Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

PCs connecting to global catalogue in wrong site

Hi experts,

I have a DC and Exchange in site A, and just a DC in site B. The VPN has gone down between sites due to an internet issue.
After this happened a Terminal Server in Site A and a PC in site A could not connect to Exchange. I tried everything I could think of. I then added a reg entry to force them to use the local Global Catalogue. This resolved the problem but I can't figure out why they were trying to communicate with the other GC. Everything in AD Sites and Services looks ok.
I assume there is still an issue that needs to be fixed.

Would appreciate any ideas?

Thanks.
0
nealerocks
Asked:
nealerocks
2 Solutions
 
Sitaram PamarthiCommented:
Hi, The site choice is based on DCLocator process initiated by client. If your client is having a IP address that is mapped to SiteB in Active Directory Sites and Services, then no wonder why it is going there. So, please review your current sites and the assigned subnets and make sure there are no cross references.

The below two posts should given some insight to the DC locator process.
http://techibee.com/active-directory/understand-dclocator-processpart-1/39
http://techibee.com/active-directory/understand-dclocator-processpart-2/43
0
 
nealerocksAuthor Commented:
Sites and subnets are fine. The Terminal Server has a static IP address and the PC is using DHCP. Neither of them have addresses in the range of site B.
The other 15 PCs in site A have been working fine.

Thanks.
0
 
ZenVenkyArchitectCommented:
I want you to check the health of the DCs. Run dcdiag /v and repadmin /replsum and repadmin /showrepl and change DC's DNS settings based on the following link if required. If you see any errors in those test logs, mention them here for better awareness.

Best Practice of DNS
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
nealerocksAuthor Commented:
Given that the site B internet is not back on yet I won't bother with the tests. The event log is full of replication errors at the moment.
DNS is set up according to best practice. I don't think DNS is misconfigured. Really just trying to establish why a couple of computers would be trying to contact a different site GC.
0
 
Nagendra Pratap SinghCommented:
You may have to force a re-discovery of the DCs.

Please check the following link and let us know if it works.

http://support.microsoft.com/kb/939252
0
 
ZenVenkyArchitectCommented:
What DCDiag says, does it mention any where "Advertising failed". If yes you shall check Time Server issues. There is a possibility that other DC is acting as authoritative Time Server for domain than PDC. Make sure that PDC is NTP for the domain and it shall point to external time source for Time sync.

http://support.microsoft.com/kb/816042
0
 
Nirmal SharmaSolution ArchitectCommented:
PCs will not connect to wrong site unless these conditions are true:

 -PCs usnig a subnet which has not been defined in AD
 -Domain controllers in their site is not able to serve authentication requests for some reasons and other site DCs are configured to authenticate them.
 -You have registry entry set for these PCs; SiteName which forces them to authenticate with other site DCs.

Go to on that client and look at NetLogon\Parameters registry entries or post them here.

-----
Sys.
0
 
nealerocksAuthor Commented:
After setting manual entries in the registry issue has never reoccurred
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now