replication period.
  What is the best way solving this? since the over all data size is in TBs.
  Mahi

  You can check the backlog on dfs : http://www.planetcobalt.net/sdb/dfscmds.shtml
  Command syntax : 
  dfsrdiag backlog /rgname:KeyMaster /rfname:Gatekeeper /sendingmember:DontCrossTheStreams
  /receivingmember:StayPuffed
  You may stop sharing and check the results if replication works well. 
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.