Solved

Client computers don't communicate with local domain controllers

Posted on 2006-06-20
12
601 Views
Last Modified: 2012-05-05
My client has one windows 2003 domain that spans different countries. I have all AD sites configured well and replication is going as expected. Client IT staff from Germany site noticed that a number of client machines do not talk straight with the domain controllers in Germany AD site. They rather communicate with other DC's from different sites. If the machines are connected on the same subnet where the DC is on then computers can talk to the local DC first, but if they are on different subnets they just go out to other AD sites and find another DC to communicate with especially when you do nslookup for domain name.  At the beginning I use to have a super subnet that covers all small subnets in the site, but lately I created all Germany subnets in AD and I associated these subnets with Germany AD site so that all machines from that site can communicate with the local DC's first.
I just found out that the issue still the same. Just to clarify, the machines are pointing to the local DNS servers in Germany. There is no WINS. Do you think I need WINS to help in this matter? Does anyone know what I'm missing here?
Thanks
0
Comment
Question by:mjawarish
  • 3
  • 3
  • 2
  • +2
12 Comments
 
LVL 30

Expert Comment

by:ded9
ID: 16945038
what exact message or error are you getting

Reps
0
 
LVL 13

Expert Comment

by:prashsax
ID: 16945231
Check if these clients are pointing to local DNS server only.


0
 

Author Comment

by:mjawarish
ID: 16946291
Yes, the client machines point to the local AD DC's (DNS) servers. I don't get an error message. When I run the nslookup for my domain the query get resolved by another DNS server in the US sites instaed of the local AD DNS server in Germany. The query can be resolevd from the local AD DNS servers Only if the machine is located on the same subnet as the AD DNS.   If I try to ping the AD DNS by name and IP everything looks fine. The machine can logon to the domain with no problem too.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:prashsax
ID: 16946527
So, this machine is in some other subnet, and not in the subnet of Germany.

Is their some secondary DNS server specified on these machines.

Primary DNS should point to AD (DNS) in Germany.

Try and remove secondary DNS if any.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 16946555
Now, restart the machine and use nslookup again.

Could you post the outcome of
nslookup FQDN

Also mention the subnet for Germany and US.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 16946563
>>They rather communicate with other DC's from different sites. If the machines are connected on the same subnet where the DC is on then computers can talk to the local DC first, but if they are on different subnets they just go out to other AD

that is by design,,, AD sites and services is based upon what subnet the site and DC is on.
if you go into AD sites and services you will notice a 'subnets' folder,  it sounds as though your subnets aren't associated with the SITE as they should. Every subnet range on your AD network should be in the 'subnets' folder.  If they arent, then that is your problem.  All you need to do is create one for every subnet and associate each one with the approprate AD site.

0
 

Author Comment

by:mjawarish
ID: 16948599
Hi mikeleebria,
I have multiple AD sites established already and each site has its own subnet or subnets. What I found also that the client machine can't browse the AD domain. It can ping all domain controllers by name and IP. It can also ping the Default gateway, but when you click on Entire Network | Microsoft Windows Network, it takes long time to open and when you click on the AD domain, I get an error message

"mydomainname is not accessible. You may not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The list of servers for this workgroup is not currently available"    

Any idea?
0
 
LVL 4

Accepted Solution

by:
ansh_gupta earned 250 total points
ID: 16949680
If the client is supposed to use germany site, then it should be having ip address frm the subnet associated with germany site. Ip address of a machine is the criteria on which it tries to find out the right domain controller to talk to.. So you need to have ip from the subnet associated with germany site.
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 250 total points
ID: 16950892
i agree with ansh_gupta... the PC has to be in the right subnet since that is what sites and services is based on.  If the PC doesn't have an IP in the correct subnet, that is the issue.
0
 

Author Comment

by:mjawarish
ID: 17060022
My subnet was incorrect. Thanks everyone. Point should be split between gupta and mikeleebrla
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question