Solved

Clients are authenticating to domain controllers on incorrect sites

Posted on 2006-06-28
8
232 Views
Last Modified: 2010-03-18
We have a single domain running across 4 sites connected by a relatively slow VPN. All 4 sites have a Domain Controller, with the primary domain controller (DC1) in the head office.  All clients run Windows XP SP2.

Some, but not all, users at one of the remote sites are reporting slow response from Windows Explorer when browsing thei computers. Having eliminated a number of other issues, I have examined the security logs on the remote site (DC2) and head office (DC1) domain controllers and noticed that the users who are having problems appear to be authenticating to both their local domain controller (DC2) and the head office domain controller (DC1) The delay in the WAN link may explain the problem. Active Directory Sites and Services has been configured (correctly I think)

Any suggestions on how I can encourage clients to authenticate only to their local domain controller?
0
Comment
Question by:JohnGillespie
  • 3
  • 3
8 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17006395
sounds like AD sites and services hasnt been setup correctly

you should have

1) 1xsite per physical site
2) subnets assigned to the approp sites
0
 

Author Comment

by:JohnGillespie
ID: 17006561

I have checked. There is site for each physical site, with a DC in each and the subnets are associated correctly
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007025
have you configured global catalogs per site?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:JohnGillespie
ID: 17007091
Yes, in the NTDS settings Global Catalog in ticked for all sites, and replication is working fine.

I have just turned on auditing for loggon success and failure and most of the clients appear to be going to the correct DC, but some are promiscuous (for want of a better word) I am wondering if the problem is something in the configuration of the clients.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17007225
not that i could think of, as long as you are pointing to a local DNS server (shouldn't really matter anyway) and there is correct site assignment all should be well
0
 

Author Comment

by:JohnGillespie
ID: 17056250
We discovered that we only had DFS replicated on the DC1 domain controller, so I guesss when clients were accessing DFS they were authenticating to DC1. We replicated DFS and that has reduced but not eliminated the problem

Thanks for your help
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17232221
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question