Troubleshoot DFS Connectivity on Clients
To troubleshoot when clients have issues accessing DFS shares. This occurs mostly over VPN connections. Just a few notes to help troubleshooting these cases. Mostly this happens on Windows XP or when DNS settings are incorrect.
- Make sure machines can see each other, for example ping both ends.
- Make sure you enable file sharing.
- Make sure client is in the same DOMAIN.
- Enable NetBIOS over TCP/IP.
- Make sure no firewall/security software block sharing.
- Create the same username and password on all shared computers.
- Disable the IPv6 from the property page of the NIC.
- Reset Network Security LAN Manager Authentication Level from the default setting (NTLMv2 only) to Send LM & NTLM - use NTLMv2 session if negotiated.
- To rule out permissions test the users account on a different XP client. For instance a Windows XP client hooked up to a guest Internet port, logged in locally as relevant user, using user’s own VPN account and then trying DFS. This will ensure it is a DFS/DNS issue on client’s pc or network and not a generic permissions issue.
Check general requirements (VPN interface):
C:\Program Files\Support Tools>ipconfig /all
Check for correct DNS servers, WINS servers and DNS suffix. While connected to VPN use nslookup to check if correct DNS server is being used.
**Note if you are experiencing DNS hijacking as done by some ISP's, it is out of scope of this document and need to be resolved first.
Check output of this DNS command for DFS and/or DNS server entries:
C:\Program Files\Support Tools>ipconfig /displaydns
Test basic non DNS Windows file sharing:
C:\Program Files\Support Tools>start \\172.20.10.222 ** You should see an explorer window displaying the volumes of this server. C:\Program Files\Support Tools>net view \\172.20.10.222 Shared resources at \\172.20.10.222 Share name Type Used as Comment ------------------------------------------------------------------------------- NETLOGON Disk Logon server share SYSVOL Disk Logon server share The command completed successfully.
Try DFS share from command line:
C:\Program Files\Support Tools>net use * \\YOUR_DOMAIN\TOP_LEVEL_SHARE
Install Windows XP Service Pack 2 Support Tools:
Run dfsutil /pktinfo and record results:
C:\Program Files\Support Tools>dfsutil /pktinfo --mup.sys-- 3 entries... Entry: \domain.com\SysVol ShortEntry: \domain.com\SysVol Expires in 0 seconds UseCount: 0 Type:0x1 ( DFS ) 0:[\server0.domain.com\SysVol] State:0x131 ( ACTIVE ) 1:[\server1.domain.com\SysVol] State:0x21 ( ) ...snip 16:[\server16.domain.com\SysVol] State:0x21 ( ) Entry: \domain.com\corp ShortEntry: \domain.com\corp Expires in 0 seconds UseCount: 2 Type:0x8081 ( REFERRAL_SVC DFS ) 0:[\server0\Corp] State:0x119 ( ACTIVE ) 1:[\server1\Corp] State:0x09 ( ) ...snip 11:[\server11\Corp] State:0x09 ( ) Entry: \domain.com\corp\us ShortEntry: \domain.com\corp\us Expires in 360 seconds UseCount: 0 Type:0x8001 ( DFS ) 0:[\server0\DFSData$\usdfs101_data1\corp\US] State:0x131 ( ACTIVE ) Done processing this command.
Run dfsutil /spcinfo and record results:
C:\Program Files\Support Tools>dfsutil /spcinfo [*][server.sonosite.com] [*][DOMAIN] [*][domain.com] [+][domain.com] [+server0.sonosite.com] ...snip Done processing this command.