Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Link Target Servers in DFS Referral Responses Are Sometimes Sorted in Random Order


View products that this article applies to.

Summary

This article discusses how link target servers are sorted in Distributed File System (DFS) referral responses. In DFS referral responses, link target servers are generally sorted by site, with link target servers in the requesting client computer's site listed first. However, the link target servers may be sorted in random order in the following cases:
  • The DFS server cannot determine the client�s site. This problem may occur when a DFS server that is not a domain controller cannot contact a domain controller because of name resolution or network connectivity problems.

    Note Versions of the Mup.sys file that are earlier than version 5.0.2195.4280 cause the client to select the link target that is on the currently connected DFS server that provides the DFS referral response, regardless of the link target's position in a DFS referral response. This is the case when the DFS server is not in the client�s site, and the client is provided with a link target that is in its local site, and that is also on the currently connected DFS server.
  • The DFS server determines an incorrect client site, or the DFS server has incorrect site information for link target server names. Sites are determined based on the client�s Internet Protocol (IP) address or based on the target server names.
  • A domain controller that is successfully contacted has the RestrictAnonymous registry value set to 2.

    Note You can resolve this problem by lowering the RestrictAnonymous registry value to 1 or 0. For additional information about this registry value, see the "More Information" section, and click the following article number to view the article in the Microsoft Knowledge Base:
    246261� How to Use the RestrictAnonymous Registry Value in Windows 2000
  • Clients are running Windows 2000 Service Pack 3 (SP3) or later.

    Note The link target server list may not be sorted in random order on clients that are running Windows 2000 SP2 or earlier, or on clients that have any of the hotfixes in the following list installed.

    For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
    304719� DFS Client Does Not Select the Share on a DFS Server in the Same Site
    312579� You Cannot Change Folders by Using a Short Folder Name at a Command Prompt
    314944� A "Stop 0x50" Error Occurs If a Client Browses to a DFS Share That Has an Incorrect List Entry
    322599� DFS Client Computers Stop Responding when Disconnecting from a DFS Share
    262289� Invalid DNS Records Are Not Removed
    274411� Console and Terminal Services Access to Dfs Share Ignores Site Preference
    260857� DFS Site Information Is Not Updated When You Move Server to a New Active Directory Site
    282071� Users Are Accessing a DFS Root Replica in a Remote Site

↑ Back to the top


More information

When a DFS link server that is not a domain controller receives a DFS referral request from a client, one of the following sequences of events may occur:
  • If the RestrictAnonymous registry value is less than 2 on the domain controller:
    1. The DFS link server negotiates a Server Message Block ( SMB) session to the domain controller.
    2. The DFS link server makes an anonymous SMB connection to \\DomainControllerName\IPC$. This connection succeeds when the RestrictAnonymous registry value is less than 2 on the domain controller.
    3. The DFS link server binds to the domain controller Net Logon service RPC interface (UUID = 12345678-1234-ABCD-EF00-01234567CFFB) and to the public API DsAddressToSiteNames to obtain the client's site.
    4. The DFS link server builds a sorted site target list and returns the DFS referral response with the client site listed first.
  • If the RestrictAnonymous registry value is set to 2 on the domain controller:
    1. The DFS link server negotiates an SMB session with the domain controller.
    2. The DFS link server makes an anonymous SMB tree connection to \\DomainControllerName\IPC$, but this connection fails when the server has the RestrictAnonymous registry value set to 2.
    3. The DFS link server builds a random target list and returns the DFS referral response.

↑ Back to the top


References

For additional information about the RestrictAnonymous registry value, click the following article numbers to view the articles in the Microsoft Knowledge Base:
246261� How to Use the RestrictAnonymous Registry Value in Windows 2000
143474� Restricting Information Available to Anonymous Logon Users
289655� HOW TO: Enable Null Session Shares on a Windows 2000-Based Computer
328459� Troubleshooting Server Message Block Inbound Connection Limit in Windows Peer-to-Peer Workgroup
For additional information about the RestrictAnonymous registry value in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:
293127� The Net Logon Service of a Windows NT 4.0 BDC Does Not Function in a Windows 2000 Domain
296403� The RestrictAnonymous Value Breaks the Trust in a Mixed-Domain Environment
296405� The "RestrictAnonymous" Registry Value May Break the Trust to a Windows 2000 Domain
323467� Issues That Occur After You Implement the Microsoft Baseline Security Analyzer Recommendations in SBS 2000
176978� Error C00000BE When Changing Password
322981� How to Troubleshoot Inter-Forest Password Migration with ADMTv2
810333� XADM: ESE Event ID 215 The Backup Was Halted by the Client or the
245172� Err Msg: Could Not Find Domain Controller for This Domain
For additional information about the RestrictAnonymous registry value in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:
331708� Windows Explorer Cannot Show Share Contents on a Windows 2000 Server
810497� "System Cannot Log You On to This Domain" Error Message When You Try to Log On to a Windows NT 4.0 Domain
For additional information about the RestrictAnonymous registry value in SMS 2.0, click the following article numbers to view the articles in the Microsoft Knowledge Base:
302413� SMS: No Users or Groups Are Listed in the Administrator User Wizard
328358� SMS Network Discovery Does Not Detect the Operating System If the "RestrictAnonymous=1" Setting Is Being Used
311257� SMS: Resources Are Not Discovered if Anonymous Connections Are Turned Off
For additional information about the RestrictAnonymous registry value in Internet Information Services, click the following article number to view the article in the Microsoft Knowledge Base:
278836� ADSI GetObject Queries May Fail from ASP but Work from VBScript
For additional information about the RestrictAnonymous registry value in Exchange 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:
319879� XADM: MAPI Clients Cannot View the Global Address List and Resolve Names
309622� XADM: Clients Cannot Browse the Global Address List After You Apply the Q299687 Windows 2000 Security Hotfix
329318� Error Message: The Exchange Conferencing Service May Not Have a Default Conferencing Mailbox Defined for It
330317� XADM: Error Message: The Exchange Conferencing Service May Not Have a Default Conferencing Mailbox Defined for It
321318� XADM: The Top Exchange 2000 Directory Service Support Issues

↑ Back to the top


Keywords: KB824730, kbinfo, kbactivedirectory, kbwinservds, kbfileprintservices

↑ Back to the top

Article Info
Article ID : 824730
Revision : 4
Created on : 9/5/2007
Published on : 9/5/2007
Exists online : False
Views : 358