mjawarish
asked on
Client computers don't communicate with local domain controllers
My client has one windows 2003 domain that spans different countries. I have all AD sites configured well and replication is going as expected. Client IT staff from Germany site noticed that a number of client machines do not talk straight with the domain controllers in Germany AD site. They rather communicate with other DC's from different sites. If the machines are connected on the same subnet where the DC is on then computers can talk to the local DC first, but if they are on different subnets they just go out to other AD sites and find another DC to communicate with especially when you do nslookup for domain name. At the beginning I use to have a super subnet that covers all small subnets in the site, but lately I created all Germany subnets in AD and I associated these subnets with Germany AD site so that all machines from that site can communicate with the local DC's first.
I just found out that the issue still the same. Just to clarify, the machines are pointing to the local DNS servers in Germany. There is no WINS. Do you think I need WINS to help in this matter? Does anyone know what I'm missing here?
Thanks
I just found out that the issue still the same. Just to clarify, the machines are pointing to the local DNS servers in Germany. There is no WINS. Do you think I need WINS to help in this matter? Does anyone know what I'm missing here?
Thanks
Check if these clients are pointing to local DNS server only.
ASKER
Yes, the client machines point to the local AD DC's (DNS) servers. I don't get an error message. When I run the nslookup for my domain the query get resolved by another DNS server in the US sites instaed of the local AD DNS server in Germany. The query can be resolevd from the local AD DNS servers Only if the machine is located on the same subnet as the AD DNS. If I try to ping the AD DNS by name and IP everything looks fine. The machine can logon to the domain with no problem too.
So, this machine is in some other subnet, and not in the subnet of Germany.
Is their some secondary DNS server specified on these machines.
Primary DNS should point to AD (DNS) in Germany.
Try and remove secondary DNS if any.
Is their some secondary DNS server specified on these machines.
Primary DNS should point to AD (DNS) in Germany.
Try and remove secondary DNS if any.
Now, restart the machine and use nslookup again.
Could you post the outcome of
nslookup FQDN
Also mention the subnet for Germany and US.
Could you post the outcome of
nslookup FQDN
Also mention the subnet for Germany and US.
>>They rather communicate with other DC's from different sites. If the machines are connected on the same subnet where the DC is on then computers can talk to the local DC first, but if they are on different subnets they just go out to other AD
that is by design,,, AD sites and services is based upon what subnet the site and DC is on.
if you go into AD sites and services you will notice a 'subnets' folder, it sounds as though your subnets aren't associated with the SITE as they should. Every subnet range on your AD network should be in the 'subnets' folder. If they arent, then that is your problem. All you need to do is create one for every subnet and associate each one with the approprate AD site.
that is by design,,, AD sites and services is based upon what subnet the site and DC is on.
if you go into AD sites and services you will notice a 'subnets' folder, it sounds as though your subnets aren't associated with the SITE as they should. Every subnet range on your AD network should be in the 'subnets' folder. If they arent, then that is your problem. All you need to do is create one for every subnet and associate each one with the approprate AD site.
ASKER
Hi mikeleebria,
I have multiple AD sites established already and each site has its own subnet or subnets. What I found also that the client machine can't browse the AD domain. It can ping all domain controllers by name and IP. It can also ping the Default gateway, but when you click on Entire Network | Microsoft Windows Network, it takes long time to open and when you click on the AD domain, I get an error message
"mydomainname is not accessible. You may not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The list of servers for this workgroup is not currently available"
Any idea?
I have multiple AD sites established already and each site has its own subnet or subnets. What I found also that the client machine can't browse the AD domain. It can ping all domain controllers by name and IP. It can also ping the Default gateway, but when you click on Entire Network | Microsoft Windows Network, it takes long time to open and when you click on the AD domain, I get an error message
"mydomainname is not accessible. You may not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The list of servers for this workgroup is not currently available"
Any idea?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
My subnet was incorrect. Thanks everyone. Point should be split between gupta and mikeleebrla
Reps