Solved

Clients are authenticating to domain controllers on incorrect sites

Posted on 2006-06-28
8
207 Views
Last Modified: 2010-03-18
We have a single domain running across 4 sites connected by a relatively slow VPN. All 4 sites have a Domain Controller, with the primary domain controller (DC1) in the head office.  All clients run Windows XP SP2.

Some, but not all, users at one of the remote sites are reporting slow response from Windows Explorer when browsing thei computers. Having eliminated a number of other issues, I have examined the security logs on the remote site (DC2) and head office (DC1) domain controllers and noticed that the users who are having problems appear to be authenticating to both their local domain controller (DC2) and the head office domain controller (DC1) The delay in the WAN link may explain the problem. Active Directory Sites and Services has been configured (correctly I think)

Any suggestions on how I can encourage clients to authenticate only to their local domain controller?
0
Comment
Question by:JohnGillespie
  • 3
  • 3
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17006395
sounds like AD sites and services hasnt been setup correctly

you should have

1) 1xsite per physical site
2) subnets assigned to the approp sites
0
 

Author Comment

by:JohnGillespie
ID: 17006561

I have checked. There is site for each physical site, with a DC in each and the subnets are associated correctly
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007025
have you configured global catalogs per site?
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 

Author Comment

by:JohnGillespie
ID: 17007091
Yes, in the NTDS settings Global Catalog in ticked for all sites, and replication is working fine.

I have just turned on auditing for loggon success and failure and most of the clients appear to be going to the correct DC, but some are promiscuous (for want of a better word) I am wondering if the problem is something in the configuration of the clients.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007225
not that i could think of, as long as you are pointing to a local DNS server (shouldn't really matter anyway) and there is correct site assignment all should be well
0
 

Author Comment

by:JohnGillespie
ID: 17056250
We discovered that we only had DFS replicated on the DC1 domain controller, so I guesss when clients were accessing DFS they were authenticating to DC1. We replicated DFS and that has reduced but not eliminated the problem

Thanks for your help
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17232221
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now