We have set up an enviroment where we have a small domain in our DMZ, consisting of a Windows 2008 R2 domain controller for our DMZ domain and a client server running IIS (webserver) on another Windows 2008 R2 server and is a DMZ domain member.
The DMZ domain trusts our internal domain, and the AD in our internal domain is running on 2003 servers.
The trust works as it should between the two domain controllers, and login on the DMZ domain controller using a useraccount from our internal domain works well and login time is appr. 4 seconds. DNS works.
Using the same internal domain useraccount to login to the DMZ webserver also works, but no it takes 35 seconds. The extra 30 seconds the welcome screen is showing.
All ports between the two zones are open at the moment for testing purposes, so no traffic is being blocked. All authentication works, but for some reason the login is always slow on the client server and never on the domain controller.
What causes this behavior?