[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Remote site will not autenticate to local Domain Controller

Posted on 2007-10-11
Medium Priority
Last Modified: 2013-12-05
I have had this problem lingering for a while now.

I have a single domain with 2 Domain controllers(Server 2003) at HQ . I also have four remote sites set up with a DC in each (both windows 2000 and windows 2003). on the rare occurance that the VPN between HQ and the remote sites breaks (ISP outage, Powerloss etc..), the users in the remote sites lose all domain activity. They can't log on, they lose access to shared resources. the desktops are all XP Pro and I'm not sure why they can't even log on with the cached profile.

I have checked a few destops in the remote sites to find out which logon server they are using.
The set logonserver command at a command prompt returns their local domain controller.

This happens for sites with both server 2000 and 2003 domain controllers.

I would like to get to a point where each site can function on a local level even if the VPN connection dies.

Any help is much appreciated.

Question by:jmarenghi
LVL 10

Accepted Solution

Darylx earned 375 total points
ID: 20057652
Is your forest set to Native Mode.  If so, it could be a global catalog problem.  All logins in a native mode domain need to contact a global catalog server.  No GC server, no login.  This can be fixed by configuring the DCs at the remote sites as Global Catalog servers.
LVL 70

Assisted Solution

KCTS earned 375 total points
ID: 20059086
You must also provide alternate DNS servers on site and specify them in the TCP/IP properties.

Author Comment

ID: 20059380
Thanks Darylx & KCTS

I believe the problem was the Global Catlog setting on the DC's in the remote sites. I just need to wait to break the vpn and try to have a user restart a PC down there.

I should be all set with DNS resolution for the remote clients because the DC's in the remote sites all run DNS with forwarders for their respective ISP's.

I'll give out the points after I test


Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question