Friday, May 20, 2011

How to enable DNS for DFSN Referrals

I have recently discovered that when you set up a DFSN path on a Windows 2008 R2 server, clients get the referrals to the linked shares with the short NETBIOS name instead of the FQDN of a fileserver.

You are probably thinking "What's the matter with that?"....

Well, this is not an issue if you have a small organization, but if you are the sysadmin for an international company with a big Active Directory forest and sites scattered around the world, it could happen that your DNS infrastructure is made up of many different suffixes (referring for instance to geographical locations such as or

In this cases it is unlikely that any workstation around your company has all of the tens or hundreds of DNS suffixes. So, if you try to mount a stand-alone DFS Namespace from a different site, you could get this confusing error event id 1002:

Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.

This is a problem due to an ancient way of making network names resolution: in fact, a old Windows 2000-based DFS server replied to a DFS "get referral" query with a NETBIOS name format (\\server\share) by default. This was absolutely necessary in old environments where NETBIOS was relied upon.

Today, with WINS definitively buried, there is no reason for a DFS Namespace to treat referrals this way. Notwithstanding that, Microsoft has incredibly decided not to change this behavior!

Luckily enough, there is a solution for this!

Just fire you registry editor, move to HKLM\SYSTEM\CurrentControlSet\Services\Dfs and add or modify the DfsDnsConfig registry key by putting its value to 1, then restart the DFS Namespace service (C:\Windows\system32\dfssvc.exe).

Just be sure to make a dump of your DFS Namespace configuration before with DFSCMD.exe, as you may have to rebuild them after the registry modification (personally I did not have to rebuild anything on Windows 2008 R2...):

dfscmd /view \\dfsserver\shared_target /batchrestore

Take the output of this command and change all the NETBIOS names into FQDN’s and import it back. 

Please take the time to comment if you've found this solution useful!

1 comment:

  1. You should not have edit the registry directly for this change. use the dfsutil command
    # dfsutil server registry DfsDnsConfig set \\\namespace

    This command will tell you the value of the registry setting
    # dfsutil server registry DfsDnsConfig \\\namespace


Related Posts Plugin for WordPress, Blogger...