Change Priority of DC Logonserver in one Site with DNS SRV Record

We have on one site four DCs. 2x 2003 and 2x2008. The 2003 is running on very old and slow hardware but is the primary dfs-root and cant be shut down without migrating the dfs-root and without downtime.

So we would like to change the priority of the logonserver, so that every Clients/Server uses only the fast 2008 DCs.

We have changed the registry settings on the two 2003 DCs, as described here:
http://technet.microsoft.com/en-us/library/cc787370%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc781155%28v=ws.10%29.aspx

This took affect in DNS on the _ldap entrys in the following path:
_ldap._tcp.SITENAME._sites.dc._msdcs.DOMAINNAME.de and
_kerberos._tcp.SITENAME._sites.dc._msdcs.DOMAINNAME.de and
_ldap._tcp.dc._msdcs.DOMAINNAME.de and
_kerberos._tcp.dc._msdcs.DOMAINNAME.de

The TTL of the settings is 10 Minutes.

Everythin seems good. But when logging on in most cases the old DCs are used as Logonserver. Checking with cmd set logonserver

checking with nslookup
> set type=srv
> _ldap._tcp.SITENAME._sites.dc._msdcs.DOMAINNAME.de

The priority is ok (old DCs 16, new DCs 0)
but the sort of the server changes randomly every check. I would expect, that the new DC are because of the priority allways in the upper lines and the old DCs in the lower lines.
But it isnt.

Can someone help? Thanks.
staugustAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
This could be related to a caching of the Dc's in question. Take a look at this Knowledge base...

http://support.microsoft.com/kb/939252

Also, check the logs as well on the DC's to ensure that everything is operating normally.

Thanks

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SandeshdubeySenior Server EngineerCommented:
It seems to be Client-Side DNS Caching.

Disable Client-Side DNS Caching
http://support.microsoft.com/?scid=kb;en-us;318803&x=13&y=8
http://msmvps.com/blogs/acefekay/archive/2010/01.aspx

Ensure that correct dns setting is configured on cleint computer.The primary should point to DNS DC which you want to authenticate with.http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
staugustAuthor Commented:
After Reboot of our Citrix-Server the new DCs are used as logonserver. So the information of the logonserver was cached. We did not need to install the patch.
Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.