Andy Andy
asked on
Client authentication issue - slow logging
Hello Team,
This is AD Site & Services and DNS Question
to understand the issue, let me explain through scenario
We have suppose 3 sites.
Site A which having abcd01 DC
Site B which having abxy01 DC
Site C which having abml01 DC
Site A DC we have shutdown, and we need Site A users will authenticated through Site B users. But this is not happening, users are getting Site B primary and secondary DNS which is correct through DHCP
Instead of site B they are being sent by Site B DC to Site C DC, because of this user complaining about slow logon
i have checked site links are properly created in sites and services, between siteA and Site B
Please suggest what could be the issue
Thanks,
Addy
This is AD Site & Services and DNS Question
to understand the issue, let me explain through scenario
We have suppose 3 sites.
Site A which having abcd01 DC
Site B which having abxy01 DC
Site C which having abml01 DC
Site A DC we have shutdown, and we need Site A users will authenticated through Site B users. But this is not happening, users are getting Site B primary and secondary DNS which is correct through DHCP
Instead of site B they are being sent by Site B DC to Site C DC, because of this user complaining about slow logon
i have checked site links are properly created in sites and services, between siteA and Site B
Please suggest what could be the issue
Thanks,
Addy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Excluding the subnets in sites and services, slow logon can also be caused by token bloat. How many groups do you have assigned to these users?
ASKER
So subnet i can see is assigned to same Site A, But in that DC is down
we have other sites also at same location, there is no DC and Subnet is assigned to thta site also, but they are contacting correctly to singapore DC
Thanks
we have other sites also at same location, there is no DC and Subnet is assigned to thta site also, but they are contacting correctly to singapore DC
Thanks
Well, as I said, assign Site B to the subnet where the users complain about slow logons.
If the intersite link is slow, maybe you should actually have a DC on that site , in case the intersite link goes down , you will have no DC.
You have the option to install a Read only DC on the site , in case you fear for the security of the DC.
Best practice is to have a local DC on each site , you never know when the intersite link goes down and for how long , unless you have a backup intersite connection.
If the intersite link is slow, maybe you should actually have a DC on that site , in case the intersite link goes down , you will have no DC.
You have the option to install a Read only DC on the site , in case you fear for the security of the DC.
Best practice is to have a local DC on each site , you never know when the intersite link goes down and for how long , unless you have a backup intersite connection.
ASKER
reason of down of the DC, is we are consolidating DC from the respective site, so we selected Site A as a pilot site.
Not a good decision if your intersite link is slow or at xx hops from the main site. On one of the setups i have 25 sites and only 5 DC's but site inter connectivity is fast and backed up by MPLS. Never experienced slow logons.
So if you assigned the correct site on each subnet in sites and services and you still experience slow logon , the issue might either be :
- Slow link
- Resource heavy logon scripts
- drives mapped that can not be re connected at logon.
- Heavy GPO's ....
Causes can be many but the main reasons would be the connection between the client the logon server.
So if you assigned the correct site on each subnet in sites and services and you still experience slow logon , the issue might either be :
- Slow link
- Resource heavy logon scripts
- drives mapped that can not be re connected at logon.
- Heavy GPO's ....
Causes can be many but the main reasons would be the connection between the client the logon server.