Good Day Experts
Have a problem that is driving us NUST surround our Multi Site Active Directory - sure asked many times before but here goes. (Will attach an image as well)
* ALL Connectivity via stable VPN's with pretty good bandwidth.
* 3 x DC's in London UK in a single location (offices all over the UK authenticating via the VPN to these DC's no problem)
* 1 x DC in Johannesburg South Africa in the same location as a few PC's (PC's authentically via the local lan to this DC no problem)
* 1 x DC in Frankfurt Germany with multiple German locations (cities with PCs)
Setup as follows:
Site: UK: - 3 x DC's (2 x GC's and Exchange 1 x FSMO 'host')
Site: ZA: - 1 x DC (GC)
Site: DE: - 1 x DC (GC)
All Server 2008 R2's All PCs Win 7 x64
AD replication between all the DC's works fine without any error and quite quick as well.
10 Subnets associated with the UK Site
1 Subnet associated with the ZA site
8 Subnets associated with the DE site
Looking at the 'right click properties' of any of the sites under 'General' I can see the correct subnets associated.
So here is my problem:
Trying to join to the domain any PC's from our DE locations or for those PC's that managed to join the domain after hours of retrying and messing around with resetting network adaptors etc just logging in/authenticating results in failure. Looking at the Resource Monitor (networking) while joining a PC to the domain from say Hamburg Germany I can see authentication attempts against the UK/London DC's even against the ZA/Johannesburg DC which is obviously not accessible - I say obviously not assessable as our VPN is setup in a way that all country locations can only has tunnels to their local DC location (DC locations has VPN tunnels to one another for replication which works fine). The prompt when joining the domain for security credentials is instant (it finds the domain) but then the above occurs hunting around for a DC and then after several minutes it fails with a domain is not available error. Same goes for PC's logging on to the domain hunting around and eventually timing out (can be 15 minutes) or using local cached passwords.
All DHCP servers provided the correct DNS servers for the subnets ie Hamburg Germany PC's points to the DNS of the Germany/DE DC.
In my mind the point of having a Site with a DC and associated subnets should allow for all authenticating (and joins to domain etc) to occur within the site. Appreciate there might be a quick retry on any available DCs as it's all in a single forest with a single domain but as soon as not contactable should be able to carryout any Active Directory type 'tasks' with in the site.
APOLOGIES for a lot of information but trying to be as thorough as possible. Attached a basic Visio scribble of the relevant part of the network.
Please Help - SOS (Thank You)