DFS clients being referred to wrong site
-
Monday, April 04, 2011 3:21 AM
Hi,
I've been reading some of the other posts but I haven't been able to find an answer. Here's my scenario;
I have two physical sites. Site 1 has a domain controller and dfs server. Site 2 has a domain controller and a dfs server. Replication is enabled for about 5 target folders. All servers are Win 2008 R2 datacenter. I created two sites in AD and also created the respective subnets. I also applied the "lowest cost" in DfS and client failback
I'm using the dfsutil tool to check the referrerals... It looks like all of our machines get a random mix of some targets being referred to the local dfs and others referred to the remote dfs.
I've tried rebooting, and flushing the cache using the dfsutil /pktflush
Any ideas why this happens? I've read that we can make DFS list only the local DFS server using the "exclude targets outside the client's site" but I really would like to get this working properly for failover purposes.
Let me know. Thanks!
All Replies
-
Monday, April 04, 2011 3:49 AM
Hi grigos,
The behaviour of the Windows client of DFS actually depends on the client's IP address.
When a DFS server receives a referral request from a client, the DFS server uses the IP address of the client to determine the client’s site. The DFS server sorts the list of target servers in the referral response in terms of increasing site cost from the DFS client to the target server.
When the SMB Service server provides an incorrect DFS client IP address to the DFS server, the client receives a referral that contains a list of DFS targets that are random or in non-optimal order in terms of the Active Directory site cost from DFS client to DFS targets.Would you please have a look at this KB article?
You may receive DFS referrals that contain a list of random DFS targets, random SYSVOL or NETLOGON referrals, or experience slow performance when you access a shared folder in a DFS namespace on a Windows Server 2003-based computer
http://support.microsoft.com/kb/905846How to troubleshoot Distributed File System Namespace access failures in Windows
http://support.microsoft.com/kb/975440/EN-USHope it helps.
Scorpio
TechNet Software Assurance Managed Newsgroup | MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Administrator | Microsoft Infrastructure Consultant | Solution Architect- Proposed As Answer by Scorpio_MiloMVP Monday, April 04, 2011 3:51 AM
-
Monday, April 04, 2011 4:34 AM
Thanks for your quick response.
Let me give you an update: I ran the Best Practices Analyzer on both DFS servers and they came back with this error:
All IP addresses for the server should map to the same AD DS Site
I only have one IP per server. Also, I disabled IPv6
I created the subnets under AD Sites with the following data:
156.124.92.0/23
The subnet mask for the server is 255.255.254.0 and the IP is in that exact network. Also, the XP machines.
Why would it not recognize it as being on the same site?
What do you think?
-
Monday, April 04, 2011 5:01 AM
Hi grigos,
156.124.92.0/23 should be the same as 255.255.254.0 regarding the subnet mask, howerver there is some IP address range for this settings. To check if the DFS clients and the DFS server in the exact network, you will need to check the IP address range of DFS clients. If possible, please consider post the IP address of DFS server and DFS clients IP range here.
Scorpio
TechNet Software Assurance Managed Newsgroup | MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Administrator | Microsoft Infrastructure Consultant | Solution Architect- Proposed As Answer by Scorpio_MiloMVP Monday, April 04, 2011 10:18 AM
-
Monday, April 04, 2011 11:14 AM
Sure.
IP's being tested are 156.124.92.202 (Server) and 156.124.92.69 (XP client) for Site 1.
Site 2 has an identical setup on 156.124.78.0/23 with IP 156.124.78.202 (server) and 156.124.78.69 (XP Client).
Actually, even though we can have up to 512 hosts, we only use from .92.1-.92.254
I appreciate your help.
-
Monday, April 04, 2011 11:47 AM
Hi grigos,
Thanks for your feedback.
After reviewing the IP addressed, I think the setting of them should be Ok.
To fulfill your demand, you can force client to to use one server as primary and only uses the other one as secondary when the first is unavailable.
Go to the DFS management console, select the targets and on properties, select the box to overide referrals and Set the priority as "First Amongst All Targets" for the Primary server and for the secondary, set as "Last Amongst all targets"
For your reference about DFS server failover strategies, I have list a MSDN document as follow.
DFS Server Target Prioritization
http://msdn.microsoft.com/en-us/library/bb524795(VS.85).aspxHope this helps.
Scorpio
TechNet Software Assurance Managed Newsgroup | MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Administrator | Microsoft Infrastructure Consultant | Solution Architect -
Monday, April 04, 2011 1:34 PM
Thanks again for your feedback.
I don't think this setting will really be the best option for me. The reason for this is that users on the remote site share their bandwidth with other tenants in the building and let's just say that performance is not the best. One of the main reasons I installed this server on the remote office was to alleviate their "bandwidth" issues.
Is there anything else I can check regarding the sites / subnets /cost?
By the way, I right clicked one of the target folders --> Referrals tab --> and I don't see a "Fist Among All targets" option. The only two options I see are Exclude targets outside of the client's site and Client fail back to preferred targets.
I am running Windows Server 2008 R2 Datacenter Edition ... not sure if this makes a difference.
-
Monday, April 04, 2011 2:14 PM
I just found this:
http://blogs.technet.com/b/askds/archive/2009/10/28/dfs-referrals-and-ipv6-outta-site.aspx
So, I checked the IPv6 on the DFS server and rebooted. I still get the same error. Do I need to create an IPv6 subnet on AD Sites?
I'm confused on what IP to give the server since we don't really use IPv6. Is there a way to "convert" the IPv4 address so basically it has the same IP?
I ran dfsdiag /testsites /DFSPath:\\mydomain\mynamespace /Full
I get warnings like these:
Warning: The server has IP addresses with conflicting site associations
Host name: AU-DFS-01
Site: AU-Site
Domain Controller: SA-AD-01Host IP address
2002:9c7c:4eca::9c7c:4ecaSubnet-Site Mapping in AD
No mapping existsWarning: The server has IP addresses with conflicting site associations
Host name: AU-DFS-01
Site: AU-Site
Domain Controller: AU-AD-01Host IP address
2002:9c7c:4eca::9c7c:4ecaSubnet-Site Mapping in AD
No mapping exists
It seems to me like I need to add an IPv6 subnet to the sites... I tried adding 2002::9c7c:5c00/119 but no luck so far... I'm not sure that's right. -
Monday, April 04, 2011 7:55 PM
Hello,
Try this. Go to the DFS Management Console, selectthe namespace target folder, select Folder targets tab, select the primary server, right click , properties, Advanced tab, select the Overide referral ordering tab, choose First among targets of equal cost and on the secondary (Servers) targets, choose :last among targets of equal cost.
If that doesn't work, then edit your Domain controllers registry to force users to use the local DC fro DFS.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs "PreferLogonDC" dword:value of 1.
Click Start, click Run, type regedit in the Open box, and then click OK. , Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dfs, On the Edit menu, point to New, and then click DWORD Value, Type PreferLogonDC, and then press ENTER, On the Edit menu, click Modify,In the Value data box, type 1, and then click OK
Hope this helps
Isaac Oben MCITP:EA, MCSE,MCC- Proposed As Answer by Isaac Oben Monday, May 23, 2011 8:59 PM
.png)
