Anwar Manha
asked on
Clients authenticating HO DC instead of Site DC
Help Request:
Hi Support
we have 2 site in AD DS (HO & AWS), i have installed a new DC for AWS Site and associated the AWS subnet
now the machines in my AWS Site are logon to HO DC instead of AWS DC, this increase network latency (as 2 sites are connected through site to site VPN). how can we make sure AWS site clients authenticate AWS DC
Hi Support
we have 2 site in AD DS (HO & AWS), i have installed a new DC for AWS Site and associated the AWS subnet
now the machines in my AWS Site are logon to HO DC instead of AWS DC, this increase network latency (as 2 sites are connected through site to site VPN). how can we make sure AWS site clients authenticate AWS DC
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Tom Cieslik - Don't you feel this is misleading to propose a hack when by design MSFT functions exactly how the OP wants this to work (they just don't know how to properly set it up)? Future readers are going to erroneously think the only way for a client to authenticate to the most efficient DC is to hack it and force it to do so - they are not actually learning how to setup it up properly so that it will perform the feat natively.
Start the registry editor
Move to HKEY_LOCAL_MACHINE\SYSTEM\
From the Edit menu select New - DWORD value
Enter a name of NodeType and press ENTER
Double click on the new value and set to 4 (this sets the network to an M-mode/mixed which means it will perform a broadcast before querying name servers for resolution). By default a system is 1 if no WINS servers are configured (B-node/broadcase) or 8 if at least one WINS server is configured (H-node/queries name resolution first then broadcasts)
Double click on the EnableLMHOSTS value and set to 1. If it does not exist select New - DWORD value from the Edit menu and enter a name of EnableLMHOSTS
Close the registry editor
Reboot the machine
The machine is now configured to broadcase for a domain controller on a local subnet and then query a name server. If no domain controllers are found on the WINS server, or WINS is not used it will then search the LMHOSTS file. The next stage is to edit this file.
Check for the LMHOSTS file
C:\>dir %systemroot%\system32\driv
If the file does not exist copy the sample host file
C:\>copy %systemroot%\system32\driv
1 file(s) copied.
Edit the file using edit.exe, don't use notepad.exe
C:\>edit %systemroot%\system32\driv
Goto the end of the comments and add a new line of the format
<ip address> <name of DC> #PRE #DOM:<domain name> #<comment>
e.g. 200.200.200.50 titanic #PRE #DOM:savilltech #savilltech domain controller
Save the changes to the file and exit edit.exe
Force the machine to reload the LMHOSTS file (or just reboot)
C:\>NBTSTAT -R
Note: The -R must be in capitals, the command is case sensitive
Check the cache
C:\>NBTSTAT -c
At this point the configuration is complete and a reboot is advisable.