Solved

User logging on against wrong DC

Posted on 2014-09-09
3
276 Views
Last Modified: 2014-09-12
Hi all,

2003 domain running 2003/2008/2012 servers.

I have recently demoted a 2008 DC and replaced with a 2012 on a number of sites. All looks good apart from a particular user seems to authenticate against a DC on another site across the WAN and not the new local DC that is available?

This causes issues with group policy applying properly. But im not sure why the machine is doing this? has anyone seen this before?
0
Comment
Question by:Matt
3 Comments
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 40311572
I would first run the following commands from the computer the user is working on:

1. nltest /DSGETDC:<YouDomainNameHere.Extension>

2. nslookup
2a. set type=SRV
2b. _ldap._tcp.<SiteName>._sites.dc._msdcs.<YourDomain.Ext>

#1 will tell you what DC & Site this computer/user is connecting thru.
#2 will tell you what LDAP servers are in DNS for the site

I would also verify the TCP/IP configuration on the computer. I would read thru this article and double check your Sites & Services config.

http://blogs.dirteam.com/blogs/paulbergson/archive/2010/04/19/ad-clients-not-authenticating-to-its-local-site.aspx

Dan
0
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
ID: 40311760
Hi,

As Dan said, this type of behaviour occurs due to missing SRV records. If the restart the netlogon service on the appropriate server, the SRV records creates automatically if it is missing.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 40312392
set logonserver command will give you the name of DC that completed authentication request for that computer.
additionally check if that computer has a diff IP address which might belong to a diff. subnet. which then you can verify in AD sites and services about the DC where that subnet is mapped.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now