Scenario: Client migrated from a legacy Active Directory (AD) forest with the following structure:
Legacy Forest Root Domain: LEGACY.LOCAL (NetBIOS Domain Name: LG1)
Child Domain 1: ONE.LEGACY.LOCAL
Child Domain 2: TWO.LEGACY.LOCAL
Child Domain 3: THREE.LEGACY.LOCAL
Client migrated to a new AD single forest/domain as follows:
New, Single Forest/Domain: NEWFD.COM (NetBIOS Domain Name: NFD)
Client configured a DFS Namespace in the new, single forest/root AD domain. DFS Namespace is:
\\NEWFD.COM\DFS
(NetBIOS: \\NFD\DFS)
Issue: Whenever users in the NEWFD.COM domain logged in to workstations joined to the LEGACY.LOCAL domain and attempted to access the DFS Namespace, they would get this error:
"Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied."
Cause: The workstations are attempting to access the target referral path by NetBIOS name of the Server rather than FQDN (see the screenshot).
I noticed that when I manually appended the new domain DNS suffix to the Server name (e.g. \\SCDPFPS03.newfd.com\DFS), I was able to successfully access the shared folders.
RESOLUTION: Added the new domain suffix to the DNS Search List under the network interface card's IPv4 address properties under the DNS tab. After adding the DNS suffix to the search list and running gpupdate /force, users where then able to successfully access the DFS Namespace and all the subfolders.