1

I have DFS setup on my network as follows:

  • A domain we'll call DOMAIN.LAN.
  • Two AD controllers, let's call them DC01 and DC02.
  • Two file servers, let's call them FS01 and FS02.
  • A Windows 10 Pro workstation joined to the domain.

On the file servers, I have a share called "public", which is successfully accessible from the Windows 10 workstation as \\FS01\public and \\FS02\public.

On the AD controllers, I have a DFS namespace set up called "dfs", with a share called "public". This share has the following targets:

  • \\FS01.DOMAIN.LAN\public
  • \\FS02.DOMAIN.LAN\public

I've tried accessing the share from the Windows 10 workstation in the following ways:

  • \\FS01\public: This works 100% of the time.
  • \\FS02\public: This works 100% of the time.
  • \\DC01.DOMAIN.LAN\dfs\public: This works 100% of the time.
  • \\DC02.DOMAIN.LAN\dfs\public: This works 100% of the time.
  • \\DOMAIN.LAN\dfs\public: This works intermittently.

It's this last one that's the issue. When I say "intermittently", I don't mean that I click on it once and it works, then click on it again and it might not. I mean that it may work for several hours, then stop working for several hours, then with seemingly no changes start working again.

I've tried changing the targets from the FQDN of FS01.DOMAIN.LAN to just FS01, or even just the IP address of the file server, and this makes no difference. However, since I can access the share through the DFS name space if I hit the AD controller directly rather than the domain name, this would seem to rule out both DFS configuration problems as well as DNS problems (even though the fact that it's intermittent would also seem to point toward DNS), which is why I'm unsure on how to proceed with troubleshooting.

A couple of things to note that may or may not be relevant:

  • DC01 is running Windows Server 2019.
  • DC02 is running Samba 4.9.5.
  • FS01 and FS02 are running Samba 4.9.5 and are domain member servers.
  • The Windows 10 workstation is connected to the network with the servers over a VPN. However, the IPs of DC01 and DC02 are (for testing purposes) hard-coded into the workstation to make sure that it can resolve DNS properly. Pinging all of the above FQDNs works as expected 100% of the time.

I do recognize that the VPN could be an issue. However, a workstation that is also local to the servers exhibits the same symptoms, so I don't see the VPN as a differentiator. The VPN connection to the server is solid as are both internet connections, and ping times across the VPN are 20ms or less.

I'm looking for either someone that has experienced this issue and has the solution, or at least a process I can use to further troubleshoot.

Improve this question
1
  • DFS could be substituted with anything else that used the domain name for target connectivity and have the same problem. Simplest thing may be to get a packet capture on a workstation next time the symptom occurs. Commented Nov 3, 2020 at 19:25

1 Answer 1

Reset to default
1

My guess is that one of the DCs isn't handling the DFS namespace correctly (which I honestly would expect, given the Windows/Samba mix).

I suggest to perform all your tests with only one DC active and the other one turned off, then do the opposite; this should help your troubleshooting.

Improve this answer
3
  • Thank you for the response! I'll give this a try. Samba has support DFS for over a decade, so I wouldn't necessarily expect this to be a problem. And since hitting the Samba server directly using DFS works (vs. domain-based), it doesn't seem that this is the problem. But there could be some short-coming in domain-based vs. direct server DFS functionality. Since the issue takes a few hours to surface after it starts working, I'll report back here later after I've been able to gather some good test data. Commented Nov 3, 2020 at 20:09
  • Looks like you may be right. It appears that as of 2017 domain-based DFS (specifically domain-based) doesn't work in Samba anymore, though it used to: samba.2283325.n4.nabble.com/… Will report back here as mentioned once testing is completed. Commented Nov 3, 2020 at 20:19
  • I've consistently had zero problems for the last day since shutting down the Samba AD, so I'm assuming that's the issue. I guess I'll have to make sure I don't have a Samba AD in a network when I'm planning to use domain-based DFS. Commented Nov 4, 2020 at 23:12

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.