Why are the Remote users authenticating on the main DC and not the RODC that we setup at the remote Site ?

Yeaktom
Yeaktom used Ask the Experts™
on
Good Day All,

We have have three Domain Controllers.
Two of which is on site and one at our remote site.

The main DC replicates to the remote DC Via VPN.
The Replication works fine. The Remote DC is a Read-only DC.

For some reason when the VPN goes down or the Internet Drops the Users cant see the main DC and they cant login nor can they browse shares.
So none of the users at the remote site is authenticating via the RODC and they are only authenticating on the main DC.
This can be a problem if there is an Internet outage.

i Need them to use the RODC for authentication and not the Main DC.
I thought it was the DNS but i could not see anything wrong.

Regards,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Manager
Top Expert 2010
Commented:
Hi Yeaktom,

If the password is cached, the RODC will authenticate the user account locally.

Please refer this article to configure the same:
https://www.faqforge.com/windows-server-2016/configure-credential-caching-read-domain-controller-windows-server-2016/
Distinguished Expert 2017

Commented:
On the remote site, what options does the DHCP server push to the local clients.

I.e. Which name server is being pushed, search domain?
Check sites and services and whether the arrangement is such that the RODC is seen as local to the remote site.
GC on RODC?
Murat ElmasGeneral Manager, Strategic Planning Director

Commented:
Hello,

The RODC is typically used for DNS and LDAP queries.
It is not preferred for user authentication because it normally does not keep the password information on it and cannot save the last login information.
It is better to locate normal DC here and protect it from unauthorized access.

Regards
Distinguished Expert 2017

Commented:
lDAP query is part of the authentication process. The reason to deploy a RODC is to limit offsite corruption.
if one has a writeable.
RODC sends up changes to the "closest" writable DC
It should receive the auth and have some answers.

Are the request at HQ come from the individual workstations, or are they coming from the RODC working as a proxy?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial