Event ID 14536 — Trusted Domain Information Status

Updated: November 25, 2009

Applies To: Windows Server 2008 R2

yellow

The Distributed File System (DFS) service initializes trusted domain information so that client computers can access trusted domains. If DFS namespace is not able to initialize trusted domain information, DFS client computers will not be able to access trusted domains. For more information, see How DFS Works (http://go.microsoft.com/fwlink/?LinkId=147277).

Event Details

Product: Windows Operating System
ID: 14536
Source: Microsoft-Windows-DfsSvc
Version: 6.0
Symbolic Name: EVENT: DFS_WARN_DOMAIN_REFERRAL_OVERFLOW
Message: DFS is unable to return the entire list of trusted domains to the client. There are too many trusted domains.

Resolve

Ensure that the buffer on the client holds the appropriate trusted domain information

If your organization has a large number of trusted domains and forests, it is possible that client computers will not be able to access all domain-based namespaces in the trusted domains and forests. If a client computer can access a link target in another trusted domain or trusted forest by using the target’s Universal Naming Convention (UNC) path, the client computer can also access the link target by using its DFS path, but only if the list of domains fits into the client computer’s buffer. By default, DFS client computers send a 4-kilobyte (KB) (2,048 Unicode character) buffer to a domain controller when they request domain name referrals. If the list of domains is too large to fit into the 4-KB buffer, DFS client computers automatically increase their buffer size to accept the list of domains, up to a maximum of 56 KB.

When it populates the buffer of a client computer, DFS gives preference to local and explicitly trusted domains by filling the buffer with the names of those domains first. Consequently, by creating explicit trust relationships with domains that host important DFS namespaces, you can minimize the possibility that these domain names might be dropped from the list that is returned to the client computer. For more information about trust relationships, see Domain and Forest Trusts Technical Reference (http://go.microsoft.com/fwlink/?LinkId=147300).

 

Verify

Generate a list of the trusted domains from a domain controller and from a DFS client computer. Compare the two lists to ensure that they match.

Membership in Domain Admins, or equivalent, is the minimum required to perform the following procedure. Review details about default group memberships at http://go.microsoft.com/fwlink/?LinkID=150761. Perform the procedure on a domain controller in your domain.

To generate a list of trusted domains from a domain controller:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Run the command nltest /domain_trusts > domaintrusts.txt to produce a text file that lists all the trusted domain names.
  3. Open the list in a text editor. For example, to open the file in Notepad, run the command notepad domaintrustlist.txt.

Membership in Domain Users, or equivalent, is the minimum required to perform the following procedure. Review details about default group memberships at http://go.microsoft.com/fwlink/?LinkID=150761. Perform the procedure on a domain controller in your domain.

To generate a list of trusted domains from a DFS client computer:

  1. Open a command prompt. To open a command prompt, click Start. In Start Search, type cmd, and then press ENTER.
  2. Run the command dfsutil /spcinfo > domaintrusts.txt to produce a text file that lists all the trusted domain names.
  3. Open the list in a text editor. For example, to open the file in Notepad, run the command notepad domaintrustlist.txt.

Compare the list of trusted domains from the domain controller and from the DFS client computer to ensure that the lists match to confirm that the Dfs service is working properly.

Related Management Information

Trusted Domain Information Status

Active Directory

Community Additions

ADD
Show: