Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

User logging on against wrong DC

Posted on 2014-09-09
3
Medium Priority
?
326 Views
Last Modified: 2014-09-12
Hi all,

2003 domain running 2003/2008/2012 servers.

I have recently demoted a 2008 DC and replaced with a 2012 on a number of sites. All looks good apart from a particular user seems to authenticate against a DC on another site across the WAN and not the new local DC that is available?

This causes issues with group policy applying properly. But im not sure why the machine is doing this? has anyone seen this before?
0
Comment
Question by:Matt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 2000 total points
ID: 40311572
I would first run the following commands from the computer the user is working on:

1. nltest /DSGETDC:<YouDomainNameHere.Extension>

2. nslookup
2a. set type=SRV
2b. _ldap._tcp.<SiteName>._sites.dc._msdcs.<YourDomain.Ext>

#1 will tell you what DC & Site this computer/user is connecting thru.
#2 will tell you what LDAP servers are in DNS for the site

I would also verify the TCP/IP configuration on the computer. I would read thru this article and double check your Sites & Services config.

http://blogs.dirteam.com/blogs/paulbergson/archive/2010/04/19/ad-clients-not-authenticating-to-its-local-site.aspx

Dan
0
 
LVL 23

Expert Comment

by:Radhakrishnan R
ID: 40311760
Hi,

As Dan said, this type of behaviour occurs due to missing SRV records. If the restart the netlogon service on the appropriate server, the SRV records creates automatically if it is missing.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40312392
set logonserver command will give you the name of DC that completed authentication request for that computer.
additionally check if that computer has a diff IP address which might belong to a diff. subnet. which then you can verify in AD sites and services about the DC where that subnet is mapped.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question