Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You receive an "Access is denied" error message if you try to add a new DFS root target from a host server that is running Windows Server 2003


View products that this article applies to.

Symptoms

If you try to add a new root target to an existing domain-based Distributed File System (DFS) implementation, you receive the following error message:
Access is denied

↑ Back to the top


Cause

This issue occurs if the following conditions are true:
  • The existing domain-based DFS implementation is on a host server that is running Microsoft Windows 2000 Server.
  • The Windows 2000 domain is operating in Mixed Mode.
  • You try to add a new root target from a host server that is running Microsoft Windows Server 2003.
This issue occurs because DFS connects to the registry of the target Windows Server 2003-based host server by using the security context of the Local Service account, and the Local Service account does not have the correct registry permissions.

Note A root target is a host server that runs the DFS service. For additional information about DFS functions, visit the following Microsoft Web site:

↑ Back to the top


Resolution

To resolve this issue, transfer the Primary Domain Controller (PDC) emulator Floating Single Master Operation (FSMO) role in the forest root domain to a Windows Server 2003 domain controller. To do this, follow these steps:
  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.

    Note You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

    Do either of the following:
    • In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
    • In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.
  3. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Masters.
  4. Click the PDC tab, and then click Change.
  5. Click OK to confirm that you want to transfer the role, and then click Close.

↑ Back to the top


More information

For additional information about how to view and transfer FSMO roles in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
324801� How to view and transfer FSMO roles in Windows Server 2003
For additional information about related topics, click the following article number to view the article in the Microsoft Knowledge Base:
827016� Local Service and other well-known security principals do not appear on your Windows Server 2003 domain controller

↑ Back to the top


Keywords: kberrmsg, kbtshoot, KB892783

↑ Back to the top

Article Info
Article ID : 892783
Revision : 5
Created on : 2/8/2007
Published on : 2/8/2007
Exists online : False
Views : 402