I have set up a DFS root with 2 targets and enabled the replication. I can access the DFS namespace from either of the hosts of the 2 targets but, when I try to access it from a standalone computer (non member of the domain) I get "Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied." I tried using the Stored User Names and Passwords to cache the credentials for the domain hosting the DFS; I added entries with the DNS, Netbios name and IP but I still get the same error. All computers are Windows 2003 (the standalone being 64-bit and the 2 hosting the DFS targets are 32-bit) all with SP2. How can I access the DFS from an out-of-domain computer?

In order to access DFS on the domain, your computer has to be either a member of the domain, or in a domain for which there is a trust relationship with the DFS's domain.

Hi, Thank you for posting here. According to your description, I understand that you would like to access a domain based DFS namespace from a non-domain members client. Based on my research, clients that belong to a workgroup can only access the DFS namespace if the name resolution mechanism that is in place can locally resolve the domain name. To work around this issue, you can access the actual server name by visiting either \\ Server1 \ Target1 or \\ Server2 \ Target2. If it doesnt work, I suggest you check the target 2 server share folder settings and network connection. Otherwise, please do the following steps to troubleshoot this issue. 1. Please Configure your DFS to use fully qualified domain names in referrals. Please refer to the KB article for domain name policies. http://support.microsoft.com/default.aspx?scid=kb;EN-US;244380 2. Enable your target 2server guest account in the control panel user accounts. Please do not setup a guest password. 3. Check the registry [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA] in the target 2 server. Confirm that the key restrictanonymous value is 0 and forceguest value is 1 4. Check the target 2 server local group policy via gpedit.msc Computer configuration Windows settings Security settings Local policies: - User rights assignment - Access this computer from the network - includes everyone group - User rights assignment Deny access to this computer remove Guests and Anonymous Logon group - Security Options Network access: let everyone permission apply to anonymous users , enable 5. Set the target server share folders sharing and security permission to everyone access 6. Add a DNS suffix to the workgroup client in the network adapter TCP/IP properties, advanced, DNS option configuration If you have any questions or concerns, please feel free to let me know. Best Regards, Wilson Jia