I have recently been working on a large cloud transformation project where we were required to move multiple CIFS file shares from existing servers to new machines utilising Microsoft StorSimple devices for storage. Due to the constant requirement of this data we had migrate it with minimum downtime.
This was achieved by building new file servers in the new data center, connecting the StorSimple devices to them via iSCSI and use emcopy to replicate the data. Multiple differential file copies were then performed before making the original shares read-only and moving the DNS records for the old servers over to the new ones.
But how did we manage to provision new servers, with the same name, whilst the old servers were still online and not cause a naming conflict…?
The answer…DFS Consolidation Root. This is not a particularly well known usage of DFS, but extremely useful in this scenario. What DFS Consolidation Root allows you to do is create a namespace called the old server name with a “#” symbol in front, which will then respond to DNS requests as the old server.
For example, let’s say you have a file server called “OLDSERVER1” which has a couple of shares “Legal” and “Finance”
You want to move these shares and data to a new server “NEWSERVER1” but retain the old paths above, you can do this by using DFS Consolidation Root.
Firstly, copy the data to the new server and create the shares to match the old server, in this instance it would look like this:
Note: hidden shares are recommended so as to not expose the true path to the shares and confuse the users.
Next, create a DFS root on “NEWSERVER1” then create a namespace called “#OLDSERVER1”.
Then, create two new folders under that namespace and add the new hidden shares as targets. It should look like this:
The final step is to add some registry entries to NEWSERVER1 to enable the Consolidation Root functionality. Run the following from an elevated PowerShell window.
new-item -Type Registry HKLM:SYSTEM\CurrentControlSet\Services\Dfs
new-item -Type Registry HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters
new-item -Type Registry HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters\Replicated
new-itemproperty HKLM:SYSTEM\CurrentControlSet\Services\Dfs\Parameters\Replicated ServerConsolidationRetry -Value 1
Now you have the DFS Consolidation Root server built, it is time to redirect traffic to the new server and make it act as if it is the old one. To do this you need to update the DNS record for the old server name to point to the new server. Once this change has propagated check you are targeting the new server by using the ping command against the old server name.
If you try and connect to the path \\OLDSERVER1\Legal at this point you will see the following error logged in the System Event Log of the client trying to connect
This is due to NEWSERVER1 not correctly decrypting Kerberos tickets intended for OLDSERVER1, to fix this you must register the old server name against the new server using the SetSPN command from an elevated command prompt logged in as a user with Domain Admin rights.
Delete the OLDSERVER1 host entries using the following command
setspn -d HOST/oldserver1 oldserver1
setspn -d HOST/oldserver1.contoso.com oldserver1
Add the entries back for the NEWSERVER1 server using the following commands
setspn -a HOST/oldserver1 newserver1
setspn -a HOST/oldserver1.contoso.com newserver1
Confirm the entries have been added by running the following command
You will now be able to browse the old paths originally hosted on OLDSERVER1 on NEWSERVER1