Clients are authenticating to domain controllers on incorrect sites

We have a single domain running across 4 sites connected by a relatively slow VPN. All 4 sites have a Domain Controller, with the primary domain controller (DC1) in the head office.  All clients run Windows XP SP2.

Some, but not all, users at one of the remote sites are reporting slow response from Windows Explorer when browsing thei computers. Having eliminated a number of other issues, I have examined the security logs on the remote site (DC2) and head office (DC1) domain controllers and noticed that the users who are having problems appear to be authenticating to both their local domain controller (DC2) and the head office domain controller (DC1) The delay in the WAN link may explain the problem. Active Directory Sites and Services has been configured (correctly I think)

Any suggestions on how I can encourage clients to authenticate only to their local domain controller?
JohnGillespieAsked:
Who is Participating?
 
DarthModConnect With a Mentor Commented:
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0
 
Jay_Jay70Commented:
sounds like AD sites and services hasnt been setup correctly

you should have

1) 1xsite per physical site
2) subnets assigned to the approp sites
0
 
JohnGillespieAuthor Commented:

I have checked. There is site for each physical site, with a DC in each and the subnets are associated correctly
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
Jay_Jay70Commented:
have you configured global catalogs per site?
0
 
JohnGillespieAuthor Commented:
Yes, in the NTDS settings Global Catalog in ticked for all sites, and replication is working fine.

I have just turned on auditing for loggon success and failure and most of the clients appear to be going to the correct DC, but some are promiscuous (for want of a better word) I am wondering if the problem is something in the configuration of the clients.
0
 
Jay_Jay70Commented:
not that i could think of, as long as you are pointing to a local DNS server (shouldn't really matter anyway) and there is correct site assignment all should be well
0
 
JohnGillespieAuthor Commented:
We discovered that we only had DFS replicated on the DC1 domain controller, so I guesss when clients were accessing DFS they were authenticating to DC1. We replicated DFS and that has reduced but not eliminated the problem

Thanks for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.