Riaan's SysAdmin Blog

My tips, howtos, gotchas, snippets and stuff. Use at your own risk!


Troubleshoot DFS Connectivity on Clients

To troubleshoot when clients have issues accessing DFS shares. This occurs mostly over VPN connections. Just a few notes to help troubleshooting these cases. Mostly this happens on Windows XP or when DNS settings are incorrect.

  • Make sure machines can see each other, for example ping both ends.
  • Make sure you enable file sharing.
  • Make sure client is in the same DOMAIN.
  • Enable NetBIOS over TCP/IP.
  • Make sure no firewall/security software block sharing.
  • Create the same username and password on all shared computers.
  • Disable the IPv6 from the property page of the NIC.
  • Reset Network Security LAN Manager Authentication Level from the default setting (NTLMv2 only) to Send LM & NTLM - use NTLMv2 session if negotiated.
  • To rule out permissions test the users account on a different XP client. For instance a Windows XP client hooked up to a guest Internet port, logged in locally as relevant user, using user’s own VPN account and then trying DFS. This will ensure it is a DFS/DNS issue on client’s pc or network and not a generic permissions issue.
    Check general requirements (VPN interface):

    C:\Program Files\Support Tools>ipconfig /all

    Check for correct DNS servers, WINS servers and DNS suffix. While connected to VPN use nslookup to check if correct DNS server is being used.

    **Note if you are experiencing DNS hijacking as done by some ISP's, it is out of scope of this document and need to be resolved first.

    Check output of this DNS command for DFS and/or DNS server entries:

    C:\Program Files\Support Tools>ipconfig /displaydns

    Test basic non DNS Windows file sharing:

    C:\Program Files\Support Tools>start \\
    ** You should see an explorer window displaying the volumes of this server.
    C:\Program Files\Support Tools>net view \\
    Shared resources at \\
    Share name  Type  Used as  Comment
    NETLOGON    Disk           Logon server share
    SYSVOL      Disk           Logon server share
    The command completed successfully.

    Try DFS share from command line:

    C:\Program Files\Support Tools>net use * \\YOUR_DOMAIN\TOP_LEVEL_SHARE

    Install Windows XP Service Pack 2 Support Tools:

    Run dfsutil /pktinfo and record results:

     C:\Program Files\Support Tools>dfsutil /pktinfo
    3 entries...
    Entry: \domain.com\SysVol
    ShortEntry: \domain.com\SysVol
    Expires in 0 seconds
    UseCount: 0 Type:0x1 ( DFS )
       0:[\server0.domain.com\SysVol] State:0x131 ( ACTIVE )
       1:[\server1.domain.com\SysVol] State:0x21 ( )
      16:[\server16.domain.com\SysVol] State:0x21 ( )
    Entry: \domain.com\corp
    ShortEntry: \domain.com\corp
    Expires in 0 seconds
    UseCount: 2 Type:0x8081 ( REFERRAL_SVC DFS )
       0:[\server0\Corp] State:0x119 ( ACTIVE )
       1:[\server1\Corp] State:0x09 ( )
      11:[\server11\Corp] State:0x09 ( )
    Entry: \domain.com\corp\us
    ShortEntry: \domain.com\corp\us
    Expires in 360 seconds
    UseCount: 0 Type:0x8001 ( DFS )
       0:[\server0\DFSData$\usdfs101_data1\corp\US] State:0x131 ( ACTIVE )
    Done processing this command.

    Run dfsutil /spcinfo and record results:

     C:\Program Files\Support Tools>dfsutil /spcinfo
    Done processing this command.



Bio Info for Riaan