Solved

Clients are authenticating to domain controllers on incorrect sites

Posted on 2006-06-28
8
216 Views
Last Modified: 2010-03-18
We have a single domain running across 4 sites connected by a relatively slow VPN. All 4 sites have a Domain Controller, with the primary domain controller (DC1) in the head office.  All clients run Windows XP SP2.

Some, but not all, users at one of the remote sites are reporting slow response from Windows Explorer when browsing thei computers. Having eliminated a number of other issues, I have examined the security logs on the remote site (DC2) and head office (DC1) domain controllers and noticed that the users who are having problems appear to be authenticating to both their local domain controller (DC2) and the head office domain controller (DC1) The delay in the WAN link may explain the problem. Active Directory Sites and Services has been configured (correctly I think)

Any suggestions on how I can encourage clients to authenticate only to their local domain controller?
0
Comment
Question by:JohnGillespie
  • 3
  • 3
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17006395
sounds like AD sites and services hasnt been setup correctly

you should have

1) 1xsite per physical site
2) subnets assigned to the approp sites
0
 

Author Comment

by:JohnGillespie
ID: 17006561

I have checked. There is site for each physical site, with a DC in each and the subnets are associated correctly
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007025
have you configured global catalogs per site?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:JohnGillespie
ID: 17007091
Yes, in the NTDS settings Global Catalog in ticked for all sites, and replication is working fine.

I have just turned on auditing for loggon success and failure and most of the clients appear to be going to the correct DC, but some are promiscuous (for want of a better word) I am wondering if the problem is something in the configuration of the clients.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007225
not that i could think of, as long as you are pointing to a local DNS server (shouldn't really matter anyway) and there is correct site assignment all should be well
0
 

Author Comment

by:JohnGillespie
ID: 17056250
We discovered that we only had DFS replicated on the DC1 domain controller, so I guesss when clients were accessing DFS they were authenticating to DC1. We replicated DFS and that has reduced but not eliminated the problem

Thanks for your help
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17232221
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now