Article ID: 975440 - View products that this article applies to.
On a computer that is running Windows XP or Window Server 2003, when you try to access to a Domain-based Distributed File System Namespace (DFSN), you receive the following error message:
On Windows Vista and later versions of Windows, you may recieve one of the following error messages:
\\<Domain Name>\<DFS Namespace> is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.
Windows cannot access \\<Domain Name>\<DFS Namespace>
The Network Path was not found
This error typically occurs because the DFSN client cannot complete the connection to a DFSN path.
The connection may fail because of any of the following reasons:
To resolve this problem, you must evaluate network connectivity, name resolution, and DFSN service configuration. You can use the following methods to evaluate each of these dependencies.
ConnectivityIn this article, "connectivity" refers to the client's ability to contact a domain controller or a DFSN server. If a client cannot complete a network connection to a domain controller or to a DFSN server, the DFSN request fails.
You can use the following tests to verify connectivity.
Determine whether the client was able to connect to a domain controller for domain information by using the DFSUtil.exe /spcinfo command. The output of this command describes the trusted domains and their domain controllers that are discovered by the client through DFSN referral queries. This is known as the "Domain Cache."
In the following example, both the DNS domain name "contoso.com" and the NetBIOS domain name "CONTOSO" are discovered by the client. Two domain controllers were identified for the domain name "CONTOSO": 2003server2 and 2003server1. If the client accesses the DNS name "contoso.com" in a request, the entries are displayed under the "contoso.com" entry.
Entries that are marked by an asterisk (*) were obtained through the Workstation service. The other entries were obtained through referrals by the DFSN client. The entries that are marked by a plus sign (+) are the domain controllers that are currently used by the client. For more information about referral processes, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc782417(WS.10).aspxTo evaluate connectivity, try a simple network connection to the active domain controller by using its IP address. For example, type either of the following commands:
If the connection is successful, determine whether a valid DFSN referral is returned to the client after it accesses the namespace. You can do this by viewing the referral cache (also known as the PKT cache) by using the DFSUtil.exe /pktinfo command.
The following output details the expected entries within the client's referral cache after the client accesses the DFSN path "\\contoso.com\dfsroot\link." The root has two targets ("rootserver1" and "rootserver2"). The link has a single target ("fileserver").
If you cannot find an entry for the desired namespace, this is evidence that the domain controller did not return a referral. DFSN service failures are discussed later in this article.
If you see an entry for the namespace (that is, "\contoso.com\dfsroot"), the entry proves that the client was able to contact a domain controller, but then did not reach any DFSN namespace targets. If not any of the namespace targets that are listed are designated as "ACTIVE," that indicates that all targets were unreachable.
Try to access to each namespace server by using IP addresses. For this test, you must specify only the IP address of the server, and you must not include the namespace share (that is, "net view \\192.168.1.11" but not "net view \\192.168.1.11\dfsroot"). Otherwise, you may unknowingly be referred to another DFS root server. If this occurs, you will receive misleading results. Note any error messages that are reported during these actions.
You must investigate and resolve any failures of a domain controller or of DFS namespace server communications. For more information about TCP/IP networking details and about troubleshooting utilities, visit the following Microsoft Web site:
Name ResolutionClients must resolve the name of the DFS namespace and of any servers that are hosting the namespace. Review the output that was previously generated by the dfsutil /pktinfo and dfsutil /spcinfo commands. The server names that are listed must be resolved by the client to IP addresses.
You can use the following methods to verify proper name resolution functionality.
DFS and System ConfigurationEven when connectivity and name resolution are functioning correctly, DFS configuration problems may cause the error to occur on a client. DFS relies on up-to-date DFS configuration data, correctly configured service settings, and Active Directory site configuration.
First, verify that the DFS service is started on all domain controllers and on DFS namespace/root servers. If the service is started in all locations, make sure that no DFS-related errors are reported in the system event logs of the servers.
When an administrator makes a change to the domain-based namespace, the change is made on the Primary Domain Controller (PDC) emulator master. Domain controllers and DFS root servers periodically poll PDC for configuration information. If the PDC is unavailable, or if "Root Scalability Mode" is enabled, Active Directory replication latencies and failures may prevent servers from issuing correct referrals. For more information about "Root Scalability Mode," visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc776068(WS.10).aspxOne method to evaluate replication health is to interrogate the status of the last inbound replication attempt for each domain controller. To do this, run the repadmin.exe command. The required syntax for this command is as follows:
repadmin /showrepl * DN_of_domainNote In this command, "*" represents all domain controllers that are to be queried, and "DN_of_domain" represents the distinguished name of the domain, such as "dc=contoso,dc=com."
Review the status and time of the last successful replication to make sure that DFSN configuration changes have reached all domain controllers. You should investigate any failures that are reported for inbound replication to a DC.
DFSN configuration problems may also prevent access to the namespace. One common scenario in which this occurs is a client that belongs to a site that contains no namespace or folder targets. If the namespace is configured to issue referral targets only within the client's site (the "insite" option), DFSN will not provide a referral. To evaluate whether the "insite" option is configured on a namespace, opena a command prompt, and then type the following command:
dfsutil /path:\\contoso.com\dfs /insite /displaySimilarly, Active Directory site configuration problems may prevent DFSN servers from correctly determining the client site. Therefore, these problems may cause referral failures if "insite" is configured. The DFSN service maps the client to a site by analyzing the source IP address of the client's referral request. The DFS service also maps each root target server to a site by resolving the target server's name to an IP address. To evaluate whether a domain controller or a DFS root can determine the correct site of the a system, run either of the following commands locally on the domain controllers and on the DFS namespace server:
For more information about how to restrict referrals to targets that are only within the client's site, visit the following Microsoft Web site:
http://support.microsoft.com/kb/947724For information about Active Directory Site topology and design, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc787284(WS.10).aspxFor more information about DFS namespaces, visit the following Microsoft Web sites:
How DFS Works
Distributed File System: Frequently Asked Questions
Updated namespace terminology:
Article ID: 975440 - Last Review: March 12, 2010 - Revision: 3.0