Clients authenticating with incorrect server (RODC)

Hi All,

Here's the scenario. I have 3x DCs. 1x PDC, 1x BDC and 1x RODC. The RODC lives on a remote site and services half a dozen PCs.

I am getting 5723 events logged on our RODC(with limited credentials) for accounts that should be serviced on our main site, so it got me wondering why these machines are crawling through a limited DSL VPN when they should be serviced locally.

I also log which servers are servicing logon requests on our main site. This is split between the PDC and BDC.

Any ideas what logic (if any) the client machines are using to find the best available PC and how I can stop local machines trying to authenticate with a DC which doesnt store it's credentials.

I am running a simple domain on SBS2008 with no trusts relationships.

Sorry if the answer is obvious!!?

Thanks in advance.

Who is Participating?
Go into AD Sites and Services.  Ensure that all of your network subnets are in there and are associated with the correct site.
Darius GhassemCommented:
Like bill said most of the time not having your AD sites setup properly the clients will search AD for a DC then go for the first one that responds. You need to have sites setup. Second you need to make sure clients are pointing to their local DNS server this helps the client to determine what DC to use as well
noooodlezAuthor Commented:
Makes perfect sense. Stupid me for missing that!!
Have only recently set up the 2nd site and never configured sites and services.

I have now set my subnets and sites up. All looks simple enough (nothing has died yet anyway!!). Will monitor now and see how we get on.

Question. I have set the replication schedule to the remote site as once per day (instead of once per hour). I can always force changes through. How much data will this replication be sending through my 512k vpn? I assume it is reasonable intelligent and will only send differential changes to applicable accounts?

Darius GhassemCommented:
Not much data at all but I would do it at least once every four hours.
noooodlezAuthor Commented:
Cheers guys. Now sorted!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.