The Storage Team Blog about file services and storage features in Windows Server, Windows XP, Windows Vista and Windows 7.
So you have heard about a tool DFSDiag which is meant to be used to help you diagnose your DFS Namespace. You just type DFSDiag.exe and...
voilà you got the list of the commands you can use. Oh yes you also have the “DFSDIAG_ERROR” message, but that’s because DFSDiag expect one of the commands that it has implemented. Ok let me try to explain the options you have:
/testdcs: With this you can check the configuration of the domain controllers. It performs the following tests:
To run this command against your domain Contoso.com just type:
DFSDiag /testdcs /domain:Contoso.com
If you omit the parameter /Domain, the tests are run against the Domain the machine is joined to.
/testsites: Used to check the configuration of Active Directory Domain Services (AD DS) sites by verifying that servers that act as namespace servers or folder (link) targets have the same site associations on all domain controllers.
So for a machine you will be running something like:
DFSDiag /testsites /machine:MyServer
For a folder (link):
DFSDiag /testsites /dfspath:\\Contoso.com\MyNamespace\MyLink /full
For a root:
DFSDiag /testsites /dfspath:\\Contoso.com\MyNamespace /recurse /full
But hey what’s the meaning of “recurse” and “full”? Don’t panic these are a couple of parameters that run a more comprehensive test. /recurse applies only to a namespace root path, where it enumerates and verifies the site associations for all folder targets. /full verifies that AD DS and the registry of the server contain the same site association information
/testdfsconfig: With this you can check the DFS namespace configuration. The tests that perform are:
To run this you just need to type:
DFSDiag /testdfsconfig /dfsroot:\\Contoso.com\MyNamespace
/testdfsintegrity: Used to check the namespace integrity. The tests performed are:
To check the integrity of my namespace at contoso.com:
DFSDiag /testdfsintegrity /dfsroot:\\Contoso.com\MyNamespace
Additionally you can specify /full, /recurse, which in this case, /full verifies the consistency of share and NTFS ACLs in all the folder targets. It also verifies that the Online property is set in all the folder targets. /recurse performs the testing including the namespace interlinks.
/testreferral: Perform specific tests, depending on the type of referral being used.
Again for your namespace at contoso.com:
DFSDiag /testreferral /dfspath:\\Contoso.com\MyNamespace
There is also the option to use /full as an optional parameter, but this only applies to Domain and Root referrals. In these cases /full verifies the consistency of site association information between the registry and Active Directory.
A brief example of how DFSDiag can help you is to detect duplicate folders (links) in your deployment. For this you can use the command /testdfsintegrity with the /full flag and…
It will show you the “troublemaker” folders as in this case, where Link1 and Link2 are duplicated.
Ok these are the tests that DFSDiag performs; I hope this gives you a better understanding of what’s going on once you run the tool against your deployment!
John Angel Diaz
Our developer team colleagues at the File Cabinet have posted an interesting article on the DFSDIAG tool.
dfsdiag /testdcs gives an error on the last test of "Validating Site Association of <DC> in every DC." It provides the error "DFSDIAG_WARNING - APPL - SiteName form IP - ::1 of <DC> in DC - <remote DC) is nULL while in ADSite it is <SiteName>. This error repeats for every non-W2K8 DC in the domain. I have unbound IPV6 and unchecked the IPv6 protocol, but the problem still is reported. Why?
Could you check if the site association of DC by hostname and IP address is the same across all other DCs?
does DFSdiag only work on 2008 Server, or can you use it on 2003 server? It seems to be an improvement of the dfsrdiag.exe tool.
I checked the Sites/subnets. All the DCs in the domain are in the same site. The only difference is that the two DCs that have the warning are W2K3 and the one that is consistent is W2K8.
Great reading your info on DFS and DFS Replication.
With the replication are files verified as they are copied or is it dependant on later checks.
Since blogs on the site thumbs up :)
I have the exact same issue with the "is nULL while in ADSite it is <SiteName>. "
Not on the Domain controllers but on one of our Mgmnt machins, and it can not access the DFSroot. Also unbound the IP6 interface, and tone tons of dfsutil/dfsdiag. All rendering in RPC server in unavailable.
Before i unbounded the ip6 interface i did not have ::1 as ipaddress but instead the "deafult" ip6 IP net
Hello all, David here again. If you are reading this post, you likely have Distributed File System Namespaces