I a domain that are in two countries, my office is the primary, they are two dcs in the main office and one in the remote office in another country. We have an ipsec tunnel between them.
Then we have a QA environment in its own domain, we setup a trust relationship between the two and grant users from the main domain access. But a few days ago a strange thing started to happen. I started getting login errors and other complains from users.
After investigating i realized that the QA domain controller kept trying to contact the DC in another country , a dc it cant possible route to. We want to keep it that way.
In sites and services i made sure to add the subnet of the QA environment and the main office enviroment in the same site.
When i do a flushdns the qa dc picks up and authenticates against the correct domain controller, but then after awhile it starts looking only for the one it cant reach.
I don't understand this logic. they are 3 DC, the master role holder is listed on a site your a member of , but yet you try contact that server over and over again like a retard.
Maybe im the retard is there a setting that i dont know about in AD or a role on that server in the other country that could be forcing this server to try to contact it.