Setting up DFS on Windows Server 2008 R2 in a domain with Windows 2003 Server DC’s: Fixing a very particular DFS Replication error

So I’m in the process of a complete migration to Server 2008 R2, and it comes time to migrate DFS. No problem. I have it working on the 2003 machines, I’ll just leave those up to service the users while I set up a new Namespace on the 2008 R2 DC’s, and then I’ll remap the user drives.

Well that was the plan anyway. As it turns out, it’s not quite that easy.

Before I get started on the particular issue I encountered I’ll note that if your DC’s are all 2003 (Schema v30), and you have not updated the AD Schema in preparation for 2008 R2 DC’s (Schema v47), you will want to do that now. The DFS-R service requires that the AD Schema be updated to at least 2003 R2 (Schema v37), and you’re going to have to update it to 2008 R2 before you can add a 2008 R2 Domain Controller anyway so might as well do it now (see this for more information).

The problem: Replication

I set up the Namespace Folders in the DFS Management Console first, and then proceeded to add the Folder Targets. Once you add a second Target to a Namespace Folder, the DFS Management console prompts you to set up replication, which I did. I ran through the Replication Wizard, accepting all the defaults, and it promptly failed out at the “Update folder security” step, as shown in Figure 1:

Figure 1

Ok, well there is a tab for the error, let’s click that and see what’s in there as shown in Figure 2 (the blacked out areas are the Server names):

Figure 2

Well, that’s not very helpful. Maybe there is something in the event logs? Hmm not really, the closest thing was an Error 6804 from DFSR as shown in Figure 3:

Figure 3

Which is not exactly helpful. So what is the problem? Well it turns out that Microsoft doesn’t document very well. They document in exact steps using an example (like this one on how to set up DFS on Server 2008). The problems arise when you deviate from that example in an attempt to do things in a logical manner. I inadvertently caused this issue, in the underlying file structure on the Servers.

I have two identical (hardware wise) servers that I am configuring this on. They each have a single RAID10 volume totaling approximately 680GB of storage per machine. This is in two partitions; the SYSTEM partition (C:\) at ~50GB, and the DATA partition (D:\) at ~630GB, give or take a couple of GB’s.

When I set up the DFS Namespace, I decided to keep everything simple: since the SYSTEM partition is rather limited, I’ll set the DFSRoot in D:\public, which also happens to be where I created the Folder Targets. This is a no no. When you create a Folder in DFS, Microsoft creates a reparse point in the DFSRoot with the same name. Well, it turns out that there is absolutely nothing that will prevent you from selecting and sharing this reparse point as a Folder Target in DFS. Well nothing except trying to get the Folder Targets to replicate. There is also nothing in any of Microsoft’s technical documentation that says that this is a no no.

At this point, I deleted the entire DFS Namespace, and started over (keeping this in mind). It works fine when you separate the DFSRoot and the Target Folders.

I guess all I can say is; I… I didn’t know I couldn’t do that.


