DFS Misery

Discussion in 'Windows Server' started by Freaky, Aug 29, 2006.

  1. Freaky

    Freaky Guest

    Hey there,

    we're having serious issues with DFS. We came into an existing site
    where the administrators had left. It's a site with 6 locations, which
    share 1 DFS root (which is empty) and the root has 4 links (which
    contain the data).

    Replication here always has been a pain. Folders some times just
    disappeared for 2 weeks to reappear out of nowhere.

    Anyways, when troubleshooting we found that for instance 'ntfrsutl
    configtable' listed up to 25 entries on some servers, some having the
    same name, others having names of obvious retries/troubleshooting. There
    were huge gaps in the ID numbers.

    We decided that might be the cause of the misery, so we stopped
    ntfrs/netlogon on all servers, and deleted everything under
    c:\windows\ntfrs\jet and subfolders. Restarted the services, 'ntfrsutl
    configtable' now nicely showed only the init and sysvol on all servers
    and we never had seen sysvol replicate that fast here. Some GPO's that
    didn't work on some locations suddenly came alive again.

    So we recreated the DFS root and links. And we found replication went
    too slow (we got the servers to one location which is kind of an issue
    as no-one can access their data now) in the full-mesh setting after
    restoring the back-up. So we changed the replication schedule. This is
    were the misery becomes evident again. For some reason DFS or NTFRS
    decided it should rename the old GLOBAL|SHARE to "GLOBAL|SHARE CNF:<some
    huge ID>" and remove all servers from it (can only see it with ntfrsutl
    configtable and sonar, DFS GUI doesn't show it) and recreate the
    GLOBAL|SHARE, so now we have an ugly non-existant share visible in
    sonar/configtable, but even worse, it won't replicate the new share. In
    the logs it says this can't be done cause d:\share is already shared
    (path of the link) and can't be replicated to twice.

    So my question I guess is why doesn't DFS clean up the NTFRS entries
    (could only find it in the registry under the ntfrs service) and is this
    normal? If it is normal how is it normally solved (i mean deleting the
    entire ntfrs database and recreating everything again really isn't an
    option for me). If this isn't normal, does anyone have a clue on what
    might cause it and/or have any other possible helpful suggestions?

    The servers are all Windows 2003 btw with SP1. Some of them also have
    Symantec anti-virus 9 in case that matters (some KB's state you need
    ntfrs aware virus-scanners).

    Anyways, any suggestions to solve this are very welcome. Have recreated
    everything 3 times now. One of them cause a domain controller crashed.
    We were able to remove it from the links, but it wouldn't allow us to
    remove it from the root, which caused everything to keep trying to sync
    with the dead DC.

    Freaky, Aug 29, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.