none
Surface Pro 4 not mapping to DFS UNCs at logon over WiFi

    Question

  • I'm struggling getting Group Policy Preferences Drive Mapping to work over wireless (WPA2-Enterprise using Certificates) from our (fully patched) Windows 10 Surface Pro 4s.  The Active Directory user account's Home Folder drive map also does not appear.  All of these paths use DFS (Server 2008 R2).

    Shortly after login, a manual Gpupdate will cause the mapped drives to appear.  Waiting 30 seconds before login also works for both the mapped drives and the home folder.

    We've had the "Always wait for the network at computer startup and logon" enabled since XP days.  I tried setting the "Specify startup policy processing wait time" to 60 but this made no difference (nor did it lengthen boot).  The wireless NIC does not appear to have a "Wait For Link" type setting to enable.

    Event logs show Event ID 4098 with source "Group Policy Drive Maps" saying the preference item "failed with error code '0x80070035 The network path was not found.'"

    I had wondered if the underlying problem might be the new UNC Hardening feature but even adding an exception for "\\DomainNetBIOSname" did not help.

    The only significant clue to what's going on is that when I changed my user account home folder to a direct UNC path to the server rather than via DFS, my home drive was able to appear correctly.  The DFS Client service (as seen in regedit) already has a Start type signifying "System".

    I'm not sure where to go from here.  Does anyone have any ideas?  Thanks!

    (Cross-posted as suggested from the Windows 10 Networking forum.)

    Friday, April 1, 2016 9:05 AM

Answers

  • I have the workaround...

    If I change the UNC paths to include the FQDN version of the domain name rather than its NetBIOS name, then the drives appear correctly for both the Group Policy Preferences Drive Mappings and the AD account's user Home Folder.

    i.e.  \\domain.local\DFS-Share\path instead of \\domain\DFS-Share\path

    (The wireless subnet's DHCP scope options include the WINS server addresses, a node type of Hybrid and the DNS suffix of the domain.)

    It's nice to have a fix but I can't imagine this is expected behaviour?!!


    • Marked as answer by Cantoris Friday, April 1, 2016 2:30 PM
    • Edited by Cantoris Friday, April 1, 2016 2:55 PM WINS
    Friday, April 1, 2016 2:29 PM

All replies

  • I have the workaround...

    If I change the UNC paths to include the FQDN version of the domain name rather than its NetBIOS name, then the drives appear correctly for both the Group Policy Preferences Drive Mappings and the AD account's user Home Folder.

    i.e.  \\domain.local\DFS-Share\path instead of \\domain\DFS-Share\path

    (The wireless subnet's DHCP scope options include the WINS server addresses, a node type of Hybrid and the DNS suffix of the domain.)

    It's nice to have a fix but I can't imagine this is expected behaviour?!!


    • Marked as answer by Cantoris Friday, April 1, 2016 2:30 PM
    • Edited by Cantoris Friday, April 1, 2016 2:55 PM WINS
    Friday, April 1, 2016 2:29 PM
  • Hi,

    Thanks for your posting here and sharing the resolution as it would be helpful to anyone who encounters similar issues.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 4, 2016 1:27 AM
    Moderator
  • Hi,

    It is unfortunately only a workaround and not a solution.

    I'd be interested to know what Microsoft's DFSN team makes of this...

    Monday, April 4, 2016 1:34 PM
  • Hi,

    According to my research, this issue seems to be related to the WINS. Please refer to the following thread.

    DFS path using netbios name of domain with no WINS.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/bb15b249-8be0-435b-a63f-cc742651b593/dfs-path-using-netbios-name-of-domain-with-no-wins?forum=winserverDS

    Best Regards,

    Alvin WANG


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 6, 2016 8:41 AM
    Moderator
  • Hi Alvin,

    That's an interesting thread, thank you.  We do though have WINS servers and their addresses are passed to the PCs using DHCP scope options. NetBIOS over TCP/IP is enabled.

    It's almost as though NetBIOS name resolution is failing over wireless early in the boot process.  Once you reach the desktop, you can browse to \\domainnetbiosname\share successfully.

    Thanks.

    Wednesday, April 6, 2016 2:55 PM