Skip to content

Troubleshoot dfs connectivity on clients

wordpress meta
title: 'Troubleshoot DFS Connectivity on Clients'
date: '2012-11-06T01:54:22-06:00'
status: publish
permalink: /troubleshoot-dfs-connectivity-on-clients
author: admin
excerpt: ''
type: post
id: 40
category:
    - DFS
tag: []
post_format: []

To troubleshoot when clients have issues accessing DFS shares. This occurs mostly over VPN connections. Just a few notes to help troubleshooting these cases. Mostly this happens on Windows XP or when DNS settings are incorrect.

  • Make sure machines can see each other, for example ping both ends.
  • Make sure you enable file sharing.
  • Make sure client is in the same DOMAIN.
  • Enable NetBIOS over TCP/IP.
  • Make sure no firewall/security software block sharing.
  • Create the same username and password on all shared computers.
  • Disable the IPv6 from the property page of the NIC.
  • Reset Network Security LAN Manager Authentication Level from the default setting (NTLMv2 only) to Send LM & NTLM - use NTLMv2 session if negotiated.
  • To rule out permissions test the users account on a different XP client. For instance a Windows XP client hooked up to a guest Internet port, logged in locally as relevant user, using user’s own VPN account and then trying DFS. This will ensure it is a DFS/DNS issue on client’s pc or network and not a generic permissions issue.
    Check general requirements (VPN interface):ipconfig /all

Check for correct DNS servers, WINS servers and DNS suffix. While connected to VPN use nslookup to check if correct DNS server is being used.

**Note if you are experiencing DNS hijacking as done by some ISP's, it is out of scope of this document and need to be resolved first.

Check output of this DNS command for DFS and/or DNS server entries:

ipconfig /displaydns

Test basic non DNS Windows file sharing:

``` start \172.20.10.222 ** You should see an explorer window displaying the volumes of this server.

C:\Program Files\Support Tools>net view \172.20.10.222 Shared resources at \172.20.10.222 Share name Type Used as Comment

NETLOGON Disk Logon server share SYSVOL Disk Logon server share The command completed successfully. ```

Try DFS share from command line:

net use * \\YOUR_DOMAIN\TOP_LEVEL_SHARE

Install Windows XP Service Pack 2 Support Tools:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en

Run dfsutil /pktinfo and record results:

``` dfsutil /pktinfo --mup.sys-- 3 entries... Entry: \domain.com\SysVol ShortEntry: \domain.com\SysVol Expires in 0 seconds UseCount: 0 Type:0x1 ( DFS ) 0:[\server0.domain.com\SysVol] State:0x131 ( ACTIVE ) 1:[\server1.domain.com\SysVol] State:0x21 ( ) ...snip 16:[\server16.domain.com\SysVol] State:0x21 ( )

Entry: \domain.com\corp ShortEntry: \domain.com\corp Expires in 0 seconds UseCount: 2 Type:0x8081 ( REFERRAL_SVC DFS ) 0:[\server0\Corp] State:0x119 ( ACTIVE ) 1:[\server1\Corp] State:0x09 ( ) ...snip 11:[\server11\Corp] State:0x09 ( )

Entry: \domain.com\corp\us ShortEntry: \domain.com\corp\us Expires in 360 seconds UseCount: 0 Type:0x8001 ( DFS ) 0:[\server0\DFSData$\usdfs101_data1\corp\US] State:0x131 ( ACTIVE )

Done processing this command. ```

Run dfsutil /spcinfo and record results:

dfsutil /spcinfo [*][server.sonosite.com] [*][DOMAIN] [*][domain.com] [+][domain.com] [+server0.sonosite.com] ...snip Done processing this command.

Links:
http://support.microsoft.com/kb/975440