DFS Site information outdated
Bob
I created two more sites and placed a DC in each one.
My subnet points all clients to site #3
Checking Set LongonServer always shows the clients are authenticating
against the dc in site #3 (and the individual DC's authenticate against
themselves).
The problem is I noticed that servers and clients are not finding their
preferred dfs targets, so I ran:
dfsutil /root:\\example.local\root$ /view
I see that all three DC's are found on site #3 and none in site #1 and #2,
so I guess this explains why the targets are random to both the servers and
clients.
The question is: Why is it that AD Sites and Services have each DC in
individual sites, yet the dfsutil indicates otherwise?
The entire domain has been shutdown and rebooted, but still all the DC's are
in the same site #3.
--
Bob
Jill Zoeller [MSFT]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
Want to learn more about Windows file and storage technologies? Visit our
team blog at http://blogs.technet.com/filecab/default.aspx.
"Bob" <86c6c2e6-...@news.postalias> wrote in message
news:9C02F7EF-1CDF-4123...@microsoft.com...
Bob
a little extra info.
When I use AD Sites and Services to move a DC to another site, I can see the
change takes place and replicates to the other DC's in short order. My test
for this is command:
“repadmin /showrepl * /errorsonly”
Yet, even after the above command shows the move took place, the dfsutil
says it has not:
"dfsutil /root:\\example.local\root$ /view"
There does seem to be a disclaimer at the end of dfsutil that reads:
"NOTE: All site information shown was generated by this utility.
Actual DFS behavior depends on site information currently in use by
DFS service, and may not reflect configuration changes made recently."
--
Bob
Sean Cai [MSFT]
Thank you for posting in the Microsoft newsgroup!
From your post, my understanding on this issue is: the DFS site information
is different with Active Directory Site information. If I'm off base,
please feel free to let me know.
Windows 2003 DFS server uses a Site Refresh Interval to generate the site
information dynamically which occurs every 12 hours by default. I think
your problem has disappeared by now.
Here are some related articles for your reference:
DFS Tools and Settings (you can change the default behavior by changing the
related registry key)
http://technet2.microsoft.com/WindowsServer/en/library/87b2da50-f5d4-471d-a1
03-6efde69580cd1033.mspx?mfr=true
You may experience problems when you rename sites in the Active Directory
forest
http://support.microsoft.com/kb/920718
Have a good day!
Sean Cai, MCSE2000
Microsoft Online Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
Bob
The problem still exists. I discovered the problem while in the process of
diagnosing replication issues with DFSR. My DC's were at their assigned
sites for at least a week.
===
I don't have any of the DFS registry entries that are mentioned in the "DFS
Tools and Settings" doc.
Is this because I'm using DFSR and my settings are found in the link below?
"\\.\C:\SYSTEM VOLUME INFORMATION\DFSR\Config\DfsrMachineConfig.XML"
===
I read in the FAQ:
Q: "What can cause clients to be referred to unexpected targets?"
A: "Incorrect site mappings often occur when domain controllers are not
moved to the site that corresponds to their IP address".
Ref: http://www.microsoft.com/windowsserver2003/techinfo/overview/dfsfaq.mspx
Maybe the above FAQ is my answer? I guess I'm making an incorrect
assumption in that the DC's site is determined by what site folder the DC is
under (in AD Sites and Services). I have this assumption by what I read
below in AD Sites and Services help section - “Sites overview”:
-----------------------------------------------------------------------------------------
Assigning computers to sites
---------------------------------
Computers are assigned to sites based on their Internet Protocol (IP)
address and subnet mask. Site assignment is handled differently for clients
and member servers than for domain controllers. For a client, site assignment
is dynamically determined by its IP address and subnet mask during logon. For
a domain controller, site membership is determined by the location of its
associated server object in Active Directory.
-----------------------------------------------------------------------------------------
Anyway, my point here is my subnet is divided in two as follows:
192.168.21.0/25 which points to site #3
192.168.21.128/25 which points to site #1
All clients and DC's have IP addresses less than 192.168.21.128. This to me
means that all clients will authenticate against the one DC found in site #3.
I also believe that the DC's found in the other two sites use themselves to
authenticate against; not the DC found in site #3. My test for this is "set
logonserver" command.
So I'm confused by the above FAQ which seems to contradict the write-up in
AD Sites and Services help section "Sites overview".
--
Bob
Sean Cai [MSFT]
Active Directory recognizes computers' site settings by their IP addresses.
The site IP range is set is in the Subnets node of the Active Directory
Site and Services console. Regarding your reply, I think we should confirm
all the settings before we start any further diagnose.
Please collect a DFS diagnose report and send it to my email
address:v-s...@microsoft.com
Diagnostic report:
1.Click Start menu
2.Admin Tools
3.DFS Management
4.Under the replication node right click the replication group that you
want and then select Create Diagnostic Report.
Have a good day!
Thanks & Regards,
Bob
The DFS Management diagnostic report has been emailed to you.
Interestingly enough; this report shows all DC’s are in their assigned
sites, as opposed to the command “dfsutil /root:\\example.com\root$ /view”
which shows all DC’s are in one site.
--
Bob
Sean Cai [MSFT]
I received your mail. I'd say that's the most beautiful log mail I've ever
received from a customer. :)
I've tested your issue and I think your problem is caused by the IP
settings on your servers.
DFSutil recognizes server site setting by IP address, rather than the site
settings in the Active Directory Site and Services. In my test, after I
edited DNS record of a DFS server (from site two range to site one range),
the output of DFSutil changed.
I think when you setup your servers within the corresponding IP range, the
problem will disappear.
I hope the information above can address your concerns. If anything is
unclear, please feel free to let us know.
Have a great day!
Bob
Glad all my log fonts and colors came through!
Your suggestion worked. Thanks!
I guess the FAQ below takes precedence over the AD Sites and Services help
section - “Sites overview”
FAQ found at
http://www.microsoft.com/windowsserver2003/techinfo/overview/dfsfaq.mspx
-----
Q: "What can cause clients to be referred to unexpected targets?"
A: "Incorrect site mappings often occur when domain controllers are not
moved to the site that corresponds to their IP address".
AD Sites and Services help section - “Sites overview”:
-----------------------------------------------------------------------------------------
Assigning computers to sites
---------------------------------
Computers are assigned to sites based on their Internet Protocol (IP)
address and subnet mask. Site assignment is handled differently for clients
and member servers than for domain controllers. For a client, site assignment
is dynamically determined by its IP address and subnet mask during logon. For
a domain controller, site membership is determined by the location of its
associated server object in Active Directory.
-----------------------------------------------------------------------------------------
Thanks again!
--
Bob