I've got 3 member servers as part of a DFS replication group. All servers are on the same site. One server (Server A) is running 2003 R2 and is the "primary" member, in that clients are always referred to this member. Ordering
method is set to "lowest cost" so I assume Server A is somehow set to a lower cost than the others. Everything works fine the way it is, and replication works fine.
The problem arises when Server A is made unavailable, or is removed as a referral target. When this happens, access to all DFS folders becomes read-only. However, none of the servers are set to be read-only members. Folder share permissions
seem to be the same on each server. If Server A is added back as a folder target everything goes back to normal. This issue occurs whether clients are referred to Server B (2012) or Server C (2012 R2).
When connecting directly to the individual servers' UNC path everything works as expected. I can write to any folder on Server B that I would expect to be able to. However, when trying to access shared folders directly on the data volumes on Server
B or C, I have to grant my account explicit permission to view the folder or view it's security tab. This is despite the fact that I am a domain admin and domain admins have access rights to all of these folders. It works but I should have access
by virtue of being in the domain admins group.
Any ideas?
TLDR: 2 out of 3 DFS members have read-only folders even though they are not read-only servers, and permissions appear to be set correctly.