Domain Authentication Slow when IP range / subnet different then DC
Posted on 2013-12-05
I am having issues with what I think is Domain Authentication slowing down some client software. The issue on happens when using Intergrated Authentication with SQL server. There is a lot happening so I will explain what happened to get to this point.
Every thing was working fine prior to the next things.
We had three DC's in our domain. One is a new machine Server 2008 r2 64bit, the other two have been in service for 4 years, Server 2003, 32 bit.
We de-promoted on of the older DC last night. It also was a DHCP and DNS Server. Those functions had been migrated to the new server about a week ago with no issue.
Our network has three ip ranges 192.168.2.x 192.168.3.x and 10.192.21.x.
All DC are on 192.168.2.x subnet. All client PC on this subnet work fine.
If I take a client PC that is in the 192.168.3.x subnet and try to access SQL (in 192.168.2.x subnet) every operation takes about 10-30 seconds per DB call.
If I switch from Intergrated Authenticaion to a saved password the app runs at normal speed.
If I access an internal website that is in the 2.x subnet with the PC while it is on the 3.x subnet the website is fast as it usually is.
If I move the client NIC cable to a port on the same switch (we have Cisco with a three VLans) and it is in the 2.x subnet, everything runs at normal speed.
I don't see any issues in the event viewer of the DC's, the client PC, or the SQL Server Box.
Ping times and bandwidth checks all look normal.
The firewalls are turned off on the DC's, SQL box, and the client.
Does anyone have an idea of what I should be looking for?