Link Target Servers in DFS Referral Responses Are Sometimes Sorted in Random Order (824730)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

SUMMARY

This article discusses how link target servers are sorted in Distributed File System (DFS) referral responses. In DFS referral responses, link target servers are generally sorted by site, with link target servers in the requesting client computer's site listed first. However, the link target servers may be sorted in random order in the following cases:
  • The DFS server cannot determine the client's site. This problem may occur when a DFS server that is not a domain controller cannot contact a domain controller because of name resolution or network connectivity problems.

    Note Versions of the Mup.sys file that are earlier than version 5.0.2195.4280 cause the client to select the link target that is on the currently connected DFS server that provides the DFS referral response, regardless of the link target's position in a DFS referral response. This is the case when the DFS server is not in the client's site, and the client is provided with a link target that is in its local site, and that is also on the currently connected DFS server.
  • The DFS server determines an incorrect client site, or the DFS server has incorrect site information for link target server names. Sites are determined based on the client's Internet Protocol (IP) address or based on the target server names.
  • A domain controller that is successfully contacted has the RestrictAnonymous registry value set to 2.

    Note You can resolve this problem by lowering the RestrictAnonymous registry value to 1 or 0. For additional information about this registry value, see the "More Information" section, and click the following article number to view the article in the Microsoft Knowledge Base:

    246261 How to Use the RestrictAnonymous Registry Value in Windows 2000

  • Clients are running Windows 2000 Service Pack 3 (SP3) or later.

    Note The link target server list may not be sorted in random order on clients that are running Windows 2000 SP2 or earlier, or on clients that have any of the hotfixes in the following list installed.

    For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

    304719 DFS Client Does Not Select the Share on a DFS Server in the Same Site

    312579 You Cannot Change Folders by Using a Short Folder Name at a Command Prompt

    314944 A "Stop 0x50" Error Occurs If a Client Browses to a DFS Share That Has an Incorrect List Entry

    322599 DFS Client Computers Stop Responding when Disconnecting from a DFS Share

    262289 Invalid DNS Records Are Not Removed

    274411 Console and Terminal Services Access to Dfs Share Ignores Site Preference

    260857 DFS Site Information Is Not Updated When You Move Server to a New Active Directory Site

    285827 DFS and Software Distribution Interaction

    282071 Users Are Accessing a DFS Root Replica in a Remote Site

MORE INFORMATION

When a DFS link server that is not a domain controller receives a DFS referral request from a client, one of the following sequences of events may occur:
  • If the RestrictAnonymous registry value is less than 2 on the domain controller:
    1. The DFS link server negotiates a Server Message Block ( SMB) session to the domain controller.
    2. The DFS link server makes an anonymous SMB connection to \\DomainControllerName\IPC$. This connection succeeds when the RestrictAnonymous registry value is less than 2 on the domain controller.
    3. The DFS link server binds to the domain controller Net Logon service RPC interface (UUID = 12345678-1234-ABCD-EF00-01234567CFFB) and to the public API DsAddressToSiteNames to obtain the client's site.
    4. The DFS link server builds a sorted site target list and returns the DFS referral response with the client site listed first.
  • If the RestrictAnonymous registry value is set to 2 on the domain controller:
    1. The DFS link server negotiates an SMB session with the domain controller.
    2. The DFS link server makes an anonymous SMB tree connection to \\DomainControllerName\IPC$, but this connection fails when the server has the RestrictAnonymous registry value set to 2.
    3. The DFS link server builds a random target list and returns the DFS referral response.

REFERENCES

For additional information about the RestrictAnonymous registry value, click the following article numbers to view the articles in the Microsoft Knowledge Base:

246261 How to Use the RestrictAnonymous Registry Value in Windows 2000

143474 Restricting Information Available to Anonymous Logon Users

289655 HOW TO: Enable Null Session Shares on a Windows 2000-Based Computer

328459 Troubleshooting Server Message Block Inbound Connection Limit in Windows Peer-to-Peer Workgroup

For additional information about the RestrictAnonymous registry value in Windows 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:

293127 The Net Logon Service of a Windows NT 4.0 BDC Does Not Function in a Windows 2000 Domain

296403 The RestrictAnonymous Value Breaks the Trust in a Mixed-Domain Environment

296405 The "RestrictAnonymous" Registry Value May Break the Trust to a Windows 2000 Domain

323467 Issues That Occur After You Implement the Microsoft Baseline Security Analyzer Recommendations in SBS 2000

176978 Error C00000BE When Changing Password

322981 How to Troubleshoot Inter-Forest Password Migration with ADMTv2

810333 XADM: ESE Event ID 215 The Backup Was Halted by the Client or the

245172 Err Msg: Could Not Find Domain Controller for This Domain

For additional information about the RestrictAnonymous registry value in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:

331708 Windows Explorer Cannot Show Share Contents on a Windows 2000 Server

810497 "System Cannot Log You On to This Domain" Error Message When You Try to Log On to a Windows NT 4.0 Domain

For additional information about the RestrictAnonymous registry value in SMS 2.0, click the following article numbers to view the articles in the Microsoft Knowledge Base:

302413 SMS: No Users or Groups Are Listed in the Administrator User Wizard

328358 SMS Network Discovery Does Not Detect the Operating System If the "RestrictAnonymous=1" Setting Is Being Used

311257 SMS: Resources Are Not Discovered if Anonymous Connections Are Turned Off

For additional information about the RestrictAnonymous registry value in Internet Information Services, click the following article number to view the article in the Microsoft Knowledge Base:

278836 ADSI GetObject Queries May Fail from ASP but Work from VBScript

For additional information about the RestrictAnonymous registry value in Exchange 2000, click the following article numbers to view the articles in the Microsoft Knowledge Base:

319879 XADM: MAPI Clients Cannot View the Global Address List and Resolve Names

309622 XADM: Clients Cannot Browse the Global Address List After You Apply the Q299687 Windows 2000 Security Hotfix

329318 Error Message: The Exchange Conferencing Service May Not Have a Default Conferencing Mailbox Defined for It

330317 XADM: Error Message: The Exchange Conferencing Service May Not Have a Default Conferencing Mailbox Defined for It

321318 XADM: The Top Exchange 2000 Directory Service Support Issues

Modification Type:MajorLast Reviewed:8/28/2003
Keywords:kbFilePrintservices kbwinservds kbActiveDirectory kbinfo KB824730 kbAudEndUser kbAudITPRO
©2003 Microsoft Corporation. All rights reserved.