DFS-N: Client failback should be enabled for the Netlogon and SYSVOL folders on domain controllers
Updated: July 21, 2010
Applies To: Windows Server 2008 R2, Windows Server 2012
This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the File Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, seeBest Practices Analyzer.
Operating System |
Windows Server 2008 R2 |
Product/Feature |
File Services |
Severity |
Warning |
Category |
Configuration |
Issue
Client failback is disabled for the Netlogon and SYSVOL folders on a domain controller.
Impact
Client computers could experience slower response times if they fail over to a remote domain controller and do not fail back to the local domain controller when it comes back online.
Resolution
Use Registry Editor to enable client failback for the Netlogon and SYSVOL folders on each domain controller in this domain.
To do so, use one of the following procedures:
Enable client failback for the Netlogon and SYSVOL folders by using Registry Editor
Enable client failback for the Netlogon and SYSVOL folders on all domain controllers by using Group Policy settings
Enable client failback for the Netlogon and SYSVOL folders by using Registry Editor
On each domain controller in the domain, click Start, type Regedit, and then press ENTER.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Warning
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Parameters registry key.
If the SysvolNetlogonTargetFailback value doesn’t exist, right-click Parameters, click New, click DWord (32bit) Value, and then type SysvolNetlogonTargetFailback.
Double-click the SysvolNetlogonTargetFailback value, and then in the Value data box, type 1.
Restart the DFS Namespace role service on the domain controller. To restart the role service, open an elevated Command Prompt window, and then type the following commands:
Net stop dfs
Net start dfs
Enable client failback for the Netlogon and SYSVOL folders on all domain controllers by using Group Policy settings
Open the Group Policy Management Console from the Administrative Tools folder.
Right-click the Domain Controllers container in the appropriate domain, and then click Create a GPO in this domain, and Link it here.
Type a name for the Group Policy object (GPO), for example, Enable client failback for Netlogon and SYSVOL folders.
Right-click the new GPO, and then click Edit.
Navigate to Computer Configuration\Preferences\Windows Settings.
Right-click Registry, point to New, and then click Registry Item.
In the Action box, select Update.
In the Key Path box, type SYSTEM\CurrentControlSet\Services\Dfs\Parameters.
In the Hive box, leave the default HKEY_LOCAL_MACHINE selected.
In the Value name box, type SysvolNetlogonTargetFailback.
In the Value type box, select REG_DWORD.
In the Value data box, type 1.
Click OK, and then close the Group Policy Management Editor window.
The Group Policy settings are applied after the default refresh intervals (90 minutes for domain members and five minutes for domain controllers). To see the effect of the GPO immediately, open a Command Prompt window, and then type GPUpdate /force. After the GPO is applied to a domain controller, restart the DFS Namespace role service.