Quantcast
Channel: File Services and Storage forum
Viewing all articles
Browse latest Browse all 13565

Is It Possible to Add a Fileserver to a DFS Replication Group Without Connectivity to FSMO Roles Holder DC But Connectivity to Site DC???

$
0
0
I apologize in advance for the rambling novella, but I tried to include as many details ahead of time as I could.

I guess like most issues, this one's been evolving for a while, it started out with us trying to add a new member 
to a replication group that's on a subnet without connectivity to the FSMO roles holder. I'll try to describe the 
layout as best as I can up front.

The AD only has one domain & both the forest & domain are at 2008R2 function level. We've got two sites defined in 
Sites & Services, Site A is an off-site datacenter with one associated subnet & Site B with 6 associated subnets, A-F. 
The two sites are connected by a WAN link from a cable provider. Subnets E & F at Site B have no connectivity to Site A 
across that WAN, only what's available through the front side of the datacenter through the public Internet. The network 
engineering group involved refuses to route that WAN traffic to those two subnets & we've got no recourse against that 
decision; so I'm trying to find a way to accomplish this without that if possible.

The FSMO roles holder is located at Site A. I know that I can define a Site C, add Subnets E & F to that site, & then 
configure an SMTP site link between Sites A & C, but that only handles AD replication, correct? That still wouldn't allow me, for example, 
to enumerate DFS namespaces from subnets E & F, or to add a fileserver on either of those subnets as a member to an existing
DFS replication group, right? Also, root scalability is enabled on all the namespace shares.

Is there a way to accomplish both of these things without transferring the FSMO roles from the original DC at Site A to, say, 
the bridgehead DC at Site B? 

When the infrastructure was originally setup by a former analyst, the topology was much more simple & everything was left
under the Default First Site & no sites/subnets were setup until fairly recently to resolve authentication issues on 
Subnets E & F... I bring this up just to say, the FSMO roles holder has held them throughout the build out & addition of 
all sorts of systems & I'm honestly not sure what, if anything, the transfer of those roles will break. 

I definitely don't claim to be an expert in any of this, I'll be the first to say that I'm a work-in-progress on this AD design stuff, 
I'm all for R'ing the FM, but frankly I'm dragging bottom at this point in finding the right FM. I've been digging around
on Google, forums, & TechNet for the past week or so as this has evolved, but no resolution yet. 

On VMs & machines on subnets E & F when I go to DFS Management -> Namespace -> Add Namespaces to Display..., none show up 
automatically & when I click Show Namespaces, after a few seconds I get "The namespaces on DOMAIN cannot be enumerated. The 
specified domain either does not exist or could not be contacted". If I run a dfsutil /pktinfo, nothing shows except \sysvol 
but I can access the domain-based DFS shares through Windows Explorer with the UNC path \\DOMAIN-FQDN\Share-Name then when 
I run a dfsutil /pktinfo it shows all the shares that I've accessed so far.

So either I'm doing something wrong, or, for some random large, multinational company, every sunbet & fileserver one wants 
to add to a DFS Namespace has to be able to contact the FSMO roles holder? Or, are those ADs broken down with a child domain 
for each Site & a FSMO roles holder for that child domain is located in each site?

Viewing all articles
Browse latest Browse all 13565

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>