Matt
asked on
User logging on against wrong DC
Hi all,
2003 domain running 2003/2008/2012 servers.
I have recently demoted a 2008 DC and replaced with a 2012 on a number of sites. All looks good apart from a particular user seems to authenticate against a DC on another site across the WAN and not the new local DC that is available?
This causes issues with group policy applying properly. But im not sure why the machine is doing this? has anyone seen this before?
2003 domain running 2003/2008/2012 servers.
I have recently demoted a 2008 DC and replaced with a 2012 on a number of sites. All looks good apart from a particular user seems to authenticate against a DC on another site across the WAN and not the new local DC that is available?
This causes issues with group policy applying properly. But im not sure why the machine is doing this? has anyone seen this before?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
set logonserver command will give you the name of DC that completed authentication request for that computer.
additionally check if that computer has a diff IP address which might belong to a diff. subnet. which then you can verify in AD sites and services about the DC where that subnet is mapped.
additionally check if that computer has a diff IP address which might belong to a diff. subnet. which then you can verify in AD sites and services about the DC where that subnet is mapped.
As Dan said, this type of behaviour occurs due to missing SRV records. If the restart the netlogon service on the appropriate server, the SRV records creates automatically if it is missing.