Announcement

Collapse
No announcement yet.

User being authenticated by DC in a different site?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User being authenticated by DC in a different site?

    I am trying to resolve an issue with a client of mine who is having authentication issues.

    We host a DC of theirs and they have a DC locally (in a seperate site) but recently they lost their internet connection and VPN to their hosted DC and it took users up to an hour to login?

    Their internet connection is now restored but if I look at their client machines some are being authenticated by the local DC and some by the hosted DC. This means that when the link to their hosted DC was down the users were still trying to authenticate to the hosted DC and didnt use the local DC.

    I was under the impression that each client would query DNS for their nearest DC and authenticate accordingly.

    I have checked everything I can think of and come up with nothing so far.

    All relevant records exist in DNS
    AD replication is working fine
    The users PCs only have one DNS server listed which is the local DC.
    The local PCs all have IP addresses in the subnet assigned to the local site
    Event logs on the Local DC look fine
    All services are running.

    Anyone experienced this before?

    I'm going to do some out of hours testing with a user on site later this week and simulate the loss of internet connection and try logging on and perform some additional diagnostics but would welcome anyones else input?

    Thanks

    Paul
    MCITP:Enterprise Admin,
    MSCE
    MCSA: Messaging

  • #2
    Re: User being authenticated by DC in a different site?

    Hi Pjrouse,
    When you write
    Originally posted by pjrouse View Post
    The local PCs all have IP addresses in the subnet assigned to the local site
    Do you mean site as in physical location or in the sense that you have created a logical site in the Activer Directory Sites and Services tool?

    Checking if both DCs are in the same (logical) site would be my first thing to check here really.
    I don't know anything about (you or your) computers.
    Research/test for yourself when listening to free advice.

    Comment


    • #3
      Re: User being authenticated by DC in a different site?

      In addition to that what Maebe has said,

      Even if all the subnets are mapped correctly clients get authentication from remote DC in case local DC is down.

      Now they do not fall back to local DC instantly even after it's up due to DNS cache. To be sure just reboot one of the clients and see if it start pointing to right DC or not. If it does then all is fine otherwise we might need to drill it down.

      Thanks,
      Kapil Sharma
      ~~~~~~~~~~~~~
      Life is too short, Enjoy It.

      Comment


      • #4
        Re: User being authenticated by DC in a different site?

        The local PCs have IP addresses in the logical subnet attached to their AD site.

        I will reboot all the client PCs and test which server authenticates them.

        Thanks
        MCITP:Enterprise Admin,
        MSCE
        MCSA: Messaging

        Comment

        Working...
        X