Microsoft KB Archive/824730

From BetaArchive Wiki
Knowledge Base


Link Target Servers in DFS Referral Responses Are Sometimes Sorted in Random Order

Article ID: 824730

Article Last Modified on 9/5/2007



APPLIES TO

  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server




SUMMARY

This article discusses how link target servers are sorted in Distributed File System (DFS) referral responses. In DFS referral responses, link target servers are generally sorted by site, with link target servers in the requesting client computer's site listed first. However, the link target servers may be sorted in random order in the following cases:

  • The DFS server cannot determine the client’s site. This problem may occur when a DFS server that is not a domain controller cannot contact a domain controller because of name resolution or network connectivity problems.

    Note Versions of the Mup.sys file that are earlier than version 5.0.2195.4280 cause the client to select the link target that is on the currently connected DFS server that provides the DFS referral response, regardless of the link target's position in a DFS referral response. This is the case when the DFS server is not in the client’s site, and the client is provided with a link target that is in its local site, and that is also on the currently connected DFS server.
  • The DFS server determines an incorrect client site, or the DFS server has incorrect site information for link target server names. Sites are determined based on the client’s Internet Protocol (IP) address or based on the target server names.
  • A domain controller that is successfully contacted has the RestrictAnonymous registry value set to 2.

    Note You can resolve this problem by lowering the RestrictAnonymous registry value to 1 or 0. For additional information about this registry value, see the "More Information" section, and click the following article number to view the article in the Microsoft Knowledge Base:

    246261 How to Use the RestrictAnonymous Registry Value in Windows 2000

  • Clients are running Windows 2000 Service Pack 3 (SP3) or later.

    Note The link target server list may not be sorted in random order on clients that are running Windows 2000 SP2 or earlier, or on clients that have any of the hotfixes in the following list installed.

    For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

    304719 DFS Client Does Not Select the Share on a DFS Server in the Same Site

    312579 You Cannot Change Folders by Using a Short Folder Name at a Command Prompt

    314944 A "Stop 0x50" Error Occurs If a Client Browses to a DFS Share That Has an Incorrect List Entry

    322599 DFS Client Computers Stop Responding when Disconnecting from a DFS Share

    262289 Invalid DNS Records Are Not Removed

    274411 Console and Terminal Services Access to Dfs Share Ignores Site Preference

    260857 DFS Site Information Is Not Updated When You Move Server to a New Active Directory Site

    282071 Users Are Accessing a DFS Root Replica in a Remote Site


MORE INFORMATION

When a DFS link server that is not a domain controller receives a DFS referral request from a client, one of the following sequences of events may occur:

  • If the RestrictAnonymous registry value is less than 2 on the domain controller:
    1. The DFS link server negotiates a Server Message Block ( SMB) session to the domain controller.
    2. The DFS link server makes an anonymous SMB connection to \\DomainControllerName\IPC$. This connection succeeds when the RestrictAnonymous registry value is less than 2 on the domain controller.
    3. The DFS link server binds to the domain controller Net Logon service RPC interface (UUID = 12345678-1234-ABCD-EF00-01234567CFFB) and to the public API DsAddressToSiteNames to obtain the client's site.
    4. The DFS link server builds a sorted site target list and returns the DFS referral response with the client site listed first.
  • If the RestrictAnonymous registry value is set to 2 on the domain controller:
    1. The DFS link server negotiates an SMB session with the domain controller.
    2. The DFS link server makes an anonymous SMB tree connection to \\DomainControllerName\IPC$, but this connection fails when the server has the RestrictAnonymous registry value set to 2.
    3. The DFS link server builds a random target list and returns the DFS referral response.


REFERENCES

For additional information about the RestrictAnonymous registry value, click the following article numbers to view the articles in the Microsoft Knowledge Base:

246261 How to Use the RestrictAnonymous Registry Value in Windows 2000


143474 Restricting Information Available to Anonymous Logon Users


289655 HOW TO: Enable Null Session Shares on a Windows 2000-Based Computer


328459 Troubleshooting Server Message Block Inbound Connection Limit in Windows Peer-to-Peer Workgroup


For additional information about the RestrictAnonymous registry value in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:

293127 The Net Logon Service of a Windows NT 4.0 BDC Does Not Function in a Windows 2000 Domain


296403 The RestrictAnonymous Value Breaks the Trust in a Mixed-Domain Environment


296405 The "RestrictAnonymous" Registry Value May Break the Trust to a Windows 2000 Domain


323467 Issues That Occur After You Implement the Microsoft Baseline Security Analyzer Recommendations in SBS 2000


176978 Error C00000BE When Changing Password


322981 How to Troubleshoot Inter-Forest Password Migration with ADMTv2


810333 XADM: ESE Event ID 215 The Backup Was Halted by the Client or the


245172 Err Msg: Could Not Find Domain Controller for This Domain


For additional information about the RestrictAnonymous registry value in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:

331708 Windows Explorer Cannot Show Share Contents on a Windows 2000 Server


810497 "System Cannot Log You On to This Domain" Error Message When You Try to Log On to a Windows NT 4.0 Domain


For additional information about the RestrictAnonymous registry value in SMS 2.0, click the following article numbers to view the articles in the Microsoft Knowledge Base:

302413 SMS: No Users or Groups Are Listed in the Administrator User Wizard


328358 SMS Network Discovery Does Not Detect the Operating System If the "RestrictAnonymous=1" Setting Is Being Used


311257 SMS: Resources Are Not Discovered if Anonymous Connections Are Turned Off


For additional information about the RestrictAnonymous registry value in Internet Information Services, click the following article number to view the article in the Microsoft Knowledge Base:

278836 ADSI GetObject Queries May Fail from ASP but Work from VBScript


For additional information about the RestrictAnonymous registry value in Exchange 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:

319879 XADM: MAPI Clients Cannot View the Global Address List and Resolve Names


309622 XADM: Clients Cannot Browse the Global Address List After You Apply the Q299687 Windows 2000 Security Hotfix


329318 Error Message: The Exchange Conferencing Service May Not Have a Default Conferencing Mailbox Defined for It


330317 XADM: Error Message: The Exchange Conferencing Service May Not Have a Default Conferencing Mailbox Defined for It


321318 XADM: The Top Exchange 2000 Directory Service Support Issues



Additional query words: restrictanonymous restrict anonymous dfs referral random distributed file system

Keywords: kbinfo kbactivedirectory kbfileprintservices kbwinservds KB824730