Solved

PCs connecting to global catalogue in wrong site

Posted on 2013-02-05
8
614 Views
Last Modified: 2013-07-17
Hi experts,

I have a DC and Exchange in site A, and just a DC in site B. The VPN has gone down between sites due to an internet issue.
After this happened a Terminal Server in Site A and a PC in site A could not connect to Exchange. I tried everything I could think of. I then added a reg entry to force them to use the local Global Catalogue. This resolved the problem but I can't figure out why they were trying to communicate with the other GC. Everything in AD Sites and Services looks ok.
I assume there is still an issue that needs to be fixed.

Would appreciate any ideas?

Thanks.
0
Comment
Question by:nealerocks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Expert Comment

by:Sitaram Pamarthi
ID: 38858055
Hi, The site choice is based on DCLocator process initiated by client. If your client is having a IP address that is mapped to SiteB in Active Directory Sites and Services, then no wonder why it is going there. So, please review your current sites and the assigned subnets and make sure there are no cross references.

The below two posts should given some insight to the DC locator process.
http://techibee.com/active-directory/understand-dclocator-processpart-1/39
http://techibee.com/active-directory/understand-dclocator-processpart-2/43
0
 
LVL 12

Author Comment

by:nealerocks
ID: 38858071
Sites and subnets are fine. The Terminal Server has a static IP address and the PC is using DHCP. Neither of them have addresses in the range of site B.
The other 15 PCs in site A have been working fine.

Thanks.
0
 
LVL 9

Assisted Solution

by:Zenvenky
Zenvenky earned 150 total points
ID: 38858142
I want you to check the health of the DCs. Run dcdiag /v and repadmin /replsum and repadmin /showrepl and change DC's DNS settings based on the following link if required. If you see any errors in those test logs, mention them here for better awareness.

Best Practice of DNS
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Author Comment

by:nealerocks
ID: 38858177
Given that the site B internet is not back on yet I won't bother with the tests. The event log is full of replication errors at the moment.
DNS is set up according to best practice. I don't think DNS is misconfigured. Really just trying to establish why a couple of computers would be trying to contact a different site GC.
0
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 38858211
You may have to force a re-discovery of the DCs.

Please check the following link and let us know if it works.

http://support.microsoft.com/kb/939252
0
 
LVL 9

Expert Comment

by:Zenvenky
ID: 38858235
What DCDiag says, does it mention any where "Advertising failed". If yes you shall check Time Server issues. There is a possibility that other DC is acting as authoritative Time Server for domain than PDC. Make sure that PDC is NTP for the domain and it shall point to external time source for Time sync.

http://support.microsoft.com/kb/816042
0
 
LVL 35

Accepted Solution

by:
Nirmal Sharma earned 350 total points
ID: 38858609
PCs will not connect to wrong site unless these conditions are true:

 -PCs usnig a subnet which has not been defined in AD
 -Domain controllers in their site is not able to serve authentication requests for some reasons and other site DCs are configured to authenticate them.
 -You have registry entry set for these PCs; SiteName which forces them to authenticate with other site DCs.

Go to on that client and look at NetLogon\Parameters registry entries or post them here.

-----
Sys.
0
 
LVL 12

Author Closing Comment

by:nealerocks
ID: 39335145
After setting manual entries in the registry issue has never reoccurred
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question