To troubleshoot when clients have issues accessing DFS shares. This occurs mostly over VPN connections. Just a few notes to help troubleshooting these cases. Mostly this happens on Windows XP or when DNS settings are incorrect.
- Make sure machines can see each other, for example ping both ends.
- Make sure you enable file sharing.
- Make sure client is in the same DOMAIN.
- Enable NetBIOS over TCP/IP.
- Make sure no firewall/security software block sharing.
- Create the same username and password on all shared computers.
- Disable the IPv6 from the property page of the NIC.
- Reset Network Security LAN Manager Authentication Level from the default setting (NTLMv2 only) to Send LM & NTLM - use NTLMv2 session if negotiated.
-
To rule out permissions test the users account on a different XP client. For instance a Windows XP client hooked up to a guest Internet port, logged in locally as relevant user, using user’s own VPN account and then trying DFS. This will ensure it is a DFS/DNS issue on client’s pc or network and not a generic permissions issue.
Check general requirements (VPN interface):```C:\Program Files\Support Tools>ipconfig /all ``` Check for correct DNS servers, WINS servers and DNS suffix. While connected to VPN use nslookup to check if correct DNS server is being used. \*\*Note if you are experiencing DNS hijacking as done by some ISP's, it is out of scope of this document and need to be resolved first. **Check output of this DNS command for DFS and/or DNS server entries:** ```
C:\Program Files\Support Tools>ipconfig /displaydns ``` **Test basic non DNS Windows file sharing:** ```
C:\Program Files\Support Tools>start \\172.20.10.222 ** You should see an explorer window displaying the volumes of this server. C:\Program Files\Support Tools>net view \\172.20.10.222 Shared resources at \\172.20.10.222 Share name Type Used as Comment ------------------------------------------------------------------------------- NETLOGON Disk Logon server share SYSVOL Disk Logon server share The command completed successfully. ``` **Try DFS share from command line:** ```
C:\Program Files\Support Tools>net use * \\YOUR_DOMAIN\TOP_LEVEL_SHARE ``` **Install Windows XP Service Pack 2 Support Tools:** http://www.microsoft.com/downloads/en/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en **Run dfsutil /pktinfo and record results:** ```
C:\Program Files\Support Tools>dfsutil /pktinfo --mup.sys-- 3 entries... Entry: \domain.com\SysVol ShortEntry: \domain.com\SysVol Expires in 0 seconds UseCount: 0 Type:0x1 ( DFS ) 0:[\server0.domain.com\SysVol] State:0x131 ( ACTIVE ) 1:[\server1.domain.com\SysVol] State:0x21 ( ) ...snip 16:[\server16.domain.com\SysVol] State:0x21 ( ) Entry: \domain.com\corp ShortEntry: \domain.com\corp Expires in 0 seconds UseCount: 2 Type:0x8081 ( REFERRAL_SVC DFS ) 0:[\server0\Corp] State:0x119 ( ACTIVE ) 1:[\server1\Corp] State:0x09 ( ) ...snip 11:[\server11\Corp] State:0x09 ( ) Entry: \domain.com\corp\us ShortEntry: \domain.com\corp\us Expires in 360 seconds UseCount: 0 Type:0x8001 ( DFS ) 0:[\server0\DFSData$\usdfs101_data1\corp\US] State:0x131 ( ACTIVE ) Done processing this command. ``` **Run dfsutil /spcinfo and record results:** ```
C:\Program Files\Support Tools>dfsutil /spcinfo [*][server.sonosite.com] [*][DOMAIN] [*][domain.com] [+][domain.com] [+server0.sonosite.com] ...snip Done processing this command. ``` **Links:** http://support.microsoft.com/kb/975440