General discussion

Locked

DFS problem

By joshhansen ·
AD 2003 environment - 1 domain with 45 sites, each site has a DC except for 1. Each site connects to a single hub site (hub and spoke design). Problem: xp pcs in the site that does not have a DC will not always use the sysvol from a dc in the hub site but will randomly connect to a sysvol on a DC in another spoke site. I want to make sure the clients in the site with no DC will always use the sysvol in the hub or central site only. I have verified site connector is configured correctly (the site with no DC only has 1 site connector to the central site)

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by p.j.hutchison In reply to DFS problem

Usually in AD Sites and Services you configure subnets, at least one per site. Ideally, you would configure a subnet with a specific site so that clients would connect to that site and DCs in preference to other sites.

Collapse -

by joshhansen In reply to

Subnets are configured and assigned to AD sites. I can not find a reason that the site without a DC is connecting to sysvols beyond the hub site. That is why i posted this question

Collapse -

by CG IT In reply to DFS problem

P.J. is right.

This is more a DNS problem than a DFS problem. Actually not sure how Distributed File System relates to client authentication with DCs. If the site link is only to the central site, and there is a DC with the global catalog server at the central site, then clients would authenticate there. They wouldn't go looking elsewhere. If the WAN link is unreliable or down, clients would either take forever to log and use cached credentials or not log in at all.

Collapse -

by CG IT In reply to

That's provided that clients are using static IP addresses and Static DNS addresses which specifically point them to the central site. IF they have DHCP and DHCP provides them alternate DNS servers, those alternates might provide resources to other DC's with the global catalog role in which to authenticate with. Thats also provided that clients have a WAN link in which to do this. Otherwise, they would just get an error message that a DC is unavailable for them to log on to.

Collapse -

by joshhansen In reply to

the sysvol share uses DFS (with replication). We are also using static ip addresses, not dhcp. DCs in the hub site are GCs as well. The design is that the site without a DC should authenticate with only DCs in the hub site (because of the site link) and get their sysvol connections there only (unless they are unavailable) but i have 4 DCs in the hub site for them to connect to.

Collapse -

by CG IT In reply to DFS problem

ok

I'm gonna post this MS KB which deals with optimizing the location of DCs and GCs in an Active Directory environment Hub and Spoke configuration.

What the gist of the KB is this: To achieve this behavior, the domain controllers/global catalogs in the satellite offices should not register generic (non-site-specific) domain controller locator DNS records. These records are registered only by the domain controllers/global catalogs in the central hub. When clients cannot locate the domain controllers/global catalogs serving their site, they attempt to locate any domain controllers/global catalogs using these generic (non-site-specific) domain controller locator DNS records.


DNS records is the bottom line.

As far as DFS the sysvol folder is automatically created as a share. With W2003 Server the sysvol isn't a visible share to users. Making it visible for users is considered a security risk. If they can see it, they'll try to access it.

Collapse -

by CG IT In reply to
Collapse -

by joshhansen In reply to

Sorry but this is not a dns issue. it actually had to do with DFS site costing. it was not enabled for the dfs root having this problem. to enable dfs site costing for a particular dfs root, you run dfsutil /root:rootname /sitecosting /enable

Collapse -

by joshhansen In reply to DFS problem

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums