3

Our setup right now is 1 "main" machine and two webservers. The main machine have a DFS namespace called 'foo' which both the webservers uses as their webroot directory.

This works like a charm if I type \mainserver\foo on a machine in the same domain, but unfortunately our developers are joined to a different domain and so they get a "Windows cannot access \mainserver\foo, make sure your spelling are correct".

Is there any way around this? Maybe adding trust between the two domains or something?

Everything is set up using Windows Server 2008 Standard and the clients are all Windows 7.

Regards

LPE
  • 41
  • 1
  • 1
  • 2
  • This sounds like a name resolution problem to me. Can the developers resolve the name mainserver? What happens when they ping the name mainserver? – joeqwerty Aug 11 '11 at 14:20
  • Not just by trying to look up 'mainserver', but they can with 'mainserver.domain.company.com', ie. the complete name. But they can not open the folder even if they type \\mainserver.domain.company.com\foo – LPE Aug 11 '11 at 14:22
  • I'm a little confused, do they have name resolution for mainserver.domain.company.com? If so, does it resolve correctly? Any firewalls between them and the server? – joeqwerty Aug 11 '11 at 14:34
  • yes, they have the correct resolution when they look up mainserver.domain.company.com, and yeah there's a firewall, should something specific about just DFS be opened? Right now there's only the active directory magic ports opened along with a few others – LPE Aug 12 '11 at 06:10
  • This doesn't sound like a DFS namespace; it sounds like an ordinary server share. – Spencer Nov 04 '17 at 23:07

1 Answers1

1

You will need a trust between domains unless you are happy to provide alternate credentials when prompted. If you have the same username and password in both domains, it might authenticate using NTLM even without trust.

Port 445 is whats used for DFS. I'd take a network trace on client side to see how far you get. See https://docs.microsoft.com/en-us/archive/blogs/josebda/understanding-windows-server-2008-dfs-n-by-analyzing-network-traces for more details of deciphering the network trace.

the-wabbit
  • 40,737
  • 13
  • 111
  • 174
maweeras
  • 2,734
  • 2
  • 17
  • 23
  • We are very happy with providing credentials, so that's not a problem. and we do have access too \\mainserver.domain.company.com\c$ after entering the credentials, but not the namespace. ie. \\mainserver.domain.company.com\foo, but I'll try to open up port 445 and see if that makes any difference. – LPE Aug 12 '11 at 07:37
  • If you can access C$ that proves 445 is open. I would still look at that network trace. – maweeras Aug 12 '11 at 07:39