Hi,
Since we rolled them out (2015), from time to time our laptop users will randomly experience this (factually incorrect) error at login and it forces the whole tree to be in offline mode, i.e. only being able to access folders and files they have made available offline. Usually, a restart fixes it but I had a bit more headache just now.
DFS root: \\corp.domain.com\dfs-root-1
DFS folder: public (\\corp.domain.com\dfs-root-1\public)
DFS folder share permissions: Inherit permissions from local file system
Target file share: \\SERVERFQDN\Public)
Target file share permissions: Everyone: Full Control
Target NTFS permissions:
SYSTEM and Administrators: Full control to this folder, subfolders and files
NETWORK: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, Read permissions tothis folder only
Users: Traverse folder / execute file, List folder / read data, Read attributes, Read extended attributes, Read permissions tothis folder, subfolders and files
What I experienced just now with a user:
'Access denied' in Sync Center for \\corp.domain.com\dfs-root-1\public so all subfolders forced offline. Sure enough if I tried to manually browse through the DFS tree as soon as I tried to open 'Public' Windows said I don't have access. Straight away I tried directly accessing the target (\\SERVERFQDN\Public) and that was absolutely fine, readand write.
So I tried restarting NETLOGON and Offline Files services as that's worked before, but it didn't this time. Stopping (no restart) the Offline Files service resulted in things coming back temporarily, but 10 seconds or so later it immediately transitioned back to offline mode (even though Offline Files service was still stopped).
In then restarted Offline Files, cleared out some conflicts and did Sync All from Sync Center icon in notification area. Restarted Offline Files service and it all came (and stayed) online. I think clearing the conflicts is a red-herring as I've tried that before (sometimes it works, sometimes it doesn't).
What I don't understand is if access really was denied, permissions would need to be changed as a boot/reboot doesn't miraculously grant (or revoke) permissions!
The worst I have experienced is having to use FormatDatabase in registry as if it gets stubborn all the usual things don't work. We have 2 offices and I've even seen it where going from one to another can default to offline mode for no apparent reason (each site has it's own file server and AD Sites and Services is correctly pointing them to their local one when they login).
Happens with:
non-admin and domain-admin users
2008 R2 and 2016 file servers
7 and 10 clients
Nothing obvious in the Offline Files Operational event logs.
Thanks