No announcement yet.

Clients logging in to overseas DC.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Clients logging in to overseas DC.

    Our location is Sydney, Australia. We are part of a global network. We have two domain controllers at our site (DC01 and DC02) both of which forward to another domain controller located in Singapore for any resolution issues they can't handle themselves. All clients get their IP address by DHCP with the DNS servers set to DC01, DC02, then the ISP's DNS server.

    ... it can take up to 5 minutes (literally, I have timed it) to log in.

    The username/password authenticates to AD, their machine lets them get to the desktop pretty quickly, it's just grabbing the GPO's and login scripts which is taking forever. All GPO's and login scripts reside on our local servers, it was the local servers I was connected to when I created them. After the 1-5 minute delay, the window for our login script finally appears and runs through quite quickly but this delay prior to that is causing a lot of headaches.

    I ran ethereal on startup of my own computer, got the same delay. Analysing the traffic I saw a lot of network activity on port 139 going to a domain controller in Hong Kong. DHCP has no reference to this server. It is part of our domain but not a lookup for our DC's either. It is one of many replication partners, that's about the only association I've managed to find. The traffic appeared to be GPO requests, things like "NT Create AndX Request, Path: \<domain>\Policies\{6D960F37-8101-42F8A43E-636B78201C5F}\User\Scripts\Scripts.ini".

    I'm at a loss to explain why all these requests are going to this overseas server or how I can force them to go to our local servers instead. Any assistance would be greatly appreciated.

  • #2
    Re: Clients logging in to overseas DC.

    Of course, not all that long after posting this I realise the answer is staring me in the face. The DNS record for the domain has been changed to our onsite primary DC, the pause is now gone.


    • #3
      Re: Clients logging in to overseas DC.

      Well done on figuring out the problem and thanks for post back with the solution. Hope we see you here again soon.
      Joined: 23rd December 2003
      Departed: 23rd December 2015


      • #4
        Re: Clients logging in to overseas DC.

        Hmm. That's probably just a bypass, not a good solution. Anytime that your find yourself adding/changing DNS records for AD zones, you are probably doing something wrong.

        This problem sounds like you did no proper site/subnet and sitelink config. Any chance of that?