Solved

Clients are authenticating to domain controllers on incorrect sites

Posted on 2006-06-28
8
246 Views
Last Modified: 2010-03-18
We have a single domain running across 4 sites connected by a relatively slow VPN. All 4 sites have a Domain Controller, with the primary domain controller (DC1) in the head office.  All clients run Windows XP SP2.

Some, but not all, users at one of the remote sites are reporting slow response from Windows Explorer when browsing thei computers. Having eliminated a number of other issues, I have examined the security logs on the remote site (DC2) and head office (DC1) domain controllers and noticed that the users who are having problems appear to be authenticating to both their local domain controller (DC2) and the head office domain controller (DC1) The delay in the WAN link may explain the problem. Active Directory Sites and Services has been configured (correctly I think)

Any suggestions on how I can encourage clients to authenticate only to their local domain controller?
0
Comment
Question by:JohnGillespie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17006395
sounds like AD sites and services hasnt been setup correctly

you should have

1) 1xsite per physical site
2) subnets assigned to the approp sites
0
 

Author Comment

by:JohnGillespie
ID: 17006561

I have checked. There is site for each physical site, with a DC in each and the subnets are associated correctly
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007025
have you configured global catalogs per site?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:JohnGillespie
ID: 17007091
Yes, in the NTDS settings Global Catalog in ticked for all sites, and replication is working fine.

I have just turned on auditing for loggon success and failure and most of the clients appear to be going to the correct DC, but some are promiscuous (for want of a better word) I am wondering if the problem is something in the configuration of the clients.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007225
not that i could think of, as long as you are pointing to a local DNS server (shouldn't really matter anyway) and there is correct site assignment all should be well
0
 

Author Comment

by:JohnGillespie
ID: 17056250
We discovered that we only had DFS replicated on the DC1 domain controller, so I guesss when clients were accessing DFS they were authenticating to DC1. We replicated DFS and that has reduced but not eliminated the problem

Thanks for your help
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17232221
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question