As I mentioned before I use DFS on my home network to help manage my storage resources.
Almost all of my machines at home are domain joined. You get a lot of management benefits from doing this. You can make Windows Software Update Services (SUS) automatically apply patches to all machines, you can apply Group Policy across machines (e.g. to enforce password complexity requirements, re-directed My Documents, etc…) However, in one case I have choosen not to make a machine domain-joined: The PC in the kitchen that is shared by my wife and kids. The reason for this is we use fast-user-switching which is not supported on Windows XP Pro if the machine is joined to a domain (fast-user-switching is even better when you use a biometric fingerprint login device like the Digital Persona unit we have…just press your thumb and you are at your desktop…great for the wife and kids!).
Recently I noticed that on this machine I was having problems accessing the shares in the DFS namespace (e.g. \\kindel.com\shares\userdata\julie which is where Julie’s My Documents is redirected to). Doing a “net use \\kindel.com\shares” was failing.
I tried to debug it using google but couldn’t find any clues as to what was going on. So I emailed my buddies in the DFS team. After going back and forth, we discovered that I had disabled the DFS service on one of my domain controllers. I had disabled this service because that particular machine is anemic and I wanted to improve performance. That machine was not the host for my DFS root so I figured it didn’t need the service running.
For domain joined machines, the DFS client will go to AD directly to find the DFS root. But for non-domain joined machines here’s what happens:
- A non-domain joined DFS client, upon “net use \\kindel.com\shares” will resolve the \\kindel.com using DNS.
- It will talk to the resulting IP address’s DFS service which is smart enough to talk to AD and figure out that there is a DFS root on kindelsrv2 called shares.
- If there is no DFS service at the IP address net use will fail.
I was seeing intermittent problems because I have two DNS servers (each DC hosts DNS for redundancy) and the DNS client randomly chooses between the two (I thought it always picked the 1st in the list, using the others only for backup). Sometimes it would resolve kindel.com to 192.168.0.2 (kindeldc) and sometimes it would resolve to 192.168.0.4 (kindeldc2). Since the DFS service on kindeldc was not started whenever it resovled to 192.168.02 the “net use“ would fail.
Hopefully this post will help others until the DFS team can write a KB article about this (which I’ve bugged them to do).
Here are some links to good DFS documentation (still doesn’t address this particular issue, but these are good docs):