I always wanted to implement DFS in my little domain at home.
Every time I tried something didn’t work and I was in no mood to dig after what was wrong. I was adding links and even though I was being able to see the DFS root and the shares that I linked I was getting access denied or whatever.
Until approximately a month ago when I said: Enough! I have to find out what the problem is. You really have to try hard to find this one out or maybe I’m not that good with terms for searching. Anyway, this is it:
Re: XP SP2 and DFS link to local share
As a follow up,
I don’t have IPv6 installed here, so that shouldn’t be the issue.
After I posted originally I saw MS had released this article relating to the
first hotfix for SP2
The article states that SP2 changed the way it handles the loopback range
(127.0.0.0/8) in that it now only allows connections to 127.0.0.1. Apparently
this doesn’t apply to ICMP as I can still ping any address in the range and
get a response from 127.0.0.1.
This range is almost certainly used when accessing the local host through
DFS, but I am unable to determine if it’s using 127.0.0.1 or something else.
The only thing I have to confirm the loopback usage is a repeatable (by
trying to access the share through dfs) eventlog error (systemlog – 3019 from
MRxSMB) saying "the redirector failed to determine the connection type",
which makes sense since there is no auto-negotation by the loopback device.
Unfortunately I havent been able to find anything (free) I can use to sniff
the loopback traffic since it’s a pseudo device. All the traffic that
actually hits the wire looks okay.
I’d try the aforementioned hotfix, but I’d rather have my users cope with
the immense burden of having to access the local folder some other way.
I found a thread from a few days ago on
microsoft.public.windows.server.dfs_frs about this same issue. The suggested
solution was to add a value (REG_DWORD) named "EnableDfsLoopbackTargets" to
HKLM/System/CurrentControlSet/Services/Mup/Parameters and set it to 1.
I tried this and it worked (reboot required).
Bottom line: it seems it’s a manifestation of XP SP2 security improvements and can be fixed by adjusting the registry a bit. Just follow the last paragraph above. DFS worth it!
Happy New Year!