You have a server that is running Windows Server 2008 R2.
You have the DFS Namespaces role service installed on the server.
You have more than 1,000 folders in the domain-based namespace in Windows Server 2008 mode.
There's a significant number of namespace servers.
You have turned on Root Scalability Mode. It makes the problem more likely to happen.
There are clients that make DFS management API calls, maybe because the DFS Management tools are used on the field DFS servers. For details see the More Information section.
In this scenario, some DFS namespace reparse points that are in the servers root share are unexpectedly deleted during a full synchronization of the large DFS volume with the Primary Domain Controller (PDC).
This problem occurs because of an issue in the paged Lightweight Directory Access Protocol (LDAP) search query. If the server namespace contains more than 1,000 folders when the paged LDAP query reads the namespace configuration from the Active Directory domain, this query fails because of network errors, slow links, or a resource shortage on the PDC. When this problem occurs, the DFSN service mistakenly deletes the links that are not returned in the successful part of the paged LDAP query.
This update avoids the loss of the links that are lost in the update. But it does not resolve the situation when the DFS Service starts and cannot complete populating the full list of links from Active Directory on startup. See the More Information Section for more Details.
A supported hotfix is available from Microsoft Support. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
To apply this hotfix, you must have Service Pack 1 for Windows Server 2008 R2 installed.
You have to restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any previously released hotfix.
The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Server 2008 R2 file information and notes
Important Windows 7 hotfixes and Windows Server 2008 R2 hotfixes are included in the same packages. However, hotfixes on the Hotfix Request page are listed under both operating systems. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under "Windows 7/Windows Server 2008 R2" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.
The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
6.1.760 1. 22xxx
Windows Server 2008 R2
GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows 7 and Windows Server 2008 R2" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x64-based versions of Windows Server 2008 R2
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
When this problem occurs, you may notice that the number of Namespace folders that are left in the DFS Namespace root share is a multiple 1,000. For example, when you run the dir *.* command in the root directory, the results returned will be a multiple of 1,000 + 2.
To re-trigger reading the Active Directory configuration to re-create the missing folders, run the following command:
dfsutil root ForceSync \\contoso.com\DFSRoot
Background on LDAP Server resource shortage
There are two known issues in Windows 7 where clients might trigger DFS synchronization:
When such an API call is received, the DFS server synchronizes with the PDC. If Root Scalability Mode is enabled, a full sync might be done and when many DFS servers do this at the same time, you can run into the LDAP server resource issue discussed in the Cause section.
There's a managed memory pool managed by the LDAP server that can hit limits for this query scenario. An article discusses this memory pool: How LDAP Server Cookies Are Handled.
For the purposes of domain-based DFS volumes, you can calculate MaxResultSetSize as follows to have a safe upper value for the LDAP cookie memory buffer:
(400+4*(number of links))*(number of DCs)
For example, if you have 50000 links and 100 namespace Servers, you get:
(400+4*(50000))*(100) = 20040000
You would use this value for the MaxResultSetSize in the LDAP Query Policy for the PDC.
Additional file information
Additional file information for Windows Server 2008 R2
Additional files for all supported x64-based versions of Windows Server 2008 R2