[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 481
  • Last Modified:

Domain controller not responding to client request

Our company has branches which is connected by VPN and wireless

I have installed additional DC/DNS in branches as per below discussion but it seems like there is some misconfiguration as when the wireless or VPN is not connected users(PCs) will take 5-10 minutes to login. Folder redirection also enabled for these users.
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27194599.html

I installed ADC and DNS server in branches to avoid this but it seems like users(PCs) are looking for DC in the head office.

Your help is highly appreciated to sort out this issue.
0
MAS
Asked:
MAS
  • 5
  • 2
  • 2
  • +3
3 Solutions
 
Radhakrishnan RITCommented:
Have you enabled global catalog role onto the branch office server?  
Also it's worth to check SRV records.
0
 
MASTechnical Department HeadAuthor Commented:
It is GC as well
Sorry for not mentioning that b4
0
 
Radhakrishnan RITCommented:
O.k then it should be related to dns. Have a look at this article msmvps.com/blogs/acefekay/archive/2010/01/03/the-dc-locator-process-the-logon-process-controlling-which-dc-responds-in-an-ad-site-and-srv-records.aspx

let us know for further assist.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Neil RussellTechnical Development LeadCommented:
Is your Sites Server handling DHCP for your workstations? Your not using a router for it are you?
0
 
MASTechnical Department HeadAuthor Commented:
we have created a Vlan for it. There is DHCP in the remote locations
0
 
jrhelgesonCommented:
You need to make sure that your AD topology matches your physical topology.

Go into AD Sites and Services, and make sure that you have AD sites for each location, and your domain controllers are in those locations. Then make sure that you have created the network subnets that are in use at each location, so that each location has its subnets.

Subnets and proper site topology: That is the critical information that AD needs in order to identify the nearest DC for a user to log into.
0
 
MASTechnical Department HeadAuthor Commented:
Please check these events I forgot to mention this before

event ID 1925 : the attempt to establish a replication link for the following writable directory partition
Event ID 1053 : windows cannot determine the user or computer name (access denied) Group policy processing aborted


I tried Googling  but solutions didn't work
0
 
David Johnson, CD, MVPOwnerCommented:
from a client machine do a nslookup to the local  dns server
are all of the branch offices able to contact the man ad/dns server?
you may have hq.abc.com ny.abc.com fla.abc.com nev.abc.com la.abc.com eur.abc.com
these all have to be able to connect and have a trust relationship with hq.abc.com
Global Catalog Server      TCP      3268-3269
LDAP Server      TCP/UDP      389
LDAP SSL      TCP/UDP      636
IPsec ISAKMP      UDP      500
NAT-T      UDP      4500
RPC      TCP      135

unless you have a vpn between the sites you will have to use NAT routing from the router to the DNS/AD servers
work on one site at a time once you get dns/ad replication working between the 2 DNS/AD servers you can use the knowledge you have gained
to configure the remainder.

it is pretty obvious that there is not a trust relationship between the hq/branch sites and ad is not being replicated.
0
 
MASTechnical Department HeadAuthor Commented:
Majority of these are connected through wireless not by VPN.

all branches have ADC not another domain/child domain
0
 
pwindellCommented:
This shouldn't be so complicated.

1. Make sure the Client uses the Local DC in it's TCP/IP Setting.  I would recommend that be the only DNS listed.

2. Setup the AD Sites & Services correctly.  THAT is what associates the Client to the correct DC

If these don't seem to be behaving properly then you need to make sure these two things were done correctly to begin with.
0
 
jrhelgesonCommented:
You must have your site topology properly laid out in Active Directory, then have the site-to-site links input with the proper site costs, such that Active Directory actually understands your topology.  Once it understands its topology, it will try and authenticate a user against its local AD server (provided that AD server has a Global Catalog.)
If the local GC is not available, then the client will try to authenticate against the next nearest GC - which it will determine by its own understanding of the AD site topology.

Because you are dealing with multiple sites, you need to make sure that each site has a Global Catalog in order to process logins.
0
 
MASTechnical Department HeadAuthor Commented:
Thanks
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 5
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now