?
Solved

windows clients not using their local domain controller

Posted on 2013-02-02
5
Medium Priority
?
528 Views
Last Modified: 2013-02-19
I am having a problem with our new domain. We have a hub and spoke design with two hub sites. Half of all sites will replicate to one hub and the other half will goto the other.

DC1 and DC2 have a defined site link
DC1 and SITE1 have a defined site link

Site Link Transitivity has been disabled so I also created a site link bridge linking the two site links so that in the case that the domain controller at SITE1 is unavailable, and the domain controller at DC1 is unavailable, that it will still goto DC2. For some reason, most of the clients at SITE1 are going to DC2 when all of the Domain controllers are up and running.

To ensure that it isn't the site link bridge that I created, I removed the site link bridge between the two site links. The clients still use DC2 as their logon server.

DNS is setup right on the clients and the local site DC at SITE1 with their primary DNS serve being the SITE1 domain controller, and their secondary being DC1. Any idea why they continue to goto DC2?
0
Comment
Question by:bbcac
5 Comments
 
LVL 5

Expert Comment

by:Coffinated
ID: 38847882
Did you define a subnet for each site? If not you need to create 2 subnets and assign them to respected site.
Run gpupdate /force to refresh group policies
Run gpresult /r to check the login server
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38848113
Hi,

following the previous answer :
Does each DC be in the same subnet it's client ? (some company put their DC in a separate subnet) ?

btw, i would rather restart the computer after to monitor the change of DC, because, by doing only a gpupdate / gpresult you're generally still linked to the same DC (and if it's not the good one...)

cheers
0
 
LVL 5

Expert Comment

by:vin_shooter
ID: 38851036
Hi bbcac,

step1: Execute the command set L in command prompt then you'll get the logon server name

step2: Then query the site name,

nltest /dsgetsite /s:Logon server name to be given here

Then open dssite.msc in run and expand sites in the console navigate to the logon server site name and right click on the site name ->Properties, check in General tab the subnet range associated with the site.

Check whether the client IP ADDRESS falls in the subnet range associated with the site in which the logon server exist.

Also, some times if we assign the same subnet range in to two sites will result in this issue.

Conclusion:

Either the IPADDRESS of client machine is not associated to any of the site or it might have assigned to more than one site. Hence the issue.

Kindly perform the above check and revert, so that we can dig further..,

Expecting your reply..,
0
 
LVL 5

Accepted Solution

by:
vin_shooter earned 2000 total points
ID: 38855633
After performing the steps given in the above step still the workstation authenticates to DC in other sites then follow the given step,

open DNSMGMT.MSC, expand your domainname.com in DNS then navigate to _msdcs then expand DC then _sites click on corresponding site check for the SRV records then right click on the record & check for priority value..,

by changing the Priority value we can designate particular domain controller to act as Logon server for that site..,

Hope this will fix the issue permanently..,
0
 

Author Comment

by:bbcac
ID: 38907051
This was a mistake on my part... I had the site configed wrong... everything is fine now
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question